nginx中使用waf防火墙

Posted 2020-09-19 T

1.安装依赖

yum install -y readline-devel ncurses-devel

 

2.安装Lua

# tar xf lua-5.1.5.tar.gz
# cd lua-5.1.5
# make linux   
# make install

 

3.安装LuaJIT

# wget http://luajit.org/download/LuaJIT-2.0.4.tar.gz
# tar xf LuaJIT-2.0.4.tar.gz
# cd LuaJIT-2.0.4
# make && make install

 

4.安装两个插件

# wget https://codeload.github.com/simpl/ngx_devel_kit/zip/master
# unzip ngx_devel_kit-master.zip
# cp -r ngx_devel_kit-master /usr/local/
# wget https://github.com/openresty/lua-nginx-module#readme
# unzip lua-nginx-module-master.zip
# cp -r lua-nginx-module-master /usr/local/

 

5.给已经安装过的nginx打补丁，没装过就直接装，方法一样

# export LUAJIT_LIB=/usr/local/lib
# export LUAJIT_INC=/usr/local/include/luajit-2.0

如果已经安装过nginx，就需要检查nginx的编译参数；如果没有装过，就不需要检查。
# /usr/local/nginx/sbin/nginx -V

打补丁时需要带上这些参数，剩余的--add-module就是新加的模块
./configure --prefix=/usr/local/nginx-1.4.7 
--with-http_stub_status_module \
--with-http_ssl_module \
--add-module=/usr/local/ngx_devel_kit-0.2.19 \
--add-module=/usr/local/lua-nginx-module-0.9.6 \
--with-ld-opt="-Wl,-rpath,$LUAJIT_LIB"

# make -j2
# make install

ln -s /usr/local/lib/libluajit-5.1.so.2.0.3 /lib64/libluajit-5.1.so.2

 

6.配置nginx

lua_shared_dict limit 50m;
lua_package_path "/jboss/nginx-1.4.7/conf/waf/?.lua";
init_by_lua_file "/jboss/nginx-1.4.7/conf/waf/init.lua";
access_by_lua_file "/jboss/nginx-1.4.7/conf/waf/access.lua";

 

7.重载nginx即可