0x01 前言

有时在使用nginx测试时需要用到基于Lua所编写的程序,但使用nginx单独编译Lua又过于麻烦。在经过一番 Google后发现新大陆:OpenResty

0x02 准备

#新建文件夹
[[email protected] ~]# mkdir -p codex/openresty

#进入文件夹
[[email protected] ~]# cd codex/openresty/

#下载文件
[[email protected] openresty]# wget https://openresty.org/download/openresty-1.11.2.2.tar.gz

#解压文件
[[email protected] openresty]# tar zxvf openresty-1.11.2.2.tar.gz

#进入源文件夹
[[email protected] openresty]# cd openresty-1.11.2.2/

0x03 编译安装

绝大多数组件已经包含在OpenResty中,但有一些组件需要手动添加编译参数,请参考以下链接:

另外OpenResty是基于Nginx所开发的,所以支持所有Nginx组件,手动添加编译参数即可:

#configure
[[email protected] openresty-1.11.2.2]# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --with-luajit --with-http_gunzip_module --with-pcre --with-pcre-jit --with-http_perl_module --with-ld-opt="-Wl,-E" --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-select_module --with-poll_module --with-file-aio --with-http_degradation_module --with-libatomic --http-client-body-temp-path=/var/tmp/nginx/client_body --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi

#编译
[[email protected] openresty-1.11.2.2]# make

#安装
[[email protected] openresty-1.11.2.2]# make install

通过以下命令检查安装情况:

[[email protected] ~]# nginx -v
nginx version: openresty/1.11.2.2

openresty 1.11.2 是基于Nginx 1.11.2所开发的,这个可以参考openresty各个版本的ChangeLog,以下是openresty 1.11.2的ChangeLog:

0x04 配置

新建nginx临时文件夹:

[[email protected] ~]# mkdir -p /var/tmp/nginx

修改nginx主配置文件:

user                                    nginx;
pid                                     /var/run/nginx.pid;

worker_processes                        2;
worker_rlimit_nofile                    65534;

events {
    use                                 epoll;
    worker_connections                  65534;
    multi_accept                        on;
}

http {
    client_body_buffer_size             16k;
    client_body_timeout                 30s;
    client_header_buffer_size           2k;
    large_client_header_buffers         4 16k;
    client_header_timeout               30s;
    client_max_body_size                8m;
    keepalive_timeout                   300;
    output_buffers                      2 16k;
    send_timeout                        60s;
    server_names_hash_bucket_size       128;
    reset_timedout_connection           on;

#gzip
    gzip on;
    gzip_min_length                     512;
    gzip_buffers                        16 4k;
    gzip_comp_level                     4;
    gzip_proxied                        any;

#cache
    open_file_cache                     max=204800 inactive=60s;
    open_file_cache_errors              on;
    open_file_cache_min_uses            1;
    open_file_cache_valid               60s;

#proxy
    proxy_buffer_size                   32k;
    proxy_buffers                       8 32k;
    proxy_busy_buffers_size             32k;
    proxy_cache_path                    /var/tmp/nginx/proxy_cache levels=1:2 keys_zone=content:200m inactive=30d max_size=10g;
    proxy_cache_path                    /var/tmp/nginx/proxy_cache/enginx levels=1:2 keys_zone=enginx:200m inactive=30d max_size=10g;
    proxy_cache_key                     $host$proxy_host$uri$is_args$args;
    proxy_connect_timeout               60s;
    proxy_read_timeout                  300s;
    proxy_send_timeout                  300s;
    proxy_temp_file_write_size          32k;
    proxy_temp_path                     /var/tmp/nginx/proxy_temp;
    proxy_set_header                    Host $host;
    proxy_set_header                    X-Real-IP $remote_addr;
    proxy_set_header                    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header                    X-Scheme $scheme;
    proxy_set_header                    Accept-Encoding '';
    real_ip_header                      X-Forwarded-For;

#log
    log_format main                    '$remote_addr - $remote_user [$time_local] "$request" $http_host ' 
                                        '$status $body_bytes_sent "$http_referer" '
                                        '"$http_user_agent" "$http_x_forwarded_for" '
                                        '$upstream_addr $upstream_status $upstream_cache_status "$upstream_http_content_type" $upstream_response_time > $request_time';

    open_log_file_cache                 max=204800 inactive=20s valid=1m min_uses=1;
    error_log                           /var/log/nginx/error.log error;

#host configure file
    include                             /usr/local/nginx/conf.d/*.ngx.conf;

#main configure
    server_tokens                       off;
    sendfile                            off;
    tcp_nopush                          on;
    tcp_nodelay                         off;
    charset                             utf-8;
    include                             /usr/local/nginx/mime.types;
    default_type                        text/html;
}

新建vhost目录:

[[email protected] ~]# mkdir /usr/local/nginx/conf.d

新建vhost:

server {

    listen                  80;

    server_name             www.web-t1.t.com;

    return 301 http://web-t1.t.com$request_uri;

}

server {

    listen                  80;

    server_name             web-t1.t.com;

    root                    /usr/local/html/web-t1.t.com/public_html/;

    access_log              /usr/local/html/web-t1.t.com/logs/ngx_access.log main;

    location / {

        index               index.html;

    }

}

0x05 启动、重启与关闭

启动并不会返还任何内容,如果遇到错误则会返还错误信息。通过以下命令启动nginx:

[[email protected] ~]# nginx

通过以下命令重新加载,在重新加载之前请先测试配置文件是否合规:

#检查配置文件合规性
[[email protected] ~]# nginx -t
nginx: the configuration file /usr/local/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/nginx.conf test is successful

#重新加载
[[email protected] ~]# nginx -s reload

通过以下命令停止nginx:

[[email protected] ~]# nginx -s quit

0x06 结语

如果有需要,还可以参考以下文章安装naxsi:

0x07 相关视频

  • EP10 – Centos7 编译安装OpenRest (nginx) 与初始配置

https://www.bilibili.com/video/av11101929/