一、准备lua的模块信息
地址:https://github.com/cloudflare/lua-resty-cookie
二、openresty配置示例
# cat nginx.conf
user dataanalyze;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
#error_log /data/logs/nginx/nginx_error.log crit;
#error_log logs/error.log notice;
#pid /var/run/nginx/nginx.pid;
worker_rlimit_nofile 50000;
events
{
use epoll;
worker_connections 50000;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
# limit_req_zone $binary_remote_addr zone=perreq:10m rate=66r/s;
# limit_req zone=perreq burst=120 nodelay;
#limit_req_zone $binary_remote_addr zone=perreq:10m rate=166r/s;
#limit_conn_zone $binary_remote_addr zone=perip:10m;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_time" "$http_cookie" "$msec"';
log_format time '$remote_addr $time_local $request_time $request $status';
#access_log /data/logs/nginx/access.log main buffer=24k;
keepalive_timeout 120;
client_header_timeout 3m;
client_body_timeout 3m;
client_max_body_size 100m;
connection_pool_size 256;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
request_pool_size 64k;
output_buffers 4 64k;
postpone_output 1460;
client_body_buffer_size 256k;
fastcgi_connect_timeout 100;
fastcgi_send_timeout 100;
fastcgi_read_timeout 100;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
# fastcgi_temp_path /dev/shm;
# fastcgi_intercept_errors on;
# open_file_cache max=50000 inactive=20s;
# open_file_cache_min_uses 1;
# open_file_cache_valid 30s;
gzip on;
gzip_min_length 4k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
include vhosts/*.com;
include vhosts/*.conf;
lua_package_path "/opt/lua-resty-cookie-master/lib/?.lua;;";
}
---------------------------------------------------
# cat vhosts/ggtf.wanyanzhenjiang.com
#lua_package_path "/opt/lua-resty-cookie-master/lib/?.lua;;";
server{
listen 443;
server_name ggtf.wanyanzhenjiang.com;
ssl on;
ssl_certificate /data/openresty/nginx/ssl/wanyanzhenjiang.crt;
ssl_certificate_key /data/openresty/nginx/ssl/wanyanzhenjiang.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
error_log /data/openresty/nginx/logs/ggtf_error.log;
access_log /data/openresty/nginx/logs/ggtf_access.log;
location / {
set $tgkey $arg_tgkey;
set $referer $arg_to;
set_by_lua $expires_time 'return ngx.cookie_time(ngx.time()+1800)';
set_by_lua $referer_url 'return string.gsub(ngx.var.referer, "%%(%x%x)", function(h) return string.char(tonumber(h, 16)) end)';
add_header Set-Cookie 'tgkey=$tgkey; Domain=.wanyanzhenjiang.com; expires=$expires_time;Max-Age=1800;';
default_type text/html;
set $a 0;
set $b 0;
if ( $referer ~* "wanyanzhenjiang.com(%2f|%20|/)(.*)"){
set $a 1;
}
if ( $referer ~* "wanyanzhenjiang.com$"){
set $a 1;
}
if ( $a = 1 ){
set $b 1;
rewrite ^/(.*)$ $referer_url? redirect;
}
}
}
--------------------------------------
# cat vhosts/storecps.wanyanzhenjiang.com
server{
listen 443;
server_name storecps.wanyanzhenjiang.com;
ssl on;
ssl_certificate /data/openresty/nginx/ssl/wanyanzhenjiang.crt;
ssl_certificate_key /data/openresty/nginx/ssl/wanyanzhenjiang.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
error_log /data/openresty/nginx/logs/storecps_error.log;
access_log /data/openresty/nginx/logs/storecps_access.log;
location / {
set_by_lua $expires_time 'return ngx.cookie_time(ngx.time()+604800)';
set_by_lua $click_time 'return ngx.now(ngx.time())';
set_by_lua $http_referer_url 'return string.gsub(ngx.var.http_referer, "([^%w%.%- ])", function(c) return string.format("%%%02X", string.byte(c)) end)';
add_header Set-Cookie 'union_id=$arg_union_id;euid=$arg_euid;mid=$arg_mid;referer=$http_referer_url;click_time=$click_time; Domain=.wanyanzhenjiang.com; expires=$expires_time; Max-Age=604800';
default_type text/html;
set $a 0;
set $b 0;
if ( $arg_to ~* "wanyanzhenjiang.com(%2f|/)(.*)"){
set $a 1;
}
if ( $arg_to ~* "wanyanzhenjiang.com$"){
set $a 1;
}
if ( $a = 1 ){
set $b 1;
rewrite ^/(.*)$ $arg_to? redirect;
}
}
}
PS:自定义header的信息
set $tgkey $arg_tgkey;
set $referer $arg_to;
set_by_lua $expires_time 'return ngx.cookie_time(ngx.time()+1800)';
set_by_lua $referer_url 'return string.gsub(ngx.var.referer, "%%(%x%x)", function(h) return string.char(tonumber(h, 16)) end)';
add_header Set-Cookie 'tgkey=$tgkey; Domain=.wanyanzhenjiang.com; expires=$expires_time;Max-Age=1800;';
另外lua之urlEncode和urlDecode方法
local function urlEncode(s)
s = string.gsub(s, "([^%w%.%- ])", function(c) return string.format("%%%02X", string.byte(c)) end)
return string.gsub(s, " ", "+")
end
local function urlDecode(s)
s = string.gsub(s, '%%(%x%x)', function(h) return string.char(tonumber(h, 16)) end)
return s
end