nginx重新编译安装lua-nginx-module 搭建web应用防火墙

天乐博客•2017-01-20•未分类• 2727

安装lua-nginx-module

cd /root
wget -c http://luajit.org/download/LuaJIT-2.1.0-beta2.tar.gz
tar zxf LuaJIT-2.1.0-beta2.tar.gz
cd LuaJIT-2.1.0-beta2
make
make install PREFIX=/usr/local/luajit
cd ..

wget -c https://github.com/openresty/lua-nginx-module/archive/v0.10.5.tar.gz
tar zxf v0.10.5.tar.gz
mv lua-nginx-module-0.10.5 /usr/local

wget -c https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar zxf v0.3.0.tar.gz
mv ngx_devel_kit-0.3.0 /usr/local

export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.1

cat > /etc/ld.so.conf.d/luajit.conf<<EOF
/usr/local/luajit/lib
EOF

ldconfig

查看nginx都编译了那些模块

-bash-4.1# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
built with OpenSSL 1.0.2e 3 Dec 2015
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www
--with-http_ssl_module --with-http_gzip_static_module --without-mail_pop3_module --without-mail_imap_module
--without-mail_smtp_module --with-mail --with-mail_ssl_module --without-http_uwsgi_module
--without-http_scgi_module --with-ipv6 --with-http_v2_module
--with-openssl=/usr/local/src/openssl-1.0.2e --add-module=/usr/local/src/ngx_cache_purge-2.3
--add-module=/usr/local/src/echo-nginx-module-0.58
--add-module=/usr/local/src/ngx_http_substitutions_filter_module-0.6.4

下载同版本nginx , 进入安装目录 , 添加如下信息重新./configure,make编译，不用make install。千万要注意：到这里就可以了，千万不要make install，不然文件就会被覆盖了。

--with-ld-opt="-Wl,-rpath,/usr/local/luajit/lib"
--add-module=/usr/local/lua-nginx-module-0.10.5
--add-module=/usr/local/ngx_devel_kit-0.3.0

以下为完整信息

-bash-4.1# ./configure --prefix=/usr/local/nginx --user=www --group=www
--with-ld-opt="-Wl,-rpath,/usr/local/luajit/lib"
--add-module=/usr/local/lua-nginx-module-0.10.5
--add-module=/usr/local/ngx_devel_kit-0.3.0
--with-http_ssl_module --with-http_gzip_static_module --without-mail_pop3_module --without-mail_imap_module
--without-mail_smtp_module --with-mail --with-mail_ssl_module --without-http_uwsgi_module
--without-http_scgi_module --with-ipv6 --with-http_v2_module
--with-openssl=/usr/local/src/openssl-1.0.2e --add-module=/usr/local/src/ngx_cache_purge-2.3
--add-module=/usr/local/src/echo-nginx-module-0.58
--add-module=/usr/local/src/ngx_http_substitutions_filter_module-0.6.4
-bash-4.1# make

需要替换新编译的nginx二进制文件,先备份一下原来的启动脚本。

-bash-4.1# cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

杀死nginx进程进行二进制文件的替换

-bash-4.1# killall nginx
-bash-4.1# killall nginx
nginx: no process killed
-bash-4.1# cp ./objs/nginx /usr/local/nginx/sbin/
cp: overwrite `/usr/local/nginx/sbin/nginx'? yes

启动nginx , 查看模块添加是否成功

-bash-4.1# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
built with OpenSSL 1.0.2e 3 Dec 2015
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www
--with-ld-opt=-Wl,-rpath,/usr/local/luajit/lib
--add-module=/usr/local/lua-nginx-module-0.10.5
--add-module=/usr/local/ngx_devel_kit-0.3.0
--with-http_ssl_module --with-http_gzip_static_module
--without-mail_pop3_module --without-mail_imap_module
--without-mail_smtp_module --with-mail --with-mail_ssl_module
--without-http_uwsgi_module --without-http_scgi_module
--with-ipv6 --with-http_v2_module --with-openssl=/usr/local/src/openssl-1.0.2e
--add-module=/usr/local/src/ngx_cache_purge-2.3
--add-module=/usr/local/src/echo-nginx-module-0.58
--add-module=/usr/local/src/ngx_http_substitutions_filter_module-0.6.4

建立waf日志存放目录

mkdir -p /home/logs/waf
chown -R www:www /home/logs/waf
chmod -R 755 /home/logs/waf

安装ngx_lua_waf

https://github.com/loveshell/ngx_lua_waf