openresty 安装与使用

一、openresty的安装

下载源码

openresty download

安装依赖

apt-get install libpcre3-dev \libssl-dev perl make build-essential curl

编译

tar -xzvf openresty-VERSION.tar.gz# --without-http_redis2_module 将不能使用http_redis2模块./configure --prefix=/usr/local/openresty \--with-luajit \--without-http_redis2_module \--with-http_iconv_module \--with-http_postgres_modulemakemake install

启动

cd /usr/local/openresty/nginx/sbin

./nginx

访问http://ip

二、应用

httpredis

httpredis只能读取redis

vim conf/nginx-httpredis.conf

worker_processes 1;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name ;root html;index index.html;location / {default_type text/plain;set $redis_key "m";redis_pass 127.0.0.1:6379;error_page 404 = @fetch;}location @fetch {root html;}}}

在html 目录下创建一个1.html文件，内容为:"i am 1.html"

在redis中无key "m"时：

在redis中有key "m"时：

httpredis2module

httpredis2module可以读写redis

vim conf/nginx-httpredis2module.conf

worker_processes 1;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name ;root html;index index.html;location /get {set_unescape_uri $key 'n';redis2_query get $key;redis2_pass 127.0.0.1:6379;}location /set {set_unescape_uri $key 'n';redis2_query set $key 'nValue';redis2_pass 127.0.0.1:6379;}}}

lua redis

设置获取redis中的key

vim conf/nginx-openresty-lua-redis.conf

worker_processes 1;error_log logs/error.log;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 8082;server_name localhost;location / {default_type text/html;content_by_lua_file /usr/local/openresty/nginx/lua/lua-openresty-redis.lua;}}}

vim lua/lua-openresty-redis.lua

-- 引用resty的redislocal redis = require "resty.redis";local red = redis:new();-- 连接redislocal ok,err = red:connect("127.0.0.1",6379);if not ok thenngx.say("faild to connect",err);returnendok,err = red:set("dKey","dValue");if not ok thenngx.say("failed to set dKey",err);returnendok,err = red:get("dKey")if not ok thenngx.say("dKey is null")elsengx.say("dKey's value is :"..ok)endreturn

lua获取查询参数

vim conf/nginx-param.c

worker_processes 1;error_log logs/error.log;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;server {listen 8081;location / {default_type text/html;content_by_lua_file /usr/local/openresty/nginx/lua/lua-http-param.lua;}}}

vim lua/lua-http-param.lua

-- 获取get请求的参数local arg = ngx.req.get_uri_args();for k,v in pairs(arg)dongx.say("key:",k," value:",v);end

./sbin/nginx -p ./ -c conf/nginx-param.conf

lua获取请求头参数

vim conf/nginx-param.conf

worker_processes 1;error_log logs/error.log;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;server {listen 8081;location / {default_type text/html;content_by_lua_file /usr/local/openresty/nginx/lua/lua-header-param.lua;}}}

vim lua/lua-header-param.lua

local headers = ngx.req.get_headers();for k,v in pairs(headers)dongx.say("[header] key:",k," value:",v);end

./sbin/nginx -p ./ -c conf/nginx-param.conf

lua获取请求表单

vim conf/nginx-param.conf

worker_processes 1;error_log logs/error.log;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;server {listen 8081;location / {default_type text/html;content_by_lua_file /usr/local/openresty/nginx/lua/lua-post-kv-param.lua;}}}

vim lua/lua-post-kv-param.lua

-- 获取post body kv参数-- 重要：读取bodyngx.req.read_body();local postArgs = ngx.req.get_post_args();for k,v in pairs(postArgs)dongx.say("[post] key:",k," value:",v);end

./sbin/nginx -p ./ -c conf/nginx-param.

读取全部body

vim conf/nginx-param.conf

worker_processes 1;error_log logs/error.log;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;server {listen 8081;location / {default_type text/html;content_by_lua_file /usr/local/openresty/nginx/lua/lua-post-body-param.lua;}}}

vim lua-post-body-param.lua

-- 获取body体参数-- 所有获取body的操作，这个很重要ngx.req.read_body();local body = ngx.req.get_body_data();ngx.say(body);

./sbin/nginx -p ./ -c conf/nginx-param.

nginx+lua+redis 限流

vim lua/ip-limit-access.lua

ngx.log(ngx.INFO,"ip limit access");local redis = require "resty.redis";local red = redis:new();--链接redisred:connect("127.0.0.1",6379);-- 需要写链接成功的判断。--判断是否限流limit = red:get("limit");if limit == '1' thenreturn ngx.exit(503);endinc = red:incr("testLimit");if inc <= 2 thenred:expire("testLimit",1);elsered:set("limit",1);red:expire("limit",10);end

vim conf/nginx-ip-limit.conf

worker_processes 1;error_log logs/error.log debug;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;server {listen 8083;location / {default_type text/html;access_by_lua_file /usr/local/openresty/nginx/lua/ip-limit-access.lua;log_by_lua_file /usr/local/openresty/nginx/lua/ip-limit-log.lua;proxy_pass http://localhost:8080/;}}}~

启动上游服务器go run main.go

package mainimport ("time""/gin-gonic/gin")func main() {e := gin.New()e.GET("/", func(ctx *gin.Context) {ctx.String(200, time.Now().String())})e.Run()}

启动nginx: ./sbin/nginx -p ./ -c conf/nginx-ip-limit.conf

nginx+lua +redis 防爬虫(ip黑名单)

爬虫种类：

善意的：baidu、google

恶意的：恶意窃取网站内容

防爬虫的方法：

限制user-agent: 非浏览器会带上这个头。如postman

限制ip

添加验证码

限制cookie

本次我们使用限制ip的方式：

在lua中有一个黑名单缓存，这个缓存定时去redis更新。nginx的访问ip在这个缓存中查询，如果查询到，则拒绝访问。

在redis中添加黑名单

vim lua/black-list-access.lua

ngx.log(ngx.INFO,"black list");-- 获取nginx中的ip_black_listlocal ip_black_list = ngx.shared.ip_black_list;local last_update_time=ip_black_list:get("last_update_time");if last_update_time == nil or last_update_time < (ngx.now()-2) thenlocal redis = require "resty.redis";local red = redis:new();local ok,err = red:connect("127.0.0.1",6379);if not ok thenngx.log(ngx.INFO,"connect error");elselocal local_black_list,err = red:smembers("ip_black_list");ip_black_list:flush_all();for k,v in pairs(local_black_list)doip_black_list:set(v,true);endip_black_list:set("last_update_time",ngx.now());endendlocal ip=ngx.var.remote_addr;ngx.log(ngx.INFO,"request ip is "..ip);-- 判断是否在黑名单if ip_black_list:get(ip) thenreturn ngx.exit(503);end

vim conf/nginx-black-list.conf

worker_processes 1;error_log logs/error.log debug;events {worker_connections 1024;}http {## 定义共享空间lua_shared_dict ip_black_list 1m;include mime.types;default_type application/octet-stream;server {listen 8083;location / {default_type text/html;access_by_lua_file /usr/local/openresty/nginx/lua/black-list-access.lua;proxy_pass http://localhost:8080/;}}}

./sbin/nginx -p ./ -c conf/nginx-black-list.conf