准备

centos 6
tengine2.2.0(尽量用最新版本)
LuaJIT 2.1.0-beta2

2

2.1依赖安装

yum install zlib zlib-devel openssl openssl-devel pcre pcre-devel libxslt-devel gd-devel geoip-devel

2.2编译安装LuaJIT

wget http://luajit.org/download/LuaJIT-2.1.0-beta2.tar.gz
tar -xvf LuaJIT-2.1.0-beta2.tar.gz
cd LuaJIT-2.1.0-beta2
make
make install PREFIX=/opt/luajit/
ln -s /opt/luajit/bin/luajit-2.1.0-beta2 /usr/bin/luajit
安装好后LUAJIT_LIB和LUAJIT_INC的路径是：
库文件 LUAJIT_LIB=/opt/luajit/lib
头文件 LUAJIT_INC=/opt/luajit/include/luajit-2.1
这两个路径编译tengine时要用到。

2.3 安装jemalloc

wget http://www.canonware.com/download/jemalloc/jemalloc-3.6.0.tar.bz2
tar -xvf jemalloc-3.6.0.tar.bz2
cd jemalloc-3.6.0
./configure
make && make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
ldconfig

2.4编译安装tengine

useradd -s /sbin/nologin nginx
mkdir -pv /data/ngx_temp
chown nginx /data/ngx_temp/ -R
wget http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
tar -xvf tengine-2.2.0.tar.gz
cd tengine-2.2.0
./configure --prefix=/opt/nginx --with-http_gzip_static_module --with-http_realip_module --with-http_concat_module --with-http_lua_module --with-luajit-lib=/opt/luajit/lib/ --with-luajit-inc=/opt/luajit/include/luajit-2.1/ --with-ld-opt=-Wl,-rpath,/opt/luajit/lib --with-jemalloc=/usr/local/src/jemalloc-3.6.0 --user=nginx --group=nginx
make -j 8
make install
测试：
nginx.conf添加：
dso { load ngx_http_fastcgi_module.so; load ngx_http_rewrite_module.so; load ngx_http_lua_module.so; } location /lua { default_type 'text/plain'; content_by_lua 'ngx.say("hello, lua")'; }
启动nginx，访问curl localhost:8080/lua，返回hello, lua，测试成功。

3 配置ngx_lua_waf

cd /opt/nginx/conf/
git clone https://github.com/loveshell/ngx_lua_waf
mv ngx_lua_waf/ waf
在nginx.conf的http段添加:
lua_package_path "/opt/nginx/conf/waf/?.lua"; lua_shared_dict limit 10m; init_by_lua_file /opt/nginx/conf/waf/init.lua; access_by_lua_file /opt/nginx/conf/waf/waf.lua;
编辑/opt/nginx/conf/waf/config.lua
RulePath = "/opt/nginx/conf/waf/wafconf/" attacklog = "on" logdir = "/data/logs/nginx/hack/"
绝对路径如有变动，需对应修改

测试：

https://github.com/loveshell/ngx_lua_waf
https://github.com/starjun/openstar

基于Nginx的WAF实现

准备

2

2.1依赖安装

2.2编译安装LuaJIT

2.3 安装jemalloc

2.4编译安装tengine

3 配置ngx_lua_waf

你可能感兴趣的:(基于Nginx的WAF实现)