参考文章:
1、tutorialspots.com/centos-8-in…
2、www.cnblogs.com/coolworld/p…
一、下载、安装nginx
nginx-1.22.1-1.el8.ngx.x86_64.rpm
二、下载所有依赖包
cd /usr/local/src
//nginx编译版本与本机安装的nginx相同(推荐nginx版本1.22.1)
NGINX_VERSION=$(nginx -v 2>&1 | awk -F/ '{print $2}')
wget https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz
// Downloading Lua
wget https://github.com/openresty/luajit2/archive/v2.1-20200102.tar.gz
// Downloading Nginx development kit
wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1.tar.gz
// Downloading Nginx Lua Module
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.15.tar.gz
// Downloading Resty Core
wget https://github.com/openresty/lua-resty-core/archive/v0.1.17.tar.gz
// Downloading Resty LRU Cache
wget https://github.com/openresty/lua-resty-lrucache/archive/v0.09.tar.gz
三、前期准备工作(install tar make gcc gcc-c++)
yum install tar
yum install make gcc gcc-c++
//离线包方案
yum install --downloadonly --downloaddir=/home/buildlong/so readline-devel
yum install --downloadonly --downloaddir=/home/buildlong/package/tar tar
yum install --downloadonly --downloaddir=/home/buildlong/package/make make
yum install --downloadonly --downloaddir=/home/buildlong/package/make make gcc gcc-c++
四、解压所有的tar.gz包
find . -type f -name '*.tar.gz' -exec tar -xzf {} \;
五、安装lua
cd luajit*
make
make install
/ /写入临时软连接路径
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.1
六、安装 Resty Core
cd ../lua-resty-core*
make install
cp -r /usr/local/src/luaShell/lua-resty-core-0.1.17/lib/resty/ /usr/local/share/lua/5.1/
七、安装Resty LRU Cache
cd ../lua-resty-lrucache*
make install
cp -r /usr/local/src/luaShell/lua-resty-lrucache-0.09/lib/resty/ /usr/local/share/lua/5.1/
八、下载 第三库
yum install -y pcre-devel zlib-devel openssl-devel
yum install -y libaio-devel
yum groupinstall 'Development Tools'
yum install -y libxslt-devel
yum install -y gd-devel
yum install perl-ExtUtils-Embed
离线包方案
yum --downloadonly --downloaddir=/home/buildlong/package/ groupinstall 'Development Tools'
yum install --downloadonly --downloaddir=/home/buildlong/package/ -y pcre-devel zlib-devel openssl-devel
yum install --downloadonly --downloaddir=/home/buildlong/package/ -y libaio-devel
yum install --downloadonly --downloaddir=/home/buildlong/package/ -y libxslt-devel
yum install --downloadonly --downloaddir=/home/buildlong/package/ -y gd-devel
yum install --downloadonly --downloaddir=/home/buildlong/package/ perl-ExtUtils-Embed
九、安装PCRE
wget -c https://sourceforge.net/projects/pcre/files/pcre/8.39/pcre-8.39.tar.gz/download
mv download pcre-8.39.tar.gz
tar zxf pcre-8.39.tar.gz
cd ../pcre-8.39
./configure
make
make install
十、修改编译指令
cd ../nginx*/
nginx -V
获取原始编译参数
添加 or 替换 --with-ld-opt
--with-ld-opt='-lpcre -Wl,-z,relro -Wl,-rpath,/usr/local/lib,-z,now -pie'
重点是 -lpcre -rpath,/usr/local/lib
参考如下编译参数
./configure --add-dynamic-module=../ngx_devel_kit-0.3.1 --add-dynamic-module=../lua-nginx-module-0.10.15 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-lpcre -Wl,-z,relro -Wl,-rpath,/usr/local/lib,-z,now -pie'
./configure --add-dynamic-module=../ngx_devel_kit-0.3.1 --add-dynamic-module=../lua-nginx-module-0.10.15 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-lpcre -Wl,-z,relro -Wl,-rpath,/usr/local/lib,-z,now -pie'
cd ..
sit场
./configure --add-dynamic-module=../ngx_devel_kit-0.3.1 --add-dynamic-module=../lua-nginx-module-0.10.15 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-lpcre -Wl,-rpath,/usr/local/lib,-z,now -pie'
GTOTP01场
./configure --add-dynamic-module=../ngx_devel_kit-0.3.1 --add-dynamic-module=../lua-nginx-module-0.10.15 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-lpcre -Wl,-rpath,/usr/local/lib,-z,now -pie'
GTOTP02
./configure --add-dynamic-module=../ngx_devel_kit-0.3.1 --add-dynamic-module=../lua-nginx-module-0.10.15 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-lpcre -Wl,-rpath,/usr/local/lib,-z,now -pie'
然后执行
make modules
十一、移动模块到对应路径下
mv objs/*.so /usr/lib64/nginx/modules
十二、启动lua
cd /etc/nginx
mkdir lua
chmod -R 777 lua/
将以下文件放入nginx.conf的http块上面
load_module modules/ndk_http_module.so;
load_module modules/ngx_http_lua_module.so;
将以下文件放入nginx.conf的http块中
http {
lua_package_path "/etc/nginx/lua/?.lua;;";
lua_shared_dict maintenance_page_cache_dev 10m;
lua_shared_dict maintenance_page_cache 128m;*
lua http 请求域名时不能带端口号,带端口号的请求只能使用ip
init_worker_by_lua_file /etc/nginx/lua/maintenance_page_timer.lua;
lua_shared_dict maintenance_page_cache_uat 10m;
limit_req_status 509;
limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=4r/s;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
cp ip.https.conf ip.https.conf.$(date +"%Y%m%d%H%M").back
将以下文件放入nginx.conf的 server 块中
server {
location ~.*\.(html)$ {
#default_type "text/html";
limit_req zone=ip_limit;
if ($uri ~ [A-Z]) {
rewrite_by_lua 'return ngx.exec(string.lower(ngx.var.uri),ngx.var.args)';*
}
#content_by_lua '
access_by_lua_block {
ngx.log(ngx.ERR," = is lang == ",lang)*
// 需要替换环境时,只需将下方maintenance_page_checker替换成相对应的配置文件,例如:maintenance_page_checker_uat*
*//详情请查看 : [lua多环境替换]()
local isMaintenance, redirectUrl =require("maintenance_page_checker"):checkMaintenance()*
if isMaintenance == 0 then
ngx.log(ngx.ERR," ==== lang ",redirectUrl,lang)*
ngx.exec("/f-internal",{forward=redirectUrl})*
end
}
root /home/porecm/por/;
index index.html index.htm;
}
location /f-internal {
proxy_pass https://172.18.224.15:8443/errorpage/$arg_forward;*
}
error_page 509 /509?uri=$uri;
location = /509 {
*#default_type text/plain;
*#return 200 '$args $arg_uri';*
*#charset utf-8;*
*set $lang en;*
*if ( $arg_uri ~ "/(en|tc|sc)/"){*
*set $lang $1;*
*}*
*proxy_pass https://127.0.0.1/errorpage/$lang/busy.html;*
*}*
*}*
nginx -t
nginx -s reload
单独用于测试的配置
将以下文件放入nginx.conf的http块上面
load_module modules/ndk_http_module.so;
load_module modules/ngx_http_lua_module.so;
将以下文件放入nginx.conf的http块中
http {
lua_package_path "/usr/local/lib/lua/?.lua;;";
}
cp ip.https.conf ip.https.conf.$(date +"%Y%m%d%H%M").back
将以下文件放入nginx.conf的 server 块中
server {
location = /lua {
content_by_lua 'ngx.say("hello lua")';
}
}
nginx -t
nginx -s reload
十三、安装cjson依赖
tar zxf lua-cjson-2.1.0.6.tar.gz
cd lua-cjson-2.1.0.6
curl https://127.0.0.1/lua -k
vi Makefile
可以用lua5.1或luajit进行编译,安装的是luajit,这里在PREFIX指定luajit的安装路径,LUA_INCLUDE_DIR为包含lua.h的路径
cjson版本2.1.0.6
安装cjson makefile
LUA_VERSION = 5.1
TARGET = cjson.so
PREFIX = /usr/local
#CFLAGS = -g -Wall -pedantic -fno-inline
CFLAGS = -O3 -Wall -pedantic -DNDEBUG
CJSON_CFLAGS = -fpic
CJSON_LDFLAGS = -shared
#LUA_INCLUDE_DIR ?= $(PREFIX)/include
#LUA_CMODULE_DIR ?= $(PREFIX)/lib/lua/$(LUA_VERSION)
LUA_CMODULE_DIR ?= $(PREFIX)/lib
LUA_MODULE_DIR ?= $(PREFIX)/share/lua/$(LUA_VERSION)
LUA_BIN_DIR ?= $(PREFIX)/bin
最后make install 或是make,然后手动拷备
paser_line=grep -n "LUA_CMODULE_DIR ?=" /mnt/d/AutomationScript/Makefile | awk -F: 'NR==1{print $1}'
paser_line=$(grep -n "LUA_CMODULE_DIR ?=" /mnt/d/AutomationScript/Makefile | awk -F: 'NR==1{print $1}')
echo "add custom user-agent code $parser success, location line:$paser_line. "
GTOTP01环境安装cjson
LUA_VERSION = 5.1
TARGET = cjson.so
PREFIX = /usr/local
#CFLAGS = -g -Wall -pedantic -fno-inline
CFLAGS = -O3 -Wall -pedantic -DNDEBUG
CJSON_CFLAGS = -fpic
CJSON_LDFLAGS = -shared
#LUA_INCLUDE_DIR ?= $(PREFIX)/include
#LUA_CMODULE_DIR ?= $(PREFIX)/lib/lua/$(LUA_VERSION)
LUA_INCLUDE_DIR ?= $(PREFIX)/include/luajit-2.1
LUA_CMODULE_DIR ?= $(PREFIX)/lib
LUA_MODULE_DIR ?= $(PREFIX)/share/lua/$(LUA_VERSION)
LUA_BIN_DIR ?= $(PREFIX)/bin
最后make install 或是make,然后手动拷备
cp cjson.so /usr/local/luajit2.0.4/lib/lua/5.1/
最后 service nginx restart
chown nginx:nginx -R /etc/nginx/lua
ll /etc/nginx/lua
chown nginx:nginx -R /etc/nginx/
chown nginx:nginx -R /usr/lib64/nginx/modules
ll /usr/lib64/nginx/modules
//草稿
docker run -itd -v /home/apj/por/buildlong:/home/buildlong --name centosTest --privileged centos
lua + nginx 部署问题集、解决办法
一、
location /f-internal {
//nginx重定向页面时,不能使用域名,只能使用ip,可带端口号;
proxy_pass https://172.18.224.15:8443/errorpage/$arg_forward;
//使用127.0.0.1做重定向时,端口号要与配置文件的端口号一致;
proxy_pass https://127.0.0.1:8443/errorpage/$arg_forward;
}
二、
/ lua http 请求域名时不能带端口号,带端口号的请求只能使用ip /
init_worker_by_lua_file /etc/nginx/lua/maintenance_page_timer.lua;
三、
/ 如若运行nginx出现找不到 croe.so、lrucache.so 则执行以下命令 /
cp -r /usr/local/src/lua-resty-core-0.1.17/lib/resty/ /usr/local/share/lua/5.1/resty/
cp -r /usr/local/src/lua-resty-lrucache-0.09/lib/resty/ /usr/local/share/lua/5.1/resty/
四、
/**
在 nginx.conf 中,http 块中,
lua http 请求域名时不能带端口号,带端口号的请求只能使用ip
**/
init_worker_by_lua_file /etc/nginx/lua/maintenance_page_timer.lua;
五、
在gics-02环境中出现修改lua脚本reload无效效的情况,建议每次修改lua文件重启nginx
六、
在nginx权限下启动nginx显示:nginx: lua atpanic: Lua VM crashed, reason: runtime code generation failed
解决办法:
if jit then
jit.off()
end
或者
require('jit').off()
