部署LuaJIT WEB应用防火墙

本次测试使用 Ubuntu 16.04

安装依赖包

$ apt install -y make gcc libssl-dev g++

安装LuaJIT

$ wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
$ tar -zxvf LuaJIT-2.0.5.tar.gz
$ cd LuaJIT-2.0.5
$ make 
$ make install PREFIX=/usr/local/LuaJIT
$ export LUAJIT_LIB=/usr/local/LuaJIT/lib
$ export LUAJIT_INC=/usr/local/LuaJIT/include/luajit-2.0
$ mkdir /opt/download
$ cd /opt/download
$ wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
$ wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
$ tar -zxvf v0.3.0.tar.gz
$ tar -zxvf v0.10.9rc7.tar.gz

安装Nginx

$ wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz
$ tar zxf pcre-8.40.tar.gz
$ wget https://www.openssl.org/source/openssl-1.0.2r.tar.gz
$ tar zxf openssl-1.0.2r.tar.gz
$ wget http://nginx.org/download/nginx-1.16.0.tar.gz
$ tar zxf nginx-1.16.0.tar.gz
$ cd nginx-1.16.0
$ ./configure \
--prefix=/usr/local/nginx \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-ipv6 \
--with-http_sub_module \
--with-openssl=/opt/download/openssl-1.0.2r \
--add-module=/opt/download/ngx_devel_kit-0.3.0 \
--add-module=/opt/download/lua-nginx-module-0.10.9rc7 \
--with-pcre=/opt/download/pcre-8.40
$ make && make install 

加载lua库，加入到ld.so.conf文件

$ echo "/usr/local/LuaJIT/lib" >> /etc/ld.so.conf
$ ldconfig

搭建ngx_lua_waf构建web应用防火墙：

1、进入nginx的安装路径：cd /usr/local/nginx/conf

2、下载ngx_lua_waf ：

$ git clone https://github.com/loveshell/ngx_lua_waf.git

3、将解压后的ngx_lua_waf文件夹重命名为waf

$ mv ngx_lua_waf/ waf

4、配置config.lua里的waf规则

$ vim /usr/local/nginx/conf/waf/config.lua

修改：RulePath = "/usr/local/nginx/conf/waf/wafconf/"（本机的安装目录）

5、在nginx_conf 的 http段添加

lua_package_path "/usr/local/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file  /usr/local/nginx/conf/waf/init.lua; 
access_by_lua_file /usr/local/nginx/conf/waf/waf.lua;

6、启动nginx

$ /usr/local/nginx/sbin/nginx

---

作者：私念人生
来源：CSDN
原文：https://blog.csdn.net/qq_35999386/article/details/80564605
版权声明：本文为博主原创文章，转载请附上博文链接！