Ngx_lua_waf is a web application firewall based 上 lua-nginx模块.
- 防止SQL注入,本地包含,部分溢出,模糊测试,xss,SSRF和其他Web攻击
- 防止文件泄漏,例如svn /备份
- 防止来自压力测试工具(例如ApacheBench)的攻击
- 阻止常见的扫描黑客工具,扫描仪
- 阻止异常的网络请求
- 阻止图像附件类目录php执行权限
- 阻止Webshell上传
Lua是一种脚本语言。具体来说,它是一种功能全面的多范式语言,具有类似于JavaScript或Scheme的简单语法和语义。 Nginx + Lua是包含脚本语言Lua的独立Web服务器。可以直接在Nginx内编写功能强大的应用程序,而无需使用cgi,fastcgi或uwsgi。通过向现有的Nginx配置文件中添加少量Lua代码,可以轻松添加小功能。 lua-nginx模块 是一个nginx模块,它可以使用Lua在nginx中直接处理http请求。
前提条件
CentOS 7,更新并安装一些依赖项
yum -y更新&& yum -y upgrade && yum -y安装git && yum -y install zlib-devel && yum -y install gcc && yum -y install gcc+
从源安装
它也很容易安装。坦率地说,将两个模块:ngx_devel_kit和lua-nginx-module添加到nginx,然后修改nginx配置以运行ngx_lua_waf。
注意: //github.com/unixhot/waf
2 创建一个Nginx运行用户
1 获取依赖项:Nginx和PCRE
[[电子邮件 protected] src]# wget ‘http://nginx.org/download/nginx-1.12.1.tar.gz’
[[电子邮件 protected] src]# wget //nchc.dl.sourceforge.net/project/pcre/pcre/8.41/pcre-8.41.tar.gz
[[电子邮件 protected] src]# wget ‘http://nginx.org/download/nginx-1.12.1.tar.gz’
[[电子邮件 protected] src]# wget //nchc.dl.sourceforge.net/project/pcre/pcre/8.41/pcre-8.41.tar.gz
[[电子邮件 protected] ~]# cd /usr/local/src [[电子邮件 protected] src]# [[电子邮件 protected] src]# wget 'http://nginx.org/download/nginx-1.12.1.tar.gz' --2020-06-21 02:30:26-- http://nginx.org/download/nginx-1.12.1.tar.gz Resolving nginx.org (nginx.org)... 95.211.80.227, 62.210.92.35, 2001:1af8:4060:a004:21::e3 Connecting to nginx.org (nginx.org)|95.211.80.227|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 981093 (958K) [application/octet-stream] Saving 至: ‘nginx-1.12.1.tar.gz’ 100%[========================================================================================================================================>] 981,093 1.16MB/s in 0.8s 2020-06-21 02:30:27 (1.16 MB/s) - ‘nginx-1.12.1.tar.gz’ saved [981093/981093] [[电子邮件 protected] src]# wget //nchc.dl.sourceforge.net/project/pcre/pcre/8.41/pcre-8.41.tar.gz --2020-06-21 02:30:41-- //nchc.dl.sourceforge.net/project/pcre/pcre/8.41/pcre-8.41.tar.gz Resolving nchc.dl.sourceforge.net (nchc.dl.sourceforge.net)... 140.110.96.69, 2001:e10:ffff:1f02::17 Connecting to nchc.dl.sourceforge.net (nchc.dl.sourceforge.net)|140.110.96.69|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2068775 (2.0M) [application/x-gzip] Saving 至: ‘pcre-8.41.tar.gz’ 100%[========================================================================================================================================>] 2,068,775 740KB/s in 2.7s 2020-06-21 02:30:45 (740 KB/s) - ‘pcre-8.41.tar.gz’ saved [2068775/2068775]
1 还要下载最新的Luajit和ngx_devel_kit(NDK) lua-nginx-module
wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
wget //github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
wget //github.com/chaoslawful/lua-nginx-module/archive/v0.10.10.zip
[[电子邮件 protected] src]# wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
--2020-06-21 02:30:48-- http://luajit.org/download/LuaJIT-2.0.5.tar.gz
Resolving luajit.org (luajit.org)... 163.172.177.144
Connecting to luajit.org (luajit.org)|163.172.177.144|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 849845 (830K) [application/octet-stream]
Saving 至: ‘LuaJIT-2.0.5.tar.gz’
100%[========================================================================================================================================>] 849,845 1.72MB/s in 0.5s
2020-06-21 02:30:49 (1.72 MB/s) - ‘LuaJIT-2.0.5.tar.gz’ saved [849845/849845]
[[电子邮件 protected] src]# wget //github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
--2020-06-21 02:30:54-- //github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
Resolving github.com (github.com)... 140.82.112.3
Connecting to github.com (github.com)|140.82.112.3|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: //github.com/vision5/ngx_devel_kit/archive/v0.3.0.tar.gz [following]
--2020-06-21 02:30:54-- //github.com/vision5/ngx_devel_kit/archive/v0.3.0.tar.gz
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 302 Found
Location: //codeload.github.com/vision5/ngx_devel_kit/tar.gz/v0.3.0 [following]
--2020-06-21 02:30:54-- //codeload.github.com/vision5/ngx_devel_kit/tar.gz/v0.3.0
Resolving codeload.github.com (codeload.github.com)... 140.82.114.9
Connecting to codeload.github.com (codeload.github.com)|140.82.114.9|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Saving 至: ‘v0.3.0.tar.gz’
[ <=> ] 66,455 --.-K/s in 0.1s
2020-06-21 02:30:55 (580 KB/s) - ‘v0.3.0.tar.gz’ saved [66455]
[[电子邮件 protected] src]# wget //github.com/chaoslawful/lua-nginx-module/archive/v0.10.10.zip
--2020-06-21 02:31:03-- //github.com/chaoslawful/lua-nginx-module/archive/v0.10.10.zip
Resolving github.com (github.com)... 140.82.114.4
Connecting to github.com (github.com)|140.82.114.4|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: //github.com/openresty/lua-nginx-module/archive/v0.10.10.zip [following]
--2020-06-21 02:31:03-- //github.com/openresty/lua-nginx-module/archive/v0.10.10.zip
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 302 Found
Location: //codeload.github.com/openresty/lua-nginx-module/zip/v0.10.10 [following]
--2020-06-21 02:31:03-- //codeload.github.com/openresty/lua-nginx-module/zip/v0.10.10
Resolving codeload.github.com (codeload.github.com)... 140.82.114.9
Connecting to codeload.github.com (codeload.github.com)|140.82.114.9|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving 至: ‘v0.10.10.zip’
[ <=> ] 793,438 --.-K/s in 0.08s
2020-06-21 02:31:03 (9.79 MB/s) - ‘v0.10.10.zip’ saved [793438]
FINISHED --2020-06-21 02:31:03--
Total wall clock time: 0.7s
Downloaded: 1 files, 775K in 0.08s (9.79 MB/s)
2 创建一个Nginx运行用户
[[电子邮件 protected] src]# useradd -s /sbin/nologin -M www
3 Unzip NDK / lua-nginx模块 / Luajit并编译Luajit
解压缩模块:
v0.3.0.tar.gz是ngx_devel_kit-0.3.0
v0.10.10.zip is lua-nginx模块-0.10.10
LuaJIT-2.0.5.tar.gz是LuaJIT源文件
不幸的是,如果缺少GCC,则进行make install LuaJIT安装时它将失败。
4 重新加载NGINX 加启用模块:
$ nginx -t && nginx -s重新加载
[[电子邮件 protected] src]# tar zxvf v0.3.0.tar.gz ngx_devel_kit-0.3.0/ ngx_devel_kit-0.3.0/.gitignore ngx_devel_kit-0.3.0/LICENSE ngx_devel_kit-0.3.0/README.md ngx_devel_kit-0.3.0/README_AUTO_LIB ngx_devel_kit-0.3.0/TODO ngx_devel_kit-0.3.0/auto/ ngx_devel_kit-0.3.0/auto/actions/ ngx_devel_kit-0.3.0/auto/actions/array ngx_devel_kit-0.3.0/auto/actions/palloc ngx_devel_kit-0.3.0/auto/build ngx_devel_kit-0.3.0/auto/data/ ngx_devel_kit-0.3.0/auto/data/action_replacements ngx_devel_kit-0.3.0/auto/data/action_types ngx_devel_kit-0.3.0/auto/data/conf_args ngx_devel_kit-0.3.0/auto/data/conf_locs ngx_devel_kit-0.3.0/auto/data/conf_macros ngx_devel_kit-0.3.0/auto/data/contexts ngx_devel_kit-0.3.0/auto/data/header_files ngx_devel_kit-0.3.0/auto/data/headers ngx_devel_kit-0.3.0/auto/data/module_dependencies ngx_devel_kit-0.3.0/auto/data/modules_optional ngx_devel_kit-0.3.0/auto/data/prefixes ngx_devel_kit-0.3.0/auto/src/ ngx_devel_kit-0.3.0/auto/src/array.h ngx_devel_kit-0.3.0/auto/src/conf_cmd_basic.h ngx_devel_kit-0.3.0/auto/src/conf_merge.h ngx_devel_kit-0.3.0/auto/src/palloc.h ngx_devel_kit-0.3.0/auto/text/ ngx_devel_kit-0.3.0/auto/text/autogen ngx_devel_kit-0.3.0/config ngx_devel_kit-0.3.0/docs/ ngx_devel_kit-0.3.0/docs/core/ ngx_devel_kit-0.3.0/docs/core/action_macros ngx_devel_kit-0.3.0/docs/core/conf_cmds ngx_devel_kit-0.3.0/docs/modules/ ngx_devel_kit-0.3.0/docs/modules/set_var ngx_devel_kit-0.3.0/docs/patches/ ngx_devel_kit-0.3.0/docs/patches/more_logging_info ngx_devel_kit-0.3.0/docs/upstream/ ngx_devel_kit-0.3.0/docs/upstream/list ngx_devel_kit-0.3.0/examples/ ngx_devel_kit-0.3.0/examples/README ngx_devel_kit-0.3.0/examples/http/ ngx_devel_kit-0.3.0/examples/http/set_var/ ngx_devel_kit-0.3.0/examples/http/set_var/config ngx_devel_kit-0.3.0/examples/http/set_var/ngx_http_set_var_examples_module.c ngx_devel_kit-0.3.0/ngx_auto_lib_core ngx_devel_kit-0.3.0/notes/ ngx_devel_kit-0.3.0/notes/CHANGES ngx_devel_kit-0.3.0/notes/LICENSE ngx_devel_kit-0.3.0/objs/ ngx_devel_kit-0.3.0/objs/ndk_array.h ngx_devel_kit-0.3.0/objs/ndk_conf_cmd_basic.h ngx_devel_kit-0.3.0/objs/ndk_conf_cmd_extra.h ngx_devel_kit-0.3.0/objs/ndk_conf_merge.h ngx_devel_kit-0.3.0/objs/ndk_config.c ngx_devel_kit-0.3.0/objs/ndk_config.h ngx_devel_kit-0.3.0/objs/ndk_includes.h ngx_devel_kit-0.3.0/objs/ndk_palloc.h ngx_devel_kit-0.3.0/patches/ ngx_devel_kit-0.3.0/patches/auto_config ngx_devel_kit-0.3.0/patches/expose_rewrite_functions ngx_devel_kit-0.3.0/patches/rewrite_phase_handler ngx_devel_kit-0.3.0/src/ ngx_devel_kit-0.3.0/src/hash/ ngx_devel_kit-0.3.0/src/hash/md5.h ngx_devel_kit-0.3.0/src/hash/murmurhash2.c ngx_devel_kit-0.3.0/src/hash/sha.h ngx_devel_kit-0.3.0/src/ndk.c ngx_devel_kit-0.3.0/src/ndk.h ngx_devel_kit-0.3.0/src/ndk_buf.c ngx_devel_kit-0.3.0/src/ndk_buf.h ngx_devel_kit-0.3.0/src/ndk_complex_path.c ngx_devel_kit-0.3.0/src/ndk_complex_path.h ngx_devel_kit-0.3.0/src/ndk_complex_value.c ngx_devel_kit-0.3.0/src/ndk_complex_value.h ngx_devel_kit-0.3.0/src/ndk_conf_file.c ngx_devel_kit-0.3.0/src/ndk_conf_file.h ngx_devel_kit-0.3.0/src/ndk_debug.c ngx_devel_kit-0.3.0/src/ndk_debug.h ngx_devel_kit-0.3.0/src/ndk_encoding.c ngx_devel_kit-0.3.0/src/ndk_encoding.h ngx_devel_kit-0.3.0/src/ndk_hash.c ngx_devel_kit-0.3.0/src/ndk_hash.h ngx_devel_kit-0.3.0/src/ndk_http.c ngx_devel_kit-0.3.0/src/ndk_http.h ngx_devel_kit-0.3.0/src/ndk_http_headers.h ngx_devel_kit-0.3.0/src/ndk_log.c ngx_devel_kit-0.3.0/src/ndk_log.h ngx_devel_kit-0.3.0/src/ndk_parse.h ngx_devel_kit-0.3.0/src/ndk_path.c ngx_devel_kit-0.3.0/src/ndk_path.h ngx_devel_kit-0.3.0/src/ndk_process.c ngx_devel_kit-0.3.0/src/ndk_process.h ngx_devel_kit-0.3.0/src/ndk_regex.c ngx_devel_kit-0.3.0/src/ndk_regex.h ngx_devel_kit-0.3.0/src/ndk_rewrite.c ngx_devel_kit-0.3.0/src/ndk_rewrite.h ngx_devel_kit-0.3.0/src/ndk_set_var.c ngx_devel_kit-0.3.0/src/ndk_set_var.h ngx_devel_kit-0.3.0/src/ndk_string.c ngx_devel_kit-0.3.0/src/ndk_string.h ngx_devel_kit-0.3.0/src/ndk_string_util.h ngx_devel_kit-0.3.0/src/ndk_upstream_list.c ngx_devel_kit-0.3.0/src/ndk_upstream_list.h ngx_devel_kit-0.3.0/src/ndk_uri.c ngx_devel_kit-0.3.0/src/ndk_uri.h [[电子邮件 protected] src]# unzip -q v0.10.10.zip [[电子邮件 protected] src]# ls LuaJIT-2.0.5.tar.gz lua-nginx模块-0.10.10 nginx-1.12.1.tar.gz ngx_devel_kit-0.3.0 pcre-8.41.tar.gz v0.10.10.zip v0.3.0.tar.gz [[电子邮件 protected] src]# tar zxvf LuaJIT-2.0.5.tar.gz LuaJIT-2.0.5/ LuaJIT-2.0.5/COPYRIGHT LuaJIT-2.0.5/Makefile LuaJIT-2.0.5/README LuaJIT-2.0.5/doc/ LuaJIT-2.0.5/doc/bluequad-print.css LuaJIT-2.0.5/doc/bluequad.css LuaJIT-2.0.5/doc/changes.html LuaJIT-2.0.5/doc/contact.html LuaJIT-2.0.5/doc/ext_c_api.html LuaJIT-2.0.5/doc/ext_ffi.html LuaJIT-2.0.5/doc/ext_ffi_api.html LuaJIT-2.0.5/doc/ext_ffi_semantics.html LuaJIT-2.0.5/doc/ext_ffi_tutorial.html LuaJIT-2.0.5/doc/ext_jit.html LuaJIT-2.0.5/doc/extensions.html LuaJIT-2.0.5/doc/faq.html LuaJIT-2.0.5/doc/img/ LuaJIT-2.0.5/doc/img/contact.png LuaJIT-2.0.5/doc/install.html LuaJIT-2.0.5/doc/luajit.html LuaJIT-2.0.5/doc/running.html LuaJIT-2.0.5/doc/status.html LuaJIT-2.0.5/dynasm/ LuaJIT-2.0.5/dynasm/dasm_arm.h LuaJIT-2.0.5/dynasm/dasm_arm.lua LuaJIT-2.0.5/dynasm/dasm_mips.h LuaJIT-2.0.5/dynasm/dasm_mips.lua LuaJIT-2.0.5/dynasm/dasm_ppc.h LuaJIT-2.0.5/dynasm/dasm_ppc.lua LuaJIT-2.0.5/dynasm/dasm_proto.h LuaJIT-2.0.5/dynasm/dasm_x64.lua LuaJIT-2.0.5/dynasm/dasm_x86.h LuaJIT-2.0.5/dynasm/dasm_x86.lua LuaJIT-2.0.5/dynasm/dynasm.lua LuaJIT-2.0.5/etc/ LuaJIT-2.0.5/etc/luajit.1 LuaJIT-2.0.5/etc/luajit.pc LuaJIT-2.0.5/src/ LuaJIT-2.0.5/src/Makefile LuaJIT-2.0.5/src/Makefile.dep LuaJIT-2.0.5/src/host/ LuaJIT-2.0.5/src/host/README LuaJIT-2.0.5/src/host/buildvm.c LuaJIT-2.0.5/src/host/buildvm.h LuaJIT-2.0.5/src/host/buildvm_asm.c LuaJIT-2.0.5/src/host/buildvm_fold.c LuaJIT-2.0.5/src/host/buildvm_lib.c LuaJIT-2.0.5/src/host/buildvm_peobj.c LuaJIT-2.0.5/src/host/genminilua.lua LuaJIT-2.0.5/src/host/minilua.c LuaJIT-2.0.5/src/jit/ LuaJIT-2.0.5/src/jit/bc.lua LuaJIT-2.0.5/src/jit/bcsave.lua LuaJIT-2.0.5/src/jit/dis_arm.lua LuaJIT-2.0.5/src/jit/dis_mips.lua LuaJIT-2.0.5/src/jit/dis_mipsel.lua LuaJIT-2.0.5/src/jit/dis_ppc.lua LuaJIT-2.0.5/src/jit/dis_x64.lua LuaJIT-2.0.5/src/jit/dis_x86.lua LuaJIT-2.0.5/src/jit/dump.lua LuaJIT-2.0.5/src/jit/v.lua LuaJIT-2.0.5/src/lauxlib.h LuaJIT-2.0.5/src/lib_aux.c LuaJIT-2.0.5/src/lib_base.c LuaJIT-2.0.5/src/lib_bit.c LuaJIT-2.0.5/src/lib_debug.c LuaJIT-2.0.5/src/lib_ffi.c LuaJIT-2.0.5/src/lib_init.c LuaJIT-2.0.5/src/lib_io.c LuaJIT-2.0.5/src/lib_jit.c LuaJIT-2.0.5/src/lib_math.c LuaJIT-2.0.5/src/lib_os.c LuaJIT-2.0.5/src/lib_package.c LuaJIT-2.0.5/src/lib_string.c LuaJIT-2.0.5/src/lib_table.c LuaJIT-2.0.5/src/lj.supp LuaJIT-2.0.5/src/lj_alloc.c LuaJIT-2.0.5/src/lj_alloc.h LuaJIT-2.0.5/src/lj_api.c LuaJIT-2.0.5/src/lj_arch.h LuaJIT-2.0.5/src/lj_asm.c LuaJIT-2.0.5/src/lj_asm.h LuaJIT-2.0.5/src/lj_asm_arm.h LuaJIT-2.0.5/src/lj_asm_mips.h LuaJIT-2.0.5/src/lj_asm_ppc.h LuaJIT-2.0.5/src/lj_asm_x86.h LuaJIT-2.0.5/src/lj_bc.c LuaJIT-2.0.5/src/lj_bc.h LuaJIT-2.0.5/src/lj_bcdump.h LuaJIT-2.0.5/src/lj_bcread.c LuaJIT-2.0.5/src/lj_bcwrite.c LuaJIT-2.0.5/src/lj_carith.c LuaJIT-2.0.5/src/lj_carith.h LuaJIT-2.0.5/src/lj_ccall.c LuaJIT-2.0.5/src/lj_ccall.h LuaJIT-2.0.5/src/lj_ccallback.c LuaJIT-2.0.5/src/lj_ccallback.h LuaJIT-2.0.5/src/lj_cconv.c LuaJIT-2.0.5/src/lj_cconv.h LuaJIT-2.0.5/src/lj_cdata.c LuaJIT-2.0.5/src/lj_cdata.h LuaJIT-2.0.5/src/lj_char.c LuaJIT-2.0.5/src/lj_char.h LuaJIT-2.0.5/src/lj_clib.c LuaJIT-2.0.5/src/lj_clib.h LuaJIT-2.0.5/src/lj_cparse.c LuaJIT-2.0.5/src/lj_cparse.h LuaJIT-2.0.5/src/lj_crecord.c LuaJIT-2.0.5/src/lj_crecord.h LuaJIT-2.0.5/src/lj_ctype.c LuaJIT-2.0.5/src/lj_ctype.h LuaJIT-2.0.5/src/lj_debug.c LuaJIT-2.0.5/src/lj_debug.h LuaJIT-2.0.5/src/lj_def.h LuaJIT-2.0.5/src/lj_dispatch.c LuaJIT-2.0.5/src/lj_dispatch.h LuaJIT-2.0.5/src/lj_emit_arm.h LuaJIT-2.0.5/src/lj_emit_mips.h LuaJIT-2.0.5/src/lj_emit_ppc.h LuaJIT-2.0.5/src/lj_emit_x86.h LuaJIT-2.0.5/src/lj_err.c LuaJIT-2.0.5/src/lj_err.h LuaJIT-2.0.5/src/lj_errmsg.h LuaJIT-2.0.5/src/lj_ff.h LuaJIT-2.0.5/src/lj_ffrecord.c LuaJIT-2.0.5/src/lj_ffrecord.h LuaJIT-2.0.5/src/lj_frame.h LuaJIT-2.0.5/src/lj_func.c LuaJIT-2.0.5/src/lj_func.h LuaJIT-2.0.5/src/lj_gc.c LuaJIT-2.0.5/src/lj_gc.h LuaJIT-2.0.5/src/lj_gdbjit.c LuaJIT-2.0.5/src/lj_gdbjit.h LuaJIT-2.0.5/src/lj_ir.c LuaJIT-2.0.5/src/lj_ir.h LuaJIT-2.0.5/src/lj_ircall.h LuaJIT-2.0.5/src/lj_iropt.h LuaJIT-2.0.5/src/lj_jit.h LuaJIT-2.0.5/src/lj_lex.c LuaJIT-2.0.5/src/lj_lex.h LuaJIT-2.0.5/src/lj_lib.c LuaJIT-2.0.5/src/lj_lib.h LuaJIT-2.0.5/src/lj_load.c LuaJIT-2.0.5/src/lj_mcode.c LuaJIT-2.0.5/src/lj_mcode.h LuaJIT-2.0.5/src/lj_meta.c LuaJIT-2.0.5/src/lj_meta.h LuaJIT-2.0.5/src/lj_obj.c LuaJIT-2.0.5/src/lj_obj.h LuaJIT-2.0.5/src/lj_opt_dce.c LuaJIT-2.0.5/src/lj_opt_fold.c LuaJIT-2.0.5/src/lj_opt_loop.c LuaJIT-2.0.5/src/lj_opt_mem.c LuaJIT-2.0.5/src/lj_opt_narrow.c LuaJIT-2.0.5/src/lj_opt_sink.c LuaJIT-2.0.5/src/lj_opt_split.c LuaJIT-2.0.5/src/lj_parse.c LuaJIT-2.0.5/src/lj_parse.h LuaJIT-2.0.5/src/lj_record.c LuaJIT-2.0.5/src/lj_record.h LuaJIT-2.0.5/src/lj_snap.c LuaJIT-2.0.5/src/lj_snap.h LuaJIT-2.0.5/src/lj_state.c LuaJIT-2.0.5/src/lj_state.h LuaJIT-2.0.5/src/lj_str.c LuaJIT-2.0.5/src/lj_str.h LuaJIT-2.0.5/src/lj_strscan.c LuaJIT-2.0.5/src/lj_strscan.h LuaJIT-2.0.5/src/lj_tab.c LuaJIT-2.0.5/src/lj_tab.h LuaJIT-2.0.5/src/lj_target.h LuaJIT-2.0.5/src/lj_target_arm.h LuaJIT-2.0.5/src/lj_target_mips.h LuaJIT-2.0.5/src/lj_target_ppc.h LuaJIT-2.0.5/src/lj_target_x86.h LuaJIT-2.0.5/src/lj_trace.c LuaJIT-2.0.5/src/lj_trace.h LuaJIT-2.0.5/src/lj_traceerr.h LuaJIT-2.0.5/src/lj_udata.c LuaJIT-2.0.5/src/lj_udata.h LuaJIT-2.0.5/src/lj_vm.h LuaJIT-2.0.5/src/lj_vmevent.c LuaJIT-2.0.5/src/lj_vmevent.h LuaJIT-2.0.5/src/lj_vmmath.c LuaJIT-2.0.5/src/ljamalg.c LuaJIT-2.0.5/src/lua.h LuaJIT-2.0.5/src/lua.hpp LuaJIT-2.0.5/src/luaconf.h LuaJIT-2.0.5/src/luajit.c LuaJIT-2.0.5/src/luajit.h LuaJIT-2.0.5/src/lualib.h LuaJIT-2.0.5/src/msvcbuild.bat LuaJIT-2.0.5/src/ps4build.bat LuaJIT-2.0.5/src/psvitabuild.bat LuaJIT-2.0.5/src/vm_arm.dasc LuaJIT-2.0.5/src/vm_mips.dasc LuaJIT-2.0.5/src/vm_ppc.dasc LuaJIT-2.0.5/src/vm_ppcspe.dasc LuaJIT-2.0.5/src/vm_x86.dasc LuaJIT-2.0.5/src/xedkbuild.bat [[电子邮件 protected] src]# cd LuaJIT-2.0.5 [[电子邮件 protected] LuaJIT-2.0.5]# make && make install ==== Building LuaJIT 2.0.5 ==== make -C src make[1]: gcc: Command not found make[1]: Entering directory `/usr/local/src/LuaJIT-2.0.5/src' make[1]: gcc: Command not found make[1]: gcc: Command not found make[1]: gcc: Command not found make[1]: gcc: Command not found make[1]: gcc: Command not found Makefile:254: *** Unsupported target architecture. Stop. make[1]: Leaving directory `/usr/local/src/LuaJIT-2.0.5/src' make: *** [default] Error 2
4 Install GCC and GCC+
[[电子邮件 protected] LuaJIT-2.0.5]# yum -y install gcc Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: less.cogeco.net * epel: mirrors.mit.edu * extras: less.cogeco.net * updates: less.cogeco.net Resolving Dependencies --> Running transaction check ---> Package gcc.x86_64 0:4.8.5-39.el7 will be installed --> Processing Dependency: cpp = 4.8.5-39.el7 for package: gcc-4.8.5-39.el7.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-39.el7.x86_64 --> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-39.el7.x86_64 --> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-39.el7.x86_64 --> Running transaction check ---> Package cpp.x86_64 0:4.8.5-39.el7 will be installed ---> Package glibc-devel.x86_64 0:2.17-307.el7.1 will be installed --> Processing Dependency: glibc-headers = 2.17-307.el7.1 for package: glibc-devel-2.17-307.el7.1.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.17-307.el7.1.x86_64 ---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed ---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed --> Running transaction check ---> Package glibc-headers.x86_64 0:2.17-307.el7.1 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-307.el7.1.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.17-307.el7.1.x86_64 --> Running transaction check ---> Package kernel-headers.x86_64 0:3.10.0-1127.10.1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================== Installing: gcc x86_64 4.8.5-39.el7 base 16 M Installing for dependencies: cpp x86_64 4.8.5-39.el7 base 5.9 M glibc-devel x86_64 2.17-307.el7.1 base 1.1 M glibc-headers x86_64 2.17-307.el7.1 base 689 k kernel-headers x86_64 3.10.0-1127.10.1.el7 updates 8.9 M libmpc x86_64 1.0.1-3.el7 base 51 k mpfr x86_64 3.1.1-4.el7 base 203 k Transaction Summary ================================================================================================================================================================================== Install 1 Package (+6 Dependent packages) Total download size: 33 M Installed size: 60 M Downloading packages: (1/7): glibc-devel-2.17-307.el7.1.x86_64.rpm | 1.1 MB 00:00:00 (2/7): glibc-headers-2.17-307.el7.1.x86_64.rpm | 689 kB 00:00:00 (3/7): libmpc-1.0.1-3.el7.x86_64.rpm | 51 kB 00:00:00 (4/7): mpfr-3.1.1-4.el7.x86_64.rpm | 203 kB 00:00:00 (5/7): cpp-4.8.5-39.el7.x86_64.rpm | 5.9 MB 00:00:03 (6/7): kernel-headers-3.10.0-1127.10.1.el7.x86_64.rpm | 8.9 MB 00:00:04 (7/7): gcc-4.8.5-39.el7.x86_64.rpm | 16 MB 00:00:05 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 5.7 MB/s | 33 MB 00:00:05 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : mpfr-3.1.1-4.el7.x86_64 1/7 Installing : libmpc-1.0.1-3.el7.x86_64 2/7 Installing : cpp-4.8.5-39.el7.x86_64 3/7 Installing : kernel-headers-3.10.0-1127.10.1.el7.x86_64 4/7 Installing : glibc-headers-2.17-307.el7.1.x86_64 5/7 Installing : glibc-devel-2.17-307.el7.1.x86_64 6/7 Installing : gcc-4.8.5-39.el7.x86_64 7/7 Verifying : glibc-headers-2.17-307.el7.1.x86_64 1/7 Verifying : glibc-devel-2.17-307.el7.1.x86_64 2/7 Verifying : mpfr-3.1.1-4.el7.x86_64 3/7 Verifying : libmpc-1.0.1-3.el7.x86_64 4/7 Verifying : cpp-4.8.5-39.el7.x86_64 5/7 Verifying : gcc-4.8.5-39.el7.x86_64 6/7 Verifying : kernel-headers-3.10.0-1127.10.1.el7.x86_64 7/7 Installed: gcc.x86_64 0:4.8.5-39.el7 Dependency Installed: cpp.x86_64 0:4.8.5-39.el7 glibc-devel.x86_64 0:2.17-307.el7.1 glibc-headers.x86_64 0:2.17-307.el7.1 kernel-headers.x86_64 0:3.10.0-1127.10.1.el7 libmpc.x86_64 0:1.0.1-3.el7 mpfr.x86_64 0:3.1.1-4.el7 Complete! [[电子邮件 protected] LuaJIT-2.0.5]# yum -y install gcc-c++ Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: less.cogeco.net * epel: mirrors.mit.edu * extras: less.cogeco.net * updates: less.cogeco.net Resolving Dependencies --> Running transaction check ---> Package gcc-c++.x86_64 0:4.8.5-39.el7 will be installed --> Processing Dependency: libstdc++-devel = 4.8.5-39.el7 for package: gcc-c++-4.8.5-39.el7.x86_64 --> Running transaction check ---> Package libstdc++-devel.x86_64 0:4.8.5-39.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================== Installing: gcc-c++ x86_64 4.8.5-39.el7 base 7.2 M Installing for dependencies: libstdc++-devel x86_64 4.8.5-39.el7 base 1.5 M Transaction Summary ================================================================================================================================================================================== Install 1 Package (+1 Dependent package) Total download size: 8.7 M Installed size: 25 M Downloading packages: (1/2): libstdc++-devel-4.8.5-39.el7.x86_64.rpm | 1.5 MB 00:00:00 (2/2): gcc-c++-4.8.5-39.el7.x86_64.rpm | 7.2 MB 00:00:01 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 6.2 MB/s | 8.7 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : libstdc++-devel-4.8.5-39.el7.x86_64 1/2 Installing : gcc-c++-4.8.5-39.el7.x86_64 2/2 Verifying : gcc-c++-4.8.5-39.el7.x86_64 1/2 Verifying : libstdc++-devel-4.8.5-39.el7.x86_64 2/2 Installed: gcc-c++.x86_64 0:4.8.5-39.el7 Dependency Installed: libstdc++-devel.x86_64 0:4.8.5-39.el7 Complete! [[电子邮件 protected] LuaJIT-2.0.5]#
5 重新制作并重新安装LuaJIT
[[电子邮件 protected] LuaJIT-2.0.5]# make && make install ==== Building LuaJIT 2.0.5 ==== make -C src make[1]: Entering directory `/usr/local/src/LuaJIT-2.0.5/src' HOSTCC host/minilua.o HOSTLINK host/minilua DYNASM host/buildvm_arch.h HOSTCC host/buildvm.o HOSTCC host/buildvm_asm.o HOSTCC host/buildvm_peobj.o HOSTCC host/buildvm_lib.o HOSTCC host/buildvm_fold.o HOSTLINK host/buildvm BUILDVM lj_vm.s ASM lj_vm.o CC lj_gc.o BUILDVM lj_ffdef.h CC lj_err.o CC lj_char.o BUILDVM lj_bcdef.h CC lj_bc.o CC lj_obj.o CC lj_str.o CC lj_tab.o CC lj_func.o CC lj_udata.o CC lj_meta.o CC lj_debug.o CC lj_state.o CC lj_dispatch.o CC lj_vmevent.o CC lj_vmmath.o CC lj_strscan.o CC lj_api.o CC lj_lex.o CC lj_parse.o CC lj_bcread.o CC lj_bcwrite.o CC lj_load.o CC lj_ir.o CC lj_opt_mem.o BUILDVM lj_folddef.h CC lj_opt_fold.o CC lj_opt_narrow.o CC lj_opt_dce.o CC lj_opt_loop.o CC lj_opt_split.o CC lj_opt_sink.o CC lj_mcode.o CC lj_snap.o CC lj_record.o CC lj_crecord.o BUILDVM lj_recdef.h CC lj_ffrecord.o CC lj_asm.o CC lj_trace.o CC lj_gdbjit.o CC lj_ctype.o CC lj_cdata.o CC lj_cconv.o CC lj_ccall.o CC lj_ccallback.o CC lj_carith.o CC lj_clib.o CC lj_cparse.o CC lj_lib.o CC lj_alloc.o CC lib_aux.o BUILDVM lj_libdef.h CC lib_base.o CC lib_math.o CC lib_bit.o CC lib_string.o CC lib_table.o CC lib_io.o CC lib_os.o CC lib_package.o CC lib_debug.o CC lib_jit.o CC lib_ffi.o CC lib_init.o AR libluajit.a CC luajit.o BUILDVM jit/vmdef.lua DYNLINK libluajit.so LINK luajit OK Successfully built LuaJIT make[1]: Leaving directory `/usr/local/src/LuaJIT-2.0.5/src' ==== Successfully built LuaJIT 2.0.5 ==== ==== Installing LuaJIT 2.0.5 to /usr/local ==== mkdir -p /usr/local/bin /usr/local/lib /usr/local/include/luajit-2.0 /usr/local/share/man/man1 /usr/local/lib/pkgconfig /usr/local/share/luajit-2.0.5/jit /usr/local/share/lua/5.1 /usr/local/lib/lua/5.1 cd src && install -m 0755 luajit /usr/local/bin/luajit-2.0.5 cd src && test -f libluajit.a && install -m 0644 libluajit.a /usr/local/lib/libluajit-5.1.a || : rm -f /usr/local/bin/luajit /usr/local/lib/libluajit-5.1.so.2.0.5 /usr/local/lib/libluajit-5.1.so /usr/local/lib/libluajit-5.1.so.2 cd src && test -f libluajit.so && \ install -m 0755 libluajit.so /usr/local/lib/libluajit-5.1.so.2.0.5 && \ ldconfig -n /usr/local/lib && \ ln -sf libluajit-5.1.so.2.0.5 /usr/local/lib/libluajit-5.1.so && \ ln -sf libluajit-5.1.so.2.0.5 /usr/local/lib/libluajit-5.1.so.2 || : cd etc && install -m 0644 luajit.1 /usr/local/share/man/man1 cd etc && sed -e "s|^prefix=.*|prefix=/usr/local|" -e "s|^multilib=.*|multilib=lib|" luajit.pc > luajit.pc.tmp && \ install -m 0644 luajit.pc.tmp /usr/local/lib/pkgconfig/luajit.pc && \ rm -f luajit.pc.tmp cd src && install -m 0644 lua.h lualib.h lauxlib.h luaconf.h lua.hpp luajit.h /usr/local/include/luajit-2.0 cd src/jit && install -m 0644 bc.lua v.lua dump.lua dis_x86.lua dis_x64.lua dis_arm.lua dis_ppc.lua dis_mips.lua dis_mipsel.lua bcsave.lua vmdef.lua /usr/local/share/luajit-2.0.5/jit ln -sf luajit-2.0.5 /usr/local/bin/luajit ==== Successfully installed LuaJIT 2.0.5 to /usr/local ==== [[电子邮件 protected] LuaJIT-2.0.5]#
6 Install Nginx
[[电子邮件 protected] src]# tar zxf nginx-1.12.1.tar.gz [[电子邮件 protected] src]# tar zxvf pcre-8.41.tar.gz [[电子邮件 protected] src]# cd nginx-1.12.1 [[电子邮件 protected] nginx-1.12.1]# export LUAJIT_LIB=/usr/local/lib [[电子邮件 protected] nginx-1.12.1]# export LUAJIT_INC=/usr/local/include/luajit-2.0 [[电子邮件 protected] nginx-1.12.1]#./configure --user=www --group=www --prefix=/usr/local/nginx-1.12.1/ --with-pcre=/usr/local/src/pcre-8.41 --with-http_stub_status_module --with-http_sub_module --with-http_gzip_static_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --add-module=../ngx_devel_kit-0.3.0/ --add-module=../lua-nginx-module-0.10.10/ checking for OS + 的Linux 3.10.0-1127.8.2.el7.x86_64 x86_64 checking for C compiler ... found + using GNU C compiler + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) checking for gcc -pipe switch ... found checking for -Wl,-E switch ... found checking for gcc builtin atomic operations ... found checking for C99 variadic macros ... found checking for gcc variadic macros ... found checking for gcc builtin 64 bit byteswap ... found checking for unistd.h ... found checking for inttypes.h ... found checking for limits.h ... found checking for sys/filio.h ... not found checking for sys/param.h ... found checking for sys/mount.h ... found checking for sys/statvfs.h ... found checking for crypt.h ... found checking for 的Linux specific features checking for epoll ... found checking for EPOLLRDHUP ... found checking for EPOLLEXCLUSIVE ... not found checking for O_PATH ... found checking for sendfile() ... found checking for sendfile64() ... found checking for sys/prctl.h ... found checking for prctl(PR_SET_DUMPABLE) ... found checking for sched_setaffinity() ... found checking for crypt_r() ... found checking for sys/vfs.h ... found checking for poll() ... found checking for /dev/poll ... not found checking for kqueue ... not found checking for crypt() ... not found checking for crypt() in libcrypt ... found checking for F_READAHEAD ... not found checking for posix_fadvise() ... found checking for O_DIRECT ... found checking for F_NOCACHE ... not found checking for directio() ... not found checking for statfs() ... found checking for statvfs() ... found checking for dlopen() ... not found checking for dlopen() in libdl ... found checking for sched_yield() ... found checking for SO_SETFIB ... not found checking for SO_REUSEPORT ... found checking for SO_ACCEPTFILTER ... not found checking for SO_BINDANY ... not found checking for IP_BIND_ADDRESS_NO_PORT ... found checking for IP_TRANSPARENT ... found checking for IP_BINDANY ... not found checking for IP_RECVDSTADDR ... not found checking for IP_PKTINFO ... found checking for IPV6_RECVPKTINFO ... found checking for TCP_DEFER_ACCEPT ... found checking for TCP_KEEPIDLE ... found checking for TCP_FASTOPEN ... found checking for TCP_INFO ... found checking for accept4() ... found checking for eventfd() ... found checking for int size ... 4 bytes checking for long size ... 8 bytes checking for long long size ... 8 bytes checking for void * size ... 8 bytes checking for uint32_t ... found checking for uint64_t ... found checking for sig_atomic_t ... found checking for sig_atomic_t size ... 4 bytes checking for socklen_t ... found checking for in_addr_t ... found checking for in_port_t ... found checking for rlim_t ... found checking for uintptr_t ... uintptr_t found checking for system byte ordering ... little endian checking for size_t size ... 8 bytes checking for off_t size ... 8 bytes checking for time_t size ... 8 bytes checking for AF_INET6 ... found checking for setproctitle() ... not found checking for pread() ... found checking for pwrite() ... found checking for pwritev() ... found checking for sys_nerr ... found checking for localtime_r() ... found checking for posix_memalign() ... found checking for memalign() ... found checking for mmap(MAP_ANON|MAP_SHARED) ... found checking for mmap("/dev/zero", MAP_SHARED) ... found checking for System V shared memory ... found checking for POSIX semaphores ... not found checking for POSIX semaphores in libpthread ... found checking for struct msghdr.msg_control ... found checking for ioctl(FIONBIO) ... found checking for struct tm.tm_gmtoff ... found checking for struct dirent.d_namlen ... not found checking for struct dirent.d_type ... found checking for sysconf(_SC_NPROCESSORS_ONLN) ... found checking for openat(), fstatat() ... found checking for getaddrinfo() ... found configuring additional 模组s adding 模组 in ../ngx_devel_kit-0.3.0/ + ngx_devel_kit was configured adding 模组 in ../lua-nginx-module-0.10.10/ checking for LuaJIT library in /usr/local/lib and /usr/local/include/luajit-2.0 (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found checking for export symbols by default (-E) ... found checking for export symbols by default (--export-all-symbols) ... not found checking for SO_PASSCRED ... found checking for __attribute__(constructor) ... found checking for malloc_trim ... found + ngx_http_lua_module was configured checking for zlib library ... not found ./configure: error: the HTTP gzip 模组 requires the zlib library. You can either disable the 模组 by using --without-http_gzip_module option, or install the zlib library into the system, or build the zlib library statically from the source with nginx by using --with-zlib=<path> option.
如果以前已经编译过Nginx,则仅添加Nginx模块就不需要执行“ make install”。
|
1
2
3
4
5
6
|
cd /usr/local/src/nginx-1.12.2./configure --add-模组=/usr/local/src/ngx_devel_kit-0.3.0 --add-模组=/usr/local/src/lua-nginx-模组-0.10.11 --with-ld-opt=-Wl,-rpath,$LUAJIT_LIBmakemv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bakcp objs/nginx /usr/local/nginx/sbin/systemctl reload nginx |
7 安装缺少的Zlib-devel软件包
[[电子邮件 protected] nginx-1.12.1]# yum install zlib-devel Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: less.cogeco.net * epel: mirrors.mit.edu * extras: less.cogeco.net * updates: less.cogeco.net Resolving Dependencies --> Running transaction check ---> Package zlib-devel.x86_64 0:1.2.7-18.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================== Installing: zlib-devel x86_64 1.2.7-18.el7 base 50 k Transaction Summary ================================================================================================================================================================================== Install 1 Package Total download size: 50 k Installed size: 132 k Is this ok [y/d/N]: y Downloading packages: zlib-devel-1.2.7-18.el7.x86_64.rpm | 50 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : zlib-devel-1.2.7-18.el7.x86_64 1/1 Verifying : zlib-devel-1.2.7-18.el7.x86_64 1/1 Installed: zlib-devel.x86_64 0:1.2.7-18.el7 Complete! [[电子邮件 protected] nginx-1.12.1]# ./configure --user=www --group=www --prefix=/usr/local/nginx-1.12.1/ --with-pcre=/usr/local/src/pcre-8.41 --with-http_stub_status_module --with-http_sub_module --with-http_gzip_static_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --add-module=../ngx_devel_kit-0.3.0/ --add-module=../lua-nginx-module-0.10.10/ checking for OS + 的Linux 3.10.0-1127.8.2.el7.x86_64 x86_64 checking for C compiler ... found + using GNU C compiler + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) checking for gcc -pipe switch ... found checking for -Wl,-E switch ... found checking for gcc builtin atomic operations ... found checking for C99 variadic macros ... found checking for gcc variadic macros ... found checking for gcc builtin 64 bit byteswap ... found checking for unistd.h ... found checking for inttypes.h ... found checking for limits.h ... found checking for sys/filio.h ... not found checking for sys/param.h ... found checking for sys/mount.h ... found checking for sys/statvfs.h ... found checking for crypt.h ... found checking for 的Linux specific features checking for epoll ... found checking for EPOLLRDHUP ... found checking for EPOLLEXCLUSIVE ... not found checking for O_PATH ... found checking for sendfile() ... found checking for sendfile64() ... found checking for sys/prctl.h ... found checking for prctl(PR_SET_DUMPABLE) ... found checking for sched_setaffinity() ... found checking for crypt_r() ... found checking for sys/vfs.h ... found checking for poll() ... found checking for /dev/poll ... not found checking for kqueue ... not found checking for crypt() ... not found checking for crypt() in libcrypt ... found checking for F_READAHEAD ... not found checking for posix_fadvise() ... found checking for O_DIRECT ... found checking for F_NOCACHE ... not found checking for directio() ... not found checking for statfs() ... found checking for statvfs() ... found checking for dlopen() ... not found checking for dlopen() in libdl ... found checking for sched_yield() ... found checking for SO_SETFIB ... not found checking for SO_REUSEPORT ... found checking for SO_ACCEPTFILTER ... not found checking for SO_BINDANY ... not found checking for IP_BIND_ADDRESS_NO_PORT ... found checking for IP_TRANSPARENT ... found checking for IP_BINDANY ... not found checking for IP_RECVDSTADDR ... not found checking for IP_PKTINFO ... found checking for IPV6_RECVPKTINFO ... found checking for TCP_DEFER_ACCEPT ... found checking for TCP_KEEPIDLE ... found checking for TCP_FASTOPEN ... found checking for TCP_INFO ... found checking for accept4() ... found checking for eventfd() ... found checking for int size ... 4 bytes checking for long size ... 8 bytes checking for long long size ... 8 bytes checking for void * size ... 8 bytes checking for uint32_t ... found checking for uint64_t ... found checking for sig_atomic_t ... found checking for sig_atomic_t size ... 4 bytes checking for socklen_t ... found checking for in_addr_t ... found checking for in_port_t ... found checking for rlim_t ... found checking for uintptr_t ... uintptr_t found checking for system byte ordering ... little endian checking for size_t size ... 8 bytes checking for off_t size ... 8 bytes checking for time_t size ... 8 bytes checking for AF_INET6 ... found checking for setproctitle() ... not found checking for pread() ... found checking for pwrite() ... found checking for pwritev() ... found checking for sys_nerr ... found checking for localtime_r() ... found checking for posix_memalign() ... found checking for memalign() ... found checking for mmap(MAP_ANON|MAP_SHARED) ... found checking for mmap("/dev/zero", MAP_SHARED) ... found checking for System V shared memory ... found checking for POSIX semaphores ... not found checking for POSIX semaphores in libpthread ... found checking for struct msghdr.msg_control ... found checking for ioctl(FIONBIO) ... found checking for struct tm.tm_gmtoff ... found checking for struct dirent.d_namlen ... not found checking for struct dirent.d_type ... found checking for sysconf(_SC_NPROCESSORS_ONLN) ... found checking for openat(), fstatat() ... found checking for getaddrinfo() ... found configuring additional 模组s adding 模组 in ../ngx_devel_kit-0.3.0/ + ngx_devel_kit was configured adding 模组 in ../lua-nginx-module-0.10.10/ checking for LuaJIT library in /usr/local/lib and /usr/local/include/luajit-2.0 (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found checking for export symbols by default (-E) ... found checking for export symbols by default (--export-all-symbols) ... not found checking for SO_PASSCRED ... found checking for __attribute__(constructor) ... found checking for malloc_trim ... found + ngx_http_lua_module was configured checking for zlib library ... found creating objs/Makefile Configuration summary + using PCRE library: /usr/local/src/pcre-8.41 + OpenSSL library is not used + using system zlib library nginx path prefix: "/usr/local/nginx-1.12.1/" nginx binary file: "/usr/local/nginx-1.12.1//sbin/nginx" nginx 模组s path: "/usr/local/nginx-1.12.1//modules" nginx configuration prefix: "/usr/local/nginx-1.12.1//conf" nginx configuration file: "/usr/local/nginx-1.12.1//conf/nginx.conf" nginx pid file: "/usr/local/nginx-1.12.1//logs/nginx.pid" nginx error log file: "/usr/local/nginx-1.12.1//logs/error.log" nginx http access log file: "/usr/local/nginx-1.12.1//logs/access.log" nginx http client request body temporary files: "client_body_temp" nginx http proxy temporary files: "proxy_temp" nginx http fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp" [[电子邮件 protected] nginx-1.12.1]#
8 安装Nginx,这次将成功。
[[电子邮件 protected] nginx-1.12.1]# make -j2 && make install
9 Create two links
[[电子邮件 protected] nginx-1.12.1]# ln -s /usr/local/nginx-1.12.1 /usr/local/nginx
[[电子邮件 protected] nginx-1.12.1]# ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2
[[电子邮件 protected] nginx-1.12.1]#
ln -s / usr / local / nginx / nginx / usr / bin / nginx
您现在可以在任何文件夹中运行nginx。
10 编辑nginx.conf以加载lua测试站点
[[电子邮件 protected] conf]# pwd /usr/local/src/nginx-1.12.1/conf [[电子邮件 protected] conf]# vi nginx.conf
10 测试Nginx配置文件并运行Nginx
杀死nginx进程:
[[电子邮件 protected] nginx-1.12.1]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx-1.12.1//conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx-1.12.1//conf/nginx.conf test is successful
[[电子邮件 protected] nginx-1.12.1]# /usr/local/nginx/sbin/nginx
[[电子邮件 protected] nginx-1.12.1]#
杀死nginx进程:
[[电子邮件 protected] nginx-1.12.1]# pkill -9 nginx
禁用FirewallD服务
您可能要禁用FirewallD服务
[[电子邮件 protected] conf]# service firewalld stop Redirecting to /bin/systemctl stop firewalld.service [[电子邮件 protected] conf]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [[电子邮件 protected] conf]#
OpenResty部署(Nginx和Lua)
Install dependencies
# yum install -y readline-devel pcre-devel openssl-devel
# cd /usr/local/src
Download and Compile/install openresty
# wget "//openresty.org/download/openresty-1.11.2.5.tar.gz"
# tar zxf openresty-1.11.2.5.tar.gz
# cd openresty-1.11.2.5
# ./configure --prefix=/usr/local/openresty-1.11.2.5 \
--with-luajit --with-http_stub_status_module \
--with-pcre=/usr/local/src/pcre-8.41 --with-pcre-jit
# gmake && gmake install
# ln -s /usr/local/openresty-1.11.2.5 /usr/local/openresty
Test openresty installation
# vim /usr/local/openresty/nginx/conf/nginx.conf
server {
location /hello {
default_type text/html;
content_by_lua_block {
ngx.say("HelloWorld")
}
}
}
[[电子邮件 protected] src]# /usr/local/openresty-1.11.2.5/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf test is successful
# /usr/local/openresty/nginx/sbin/nginx
Hello World
# curl http://192.168.199.33/hello
HelloWorld
WAF部署
需求:
yum -y安装git
cd /usr/local/openresty/nginx/conf/ git clone //github.com/xzhih/ngx_lua_waf.git waf cat > /usr/local/openresty/nginx/conf/waf.conf << EOF lua_shared_dict limit 20m; lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua"; init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua"; access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua"; EOF mkdir -p /usr/local/openresty/nginx/logs/waf chown www:www /usr/local/openresty/nginx/logs/waf
[[电子邮件 protected] ~]# cd /usr/local/openresty/nginx/conf/
[r[电子邮件 protected] conf]# git clone //github.com/xzhih/ngx_lua_waf.git waf
Cloning into 'waf'...
remote: Enumerating objects: 53, done.
remote: Total 53 (delta 0), reused 0 (delta 0), pack-reused 53
Unpacking objects: 100% (53/53), done.
[[电子邮件 protected] conf]# cat > /usr/local/openresty/nginx/conf/waf.conf << EOF
> lua_shared_dict limit 20m;
> lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
> init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
> access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
> EOF
[[电子邮件 protected] conf]# mkdir -p /usr/local/openresty/nginx/logs/waf
[[电子邮件 protected] conf]# chown www:www /usr/local/openresty/nginx/logs/waf
[[电子邮件 protected] conf]#
您可以在中找到的waf日志
/usr/local/openresty/nginx/logs/waf
最后包括
waf.conf 通过vi / usr / local / openresty / nginx / conf /nginx.confinclude waf.conf;
杀死nginx进程:
[[电子邮件 protected] nginx-1.12.1]# pkill -9 nginx
开始nginx过程:
[[电子邮件 protected] nginx-1.12.1]# /usr/local/openresty/nginx/sbin/nginx
在包含waf.conf之前,通过访问 http://x.x.x.x/?a=a.sql,您将获得一个正常的Nginx页面。
添加waf.conf后,您将在config.lua文件中得到预定义的错误。
[[电子邮件 protected] waf]# cat config.lua --WAF config file,enable = "上",disable = "off" --waf status config_waf_enable = "上" --log dir config_log_dir = "/usr/local/openresty/nginx/logs/waf" --rule setting config_rule_dir = "/usr/local/openresty/nginx/conf/waf/wafconf" --enable/disable white url config_white_url_check = "上" --enable/disable white ip config_white_ip_check = "上" --enable/disable block ip config_black_ip_check = "上" --enable/disable url filtering config_url_check = "上" --enalbe/disable url args filtering config_url_args_check = "上" --enable/disable user agent filtering config_user_agent_check = "上" --enable/disable cookie deny filtering config_cookie_check = "上" --enable/disable cc filtering config_cc_check = "上" --cc rate the xxx of xxx seconds config_cc_rate = "120/120" --enable/disable post filtering config_post_check = "上" --config waf output redirect/html config_waf_output = "html" --if config_waf_output ,setting url config_waf_redirect_url = "/captcha" config_output_html=[[ <!DOCTYPE html><html><head><meta name="viewport" content="initial-scale=1,minimum-scale=1,width=device-width"><title>WAF 安全 Warning</title><style>body{font-size:100%;background-color:#ce3426;color:#fff;margin:15px}h1{font-size:1.5em;line-height:1.5em;margin-bottom:16px;font-weight:400}.wrapper{margin:20vh auto 0;max-width:500px}@media (max-width:420px){body{font-size:90%}}</style></head><body><div class="wrapper"><h1>Web APP Firewall</h1><p>Your request has invalit parameters, and has been blocked based 上 security policy<br>Possible reason: The information you submitted has potential malicious contents</p><p>1. Check your content<br>2. If this is your website, please contact your provider<br>3. if you are regular user, please contact website admin</p></div></body></html> ]] [[电子邮件 protected] waf]#
您可以测试更多功能,例如CC攻击,黑名单,下载限制等。
使用Nginx动态安装Lua模块
1 安装Lua模块。
对于Amazon 的Linux,CentOS,Oracle 的Linux和RHEL:
$ yum install nginx-plus-module-lua
对于Debian和Ubuntu:
$ apt-get install nginx-plus-module-lua
对于SLES:
$ zypper install nginx-plus-module-lua
load_module 模组s/ndk_http_module.so;
load_module 模组s/ngx_http_lua_module.so;
注意: 指令必须按此顺序。
3 根据需要执行其他配置 模组.
注意: Nginx动态模块文档。使用这种安装方法,您将不需要编译您的nginx。
将Nginx添加为服务
添加服务文件:
# vi /usr/lib/systemd/system/nginx.service [Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/usr/local/openresty/nginx/logs/nginx.pid ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t ExecStart=/usr/local/openresty/nginx/sbin/nginx ExecReload=/usr/local/openresty/nginx/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
保存并退出。 启动服务:
# systemctl start nginx
# systemctl enable nginx
ln -s / usr / local / nginx / nginx / usr / bin / nginx
您可以通过执行以下命令来检查版本。
您可以通过执行以下命令来检查版本。
# /opt/nginx/sbin/nginx -v以下是与软链接命令“ ln”有关的一些命令:
[[电子邮件 protected] opc]# ln -s / usr / local / nginx / nginx / usr / bin / nginx ln: failed to create symbolic link ‘/usr/bin/nginx’: File exists [[电子邮件 protected] opc]# ls -l /usr/bin/nginx lrwxrwxrwx. 1 root root 27 Jun 21 23:52 /usr/bin/nginx -> /usr/local/nginx/sbin/nginx [[电子邮件 protected] opc]# rm /usr/bin/nginx rm: remove symbolic link ‘/usr/bin/nginx’? y [[电子邮件 protected] opc]# ln -s /usr/local/openresty/nginx/nginx /usr/bin/nginx [[电子邮件 protected] opc]# service nginx status Redirecting to /bin/systemctl status nginx.service ● nginx.service - The NGINX HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-06-22 12:25:20 GMT; 3min 36s ago Process: 1589 ExecStart=/usr/local/openresty/nginx/sbin/nginx (code=exited, status=0/SUCCESS) Process: 1531 ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t (code=exited, status=0/SUCCESS) Main PID: 1597 (nginx) CGroup: /system.slice/nginx.service ├─1597 nginx: master process /usr/local/openresty/nginx/sbin/nginx └─1600 nginx: worker process Jun 22 12:25:19 centos-nginx1-16 systemd[1]: Starting The NGINX HTTP and reverse proxy server... Jun 22 12:25:20 centos-nginx1-16 nginx[1531]: nginx: the configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf syntax is ok Jun 22 12:25:20 centos-nginx1-16 nginx[1531]: nginx: configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf test is successful Jun 22 12:25:20 centos-nginx1-16 systemd[1]: Failed to parse PID from file /usr/local/openresty/nginx/logs/nginx.pid: Invalid argument Jun 22 12:25:20 centos-nginx1-16 systemd[1]: Started The NGINX HTTP and reverse proxy server. [[电子邮件 protected] opc]#
建立一个PHP测试环境
安装php-fpm
[[电子邮件 protected] 日志]#systemctl启动php-fpm
[[电子邮件 protected] 日志]#systemctl启用php-fpm
[[电子邮件 protected] 日志]#systemctl状态php-fpm
vi nginx.conf
取消注释“位置〜\ .php $”部分。您将需要更改以下行:
#fastcgi_param SCRIPT_FILENAME / scripts $ fastcgi_script_name;
至:
fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;
在/ usr / local / openresty / nginx / html下创建带有内容的index.php文件 <?php phpinfo(); ?>
使用命令“ systemctl restart nginx”重新启动nginx服务以使其生效。
PHP – xss atack测试
在(/ usr / local / nginx / conf / waf / wafconf)下的args文件中添加新规则
\sor\s+重新启动nginx服务
在/ usr / local / openresty / nginx / html下创建一个test.php文件,内容如下 <?php echo $ _GET ['id']; ?>
在/ usr / local / openresty / nginx / conf / waf / wafconf下的args文件中添加新规则
http://140.238.155.214/test.php?id=%3Cscript%3Ealert(%22xxx%22);%3C/script%3E
http://140.238.155.214/test.php?id=<script>alert(“xxx”);</script>
参考文献
2 使用Nginx + Lua实现的WAF(版本v1.0)
3 openresty / lua-nginx模块
8 Nginx + Lua实现WAF引用防火墙 -SQL Injection Test
