I want to do an anti-replay attack. During the environment construction process, I found that the nginx+lua environment is not very easy to build. Of course, it is also possible to use the packaged openresty directly. However, for some customized libraries, you can compile and use whatever you need. It is still more convenient. This article does not introduce the design and implementation of anti-replay attacks. It only builds the nginx+lua+redis environment and implements a demon that connects to redis through the web. On this basis, you only need to develop lua yourself

Nginx and redis versions after the environment is set up

system environment

cat /etc/centos-release

build steps

Configure server DNS

echo "nameserver 114.114.114.114" >> /etc/resolv.conf

Install ntpdate to synchronize the system time

yum install ntpdate -y

ntpdate ntp.aliyun.com

timedatectl set-timezone Asia/Shanghai

Install network tools, compilation tools and dependent libraries

yum install -y wget net-tools gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y

Create a package download directory, nginx and redis installation directory

mkdir -p /root/dev_env /usr/cloudland/nginx /usr/cloudland/redis

export NGINX_INSTALL_PATH=/usr/cloudland/nginx
export REDIS_INSTALL_PATH=/usr/cloudland/redis

Download configuration install lua interpreter LuaJIT

cd /root/dev_env
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar xzvf LuaJIT-2.0.4.tar.gz 
cd LuaJIT-2.0.4
make install PREFIX=$NGINX_INSTALL_PATH/luajit 
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
cd -

Pay attention to the above two export commands, configure the environment variables of the lua interpreter, and solve the problem of "cannot find LuaJIT there"

Download nginx NDK (ngx_devel_kit) extension module

wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar -xzvf v0.3.0.tar.gz

Download lua-nginx-module

wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
tar -xzvf v0.10.9rc7.tar.gz

Download and install the lua-resty-http module (lua library, some libraries that implement http functions)

wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
tar -zxvf v0.16.1.tar.gz
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/

Note that NGINX_INSTALL_PATH can be replaced with your own nginx installation path. The above two cp commands are to solve the problem that resty-http cannot find

Download and install the lua-resty-redis module (lua library, some libraries for operating redis functions)

wget https://github.com/openresty/lua-resty-redis/archive/refs/tags/v0.29.tar.gz
tar -zxvf v0.29.tar.gz
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/share/lua/5.1/

Note that NGINX_INSTALL_PATH can be replaced with your own nginx installation path. The above two cp commands solve the problem that resty-redis cannot find

Download configuration and install nginx

wget https://nginx.org/download/nginx-1.20.1.tar.gz
tar -xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=$NGINX_INSTALL_PATH  --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0
make -j32
make install

Load the luajia related library

echo "$NGINX_INSTALL_PATH/luajit/lib" >> /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig

Note that NGINX_INSTALL_PATH is replaced by your own nginx installation directory

Download and install redis

wget http://download.redis.io/releases/redis-7.0.12.tar.gz
tar -zxvf redis-7.0.12.tar.gz
cd redis-7.0.12
make -j32
make install PREFIX=$REDIS_INSTALL_PATH
mkdir -p $REDIS_INSTALL_PATH/conf
cp redis.conf $REDIS_INSTALL_PATH/conf

Note that REDIS_INSTALL_PATH is your own redis installation directory

start redis

/usr/cloudland/redis/bin/redis-server /usr/cloudland/redis/conf/redis.conf &

Configure to start nginx

Configure nginx.conf to specify the path of the lua library

lua_package_path "/usr/cloudland/nginx/luajit/lib/lua/?.lua;;";

    server {
        listen       9080;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        location /lua/check {
            default_type 'text/plain';
            content_by_lua_file conf/lua/check.lua;

        }

Simply write a lua test script check.lua, put it in the nginx installation directory conf/lua, pay attention to the same content_by_lua_file parameter in nginx.conf

Contents of check.lua

local redis = require "resty.redis"
local cache = redis.new()

local ok, err = cache.connect(cache, '127.0.0.1', '6379')

if not ok then
   ngx.log(ngx.ERR, "failed to connect redis: ", err)
   ngx.exit(ngx.HTTP_SERVICE_UNAVAILABLE)
end

start nginx

/usr/cloudland/nginx/sbin/nginx -c /usr/cloudland/nginx/conf/nginx.conf

environmental test

curl -I "http://localhost:9080/lua/check"

curl returns 200 OK, and returns 500 after killing the redis-server, indicating that the connection to redis through nginx+lua is successful.

Environment build script

Some libraries are slower to download, just execute it a few times

#!/bin/sh

NGINX_INSTALL_PATH=/usr/cloudland/nginx
REDIS_INSTALL_PATH=/usr/cloudland/redis

SCRIPT_PATH=$(dirname $(readlink -f "$0"))

DEP_DOWLOAD_PATH=$SCRIPT_PATH/dev_env

echo "nameserver 114.114.114.114" >> /etc/resolv.conf

yum install wget ntpdate -y

yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y

ntpdate ntp.aliyun.com

timedatectl set-timezone Asia/Shanghai

if [ ! -d $DEP_DOWLOAD_PATH ]; then
    mkdir -p $DEP_DOWLOAD_PATH
fi

cd $DEP_DOWLOAD_PATH




# LuaJIT
if [ ! -f LuaJIT-2.0.4.tar.gz ]; then
    wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
fi
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=$NGINX_INSTALL_PATH/luajit
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
cd $DEP_DOWLOAD_PATH

#ngx_devel_kit
if [ ! -f v0.3.0.tar.gz ]; then
    wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
fi
tar -xzvf v0.3.0.tar.gz


#lua-nginx-module
if [ ! -f v0.10.9rc7.tar.gz ]; then
    wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
fi
tar -xzvf v0.10.9rc7.tar.gz


#lua-resty-http
if [ ! -f v0.16.1.tar.gz ]; then
    wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
fi
tar -zxvf v0.16.1.tar.gz
\cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
\cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/


if [ ! -f v0.29.tar.gz ]; then
    wget https://github.com/openresty/lua-resty-redis/archive/refs/tags/v0.29.tar.gz
fi

tar -zxvf v0.29.tar.gz
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/share/lua/5.1/

# nginx
if [ ! -f nginx-1.20.1.tar.gz ]; then
    wget https://nginx.org/download/nginx-1.20.1.tar.gz
fi
tar -xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=$NGINX_INSTALL_PATH  --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0
make -j32
make install

echo "$NGINX_INSTALL_PATH/luajit/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig

cd $DEP_DOWLOAD_PATH


if [ ! -f redis-7.0.12.tar.gz ]; then
    wget http://download.redis.io/releases/redis-7.0.12.tar.gz
fi

tar -zxvf redis-7.0.12.tar.gz
cd redis-7.0.12
make -j32
make install PREFIX=/usr/cloudland/redis/

if [ ! -d $REDIS_INSTALL_PATH/conf ]; then
    mkdir $REDIS_INSTALL_PATH/conf
fi

\cp redis.conf $REDIS_INSTALL_PATH/conf

nginx+lua+redis environment construction (script at the end of the article)

demand background