阿里云服务器 ECS Linux 下 Tengine 结合 lua 防御 cc 攻击
先安装基础环境
1>>>
yum install gcc-c++
//tengine源于nginx,nginx源码编译依赖gcc环境
2>>>
yum install -y pcre pcre-devel
//tengine需要此库
3>>>
yum install -y zlib zlib-devel
//zlib库提供很多种压缩解压缩方式
4>>>
yum install -y openssl openssl-devel
//安全套接字层密码库 https
下载luajit
wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
解压安装
tar zxvf LuaJIT-2.0.5.tar.gz
cd LuaJIT-2.0.5
make
make install PREFIX=/usr/local/luajit
出现===Successfully installed LuaJIT2.0.5 to /usr/local/luajit===表示lua安装成功
停止nginx
/opt/nginx/sbin/nginx -s stop
备份nginx文件夹
mv nginx nginxbak
下载tengine最新版
wget -c http://tengine.taobao.org/download/tengine-2.3.1.tar.gz
解压
tar -zxvf tengine-2.3.1.tar.gz
进入目录
cd tengine-2.3.1
自定义配置
./configure \
--prefix=/opt/nginx
--with-http_lua_module
--with-luajit-lib=/usr/local/luajit/lib/
--with-luajit-inc=/usr/local/luajit/include/luajit-2.0/
--with-ld-opt=-Wl,-rpath,/usr/local/luajit/lib
编译安装
make && make install
wget https://github.com/loveshell/ngx_lua_waf/archive/master.zip
解压缩
unzip master.zip
移动解压后的文件到nginx/conf下
mv ngx_lua_waf-master /opt/nginx/conf/
进入conf目录重命名文件夹ngx_lua_waf-master为waf
cd /opt/nginx/conf/
mv ngx_lua_waf-master waf
修改/opt/nginx/conf/waf下的config.lua适应当前nginx环境
cd waf
vi config.lua
RulePath = "/opt/nginx/conf/waf/wafconf/"
attacklog = "on"
logdir = "/opt/nginx/logs/waf"
:w
:q
在 nginx.conf 的 http 段里边添加
lua_package_path "/opt/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /opt/nginx/conf/waf/init.lua;
access_by_lua_file /opt/nginx/conf/waf/waf.lua;
启动tengine
nginx -t
nginx -s reload
查看80端口是否开启
netstat -tunlp
curl测试一下,看看页面
curl http://127.0.0.1/.svn
浏览器中打开看一下,记得阿里云安全组打开80端口
任务完成
赵万事 20190715
ok