环境:Centos6.5
2.安装Luagit
# cd /root/ # wget http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz # tar -xvf LuaJIT-2.1.0-beta3.tar.gz # cd LuaJIT-2.1.0-beta3/ # make && make install # ln -sf luajit-2.1.0-beta3 /usr/local/bin/luajit
3.Github下载ngx_lua_waf
cd /root/
git clone https://github.com/loveshell/ngx_lua_waf.git git下载 | 去官网下载安装包后通过ftp工具上传后解压
未安装git就先安装 yum install git
4.配置ngx_lua_waf,修改openresty配置文件
# vim /usr/local/openresty/nginx/conf/nginx.conf ... user nobody; # 取消注释,或者指定用户,如 user root; ... http{ # 在http块下添加如下内 ... lua_package_path "/root/waf/?.lua"; lua_shared_dict limit 10m; init_by_lua_file /root/waf/init.lua; access_by_lua_file /root/waf/waf.lua; ...
5.新建waf的日志目录
cd /usr/local/openresty/nginx/logs
mkdir hack
chown -R nobody:nobody /usr/local/openresty/nginx/logs/hack/
6.修改ngx_lua_waf配置
# cd /root/waf/ # ngx_lua_waf目录 # vim config.lua ... RulePath = "/root/waf/wafconf/" # 规则文件路径 attacklog = "on" # 启用日志 logdir = "/usr/local/openresty/nginx/logs/hack/" # 日志目录 ...
7.启动openresty
# /usr/local/openresty/bin/openresty # 如果没有启动服务,则启动 # /usr/local/openresty/bin/openresty -s reload # 如果已经启动,则重载配置 # /usr/local/openresty/bin/openresty -t # 测试配置是否正常
或者
./usr/local/openresty/nginx/sbin/nginx
启动时我遇到的问题:
1.错误原因是找不到lualib库和resty模块,默认到/usr/local/lib/ 去找lualib,然而在编译安装OpenResty时lualib库默认放到/usr/local/openresty/lualib
具体操作:
ln -s /usr/local/openresty/lualib /usr/local/lib/lua ln -s /usr/local/openresty/lualib/resty /root/waf/
ln -s /usr/local/openresty/lualib/resty /root/waf/resty
2. 访问openresty首页时,总是404,查看nginx的error.log日志发现,没权限访问:
2020/04/16 17:10:15 [error] 23775#0: *1 failed to load external Lua file "/root/waf/waf.lua": cannot open /root/waf/waf.lua: Permission denied
修改nginx.conf文件中的 user nobody 为具体用户
#user nobody;
user root;
继续访问首页:
http://openresty的IP地址/?id=x.sql
部署成功!!!