Table of contents
Nginx and redis versions after the environment is set up
Install ntpdate to synchronize the system time
Install network tools, compilation tools and dependent libraries
Create a package download directory, nginx and redis installation directory
Download configuration install lua interpreter LuaJIT
Download nginx NDK (ngx_devel_kit) extension module
Download configuration and install nginx
Load the luajia related library
demand background
I want to do an anti-replay attack. During the environment construction process, I found that the nginx+lua environment is not very easy to build. Of course, it is also possible to use the packaged openresty directly. However, for some customized libraries, you can compile and use whatever you need. It is still more convenient. This article does not introduce the design and implementation of anti-replay attacks. It only builds the nginx+lua+redis environment and implements a demon that connects to redis through the web. On this basis, you only need to develop lua yourself
Nginx and redis versions after the environment is set up
system environment
cat /etc/centos-release
build steps
Configure server DNS
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
Install ntpdate to synchronize the system time
yum install ntpdate -y
ntpdate ntp.aliyun.com
timedatectl set-timezone Asia/Shanghai
Install network tools, compilation tools and dependent libraries
yum install -y wget net-tools gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
Create a package download directory, nginx and redis installation directory
mkdir -p /root/dev_env /usr/cloudland/nginx /usr/cloudland/redis
export NGINX_INSTALL_PATH=/usr/cloudland/nginx
export REDIS_INSTALL_PATH=/usr/cloudland/redis
Download configuration install lua interpreter LuaJIT
cd /root/dev_env
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=$NGINX_INSTALL_PATH/luajit
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
cd -
Pay attention to the above two export commands, configure the environment variables of the lua interpreter, and solve the problem of "cannot find LuaJIT there"
Download nginx NDK (ngx_devel_kit) extension module
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar -xzvf v0.3.0.tar.gz
Download lua-nginx-module
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
tar -xzvf v0.10.9rc7.tar.gz
Download and install the lua-resty-http module (lua library, some libraries that implement http functions)
wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
tar -zxvf v0.16.1.tar.gz
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
Note that NGINX_INSTALL_PATH can be replaced with your own nginx installation path. The above two cp commands are to solve the problem that resty-http cannot find
Download and install the lua-resty-redis module (lua library, some libraries for operating redis functions)
wget https://github.com/openresty/lua-resty-redis/archive/refs/tags/v0.29.tar.gz
tar -zxvf v0.29.tar.gz
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
Note that NGINX_INSTALL_PATH can be replaced with your own nginx installation path. The above two cp commands solve the problem that resty-redis cannot find
Download configuration and install nginx
wget https://nginx.org/download/nginx-1.20.1.tar.gz
tar -xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=$NGINX_INSTALL_PATH --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0
make -j32
make install
Load the luajia related library
echo "$NGINX_INSTALL_PATH/luajit/lib" >> /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig
Note that NGINX_INSTALL_PATH is replaced by your own nginx installation directory
Download and install redis
wget http://download.redis.io/releases/redis-7.0.12.tar.gz
tar -zxvf redis-7.0.12.tar.gz
cd redis-7.0.12
make -j32
make install PREFIX=$REDIS_INSTALL_PATH
mkdir -p $REDIS_INSTALL_PATH/conf
cp redis.conf $REDIS_INSTALL_PATH/conf
Note that REDIS_INSTALL_PATH is your own redis installation directory
start redis
/usr/cloudland/redis/bin/redis-server /usr/cloudland/redis/conf/redis.conf &
Configure to start nginx
Configure nginx.conf to specify the path of the lua library
lua_package_path "/usr/cloudland/nginx/luajit/lib/lua/?.lua;;";
server {
listen 9080;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /lua/check {
default_type 'text/plain';
content_by_lua_file conf/lua/check.lua;
}
Simply write a lua test script check.lua, put it in the nginx installation directory conf/lua, pay attention to the same content_by_lua_file parameter in nginx.conf
Contents of check.lua
local redis = require "resty.redis"
local cache = redis.new()
local ok, err = cache.connect(cache, '127.0.0.1', '6379')
if not ok then
ngx.log(ngx.ERR, "failed to connect redis: ", err)
ngx.exit(ngx.HTTP_SERVICE_UNAVAILABLE)
end
start nginx
/usr/cloudland/nginx/sbin/nginx -c /usr/cloudland/nginx/conf/nginx.conf
environmental test
curl -I "http://localhost:9080/lua/check"
curl returns 200 OK, and returns 500 after killing the redis-server, indicating that the connection to redis through nginx+lua is successful.
Environment build script
Some libraries are slower to download, just execute it a few times
#!/bin/sh
NGINX_INSTALL_PATH=/usr/cloudland/nginx
REDIS_INSTALL_PATH=/usr/cloudland/redis
SCRIPT_PATH=$(dirname $(readlink -f "$0"))
DEP_DOWLOAD_PATH=$SCRIPT_PATH/dev_env
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
yum install wget ntpdate -y
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
ntpdate ntp.aliyun.com
timedatectl set-timezone Asia/Shanghai
if [ ! -d $DEP_DOWLOAD_PATH ]; then
mkdir -p $DEP_DOWLOAD_PATH
fi
cd $DEP_DOWLOAD_PATH
# LuaJIT
if [ ! -f LuaJIT-2.0.4.tar.gz ]; then
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
fi
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=$NGINX_INSTALL_PATH/luajit
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
cd $DEP_DOWLOAD_PATH
#ngx_devel_kit
if [ ! -f v0.3.0.tar.gz ]; then
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
fi
tar -xzvf v0.3.0.tar.gz
#lua-nginx-module
if [ ! -f v0.10.9rc7.tar.gz ]; then
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
fi
tar -xzvf v0.10.9rc7.tar.gz
#lua-resty-http
if [ ! -f v0.16.1.tar.gz ]; then
wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
fi
tar -zxvf v0.16.1.tar.gz
\cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
\cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
if [ ! -f v0.29.tar.gz ]; then
wget https://github.com/openresty/lua-resty-redis/archive/refs/tags/v0.29.tar.gz
fi
tar -zxvf v0.29.tar.gz
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
\cp -r lua-resty-redis-0.29/lib/resty $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
# nginx
if [ ! -f nginx-1.20.1.tar.gz ]; then
wget https://nginx.org/download/nginx-1.20.1.tar.gz
fi
tar -xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=$NGINX_INSTALL_PATH --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0
make -j32
make install
echo "$NGINX_INSTALL_PATH/luajit/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig
cd $DEP_DOWLOAD_PATH
if [ ! -f redis-7.0.12.tar.gz ]; then
wget http://download.redis.io/releases/redis-7.0.12.tar.gz
fi
tar -zxvf redis-7.0.12.tar.gz
cd redis-7.0.12
make -j32
make install PREFIX=/usr/cloudland/redis/
if [ ! -d $REDIS_INSTALL_PATH/conf ]; then
mkdir $REDIS_INSTALL_PATH/conf
fi
\cp redis.conf $REDIS_INSTALL_PATH/conf