Centos7安装Openresty通过yum安装
在 /etc/yum.repos.d/ 下新建 OpenResty.repo 内容
[openresty]
name=Official OpenResty Repository
baseurl=https://copr-be.cloud.fedoraproject.org/results/openresty/openresty/epel-$releasever-$basearch/
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/openresty/openresty/pubkey.gpg
enabled=1
enabled_metadata=1
安装
yum install openresty -y
默认会安装到 /usr/local/openresty/ 目录下, 目录下包含了 luajit, lualib, nginx, openssl, pcre, zlib 这些组件
安装ngx_lua_waf模块
详见大佬的github https://github.com/loveshell/ngx_lua_waf
下载waf模块
wget https://github.com/loveshell/ngx_lua_waf/archive/v0.7.2.tar.gz
tar zxf v0.7.2.tar.gz
mv ngx_lua_waf-0.7.2 waf
ln -s /usr/local/openresty/lualib /usr/local/lib/lua
ln -s /usr/local/openresty/lualib/resty /usr/local/openresty/nginx/conf/waf/resty
将其放在安装好的/usr/local/ openresty /nginx下面的conf下,然后切换到nginx的安装目录找到conf/nginx.conf配置,在http配置下加入 如下配置,其中的/usr/local/openresty /nginx/conf/waf改为实际安装目录。
lua_package_path "/usr/local/openresty /nginx/conf/waf /?.lua";
lua_shared_dict limit 10m; #开启拦截cc攻击时需要设置此值
init_by_lua_file/usr/local/openresty /nginx/conf/waf /init.lua;
access_by_lua_file /usr/local/openresty /nginx/conf/waf /waf.lua;#控制访问的规则
重启nginx。
Nginx 启动
切换到 /usr/local/openresty/nginx
sbin/nginx
重启 nginx sbin/nginx -s reload
倘若waf不起作用检查,/usr/local/ openresty /nginx/waf/config.lua 此文件的第一行
RulePath = "/usr/local/openresty/nginx/conf/waf/wafconf/" 表示规则的路径。检查其路径是否配置的为刚才安装的waf下的wafconf