OpenResty(nginx扩展)整合HttpGuard学习与安装配置，openrestyhttpguard

OpenResty(nginx扩展)整合HttpGuard学习与安装配置，openrestyhttpguard

#OpenResty安装部署

[root@localhost opt]# yum install -y gcc gcc-c++ readline-devel pcre-devel openssl-devel tcl perl
[root@localhost opt]# wget http://openresty.org/download/ngx_openresty-1.7.4.1.tar.gz
[root@localhost opt]# tar -zxvf ngx_openresty-1.7.4.1.tar.gz
[root@localhost opt]# cd ngx_openresty-1.7.4.1
[root@localhost opt]# ./configure
[root@localhost opt]# make && make install

#如果没有报错，就应该没问题，默认安装路径如下/usr/local/openresty/路径中

#设置Nginx为服务和开机启动

[root@localhost opt]vi /etc/rc.d/init.d/nginx

#!/bin/bash
# Tengine Startup script# processname: nginx
# chkconfig: - 85 15
# description: nginx is a World Wide Web server. It is used to serve
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/openresty/nginx/sbin/nginx
nginx_config=/usr/local/openresty/nginx/conf/nginx.conf
nginx_pid=/usr/local/openresty/nginx/logs/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "tengine already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /usr/local/nginx/logs/nginx.pid
}
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;

status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac
exit $RETVAL

[root@localhost opt]#chmod 775 /etc/rc.d/init.d/nginx   #赋予文件执行权限
[root@localhost opt]#chkconfig  --level 012345 nginx on   #设置开机启动
[root@localhost opt]#service nginx start

#安装HttpGuard,HttpGuard是基于openresty,以lua脚本语言开发的防cc攻击软件

[root@localhost www]# cd /data/www
[root@localhost www]# wget --no-check-certificate https://github.com/centos-bz/HttpGuard/archive/master.zip
[root@localhost www]# unzip master.zip
[root@localhost www]# mv HttpGuard-master waf

#生成验证码图片(可选),生成验证码图片需要系统安装有php，以及php-gd模块

[root@localhost www]#cd /data/www/waf/captcha/
[root@localhost www]#/usr/local/php/bin/php getImg.php

#修改nginx.conf配置文件,向http区块输入如下代码

lua_package_path "/data/www/waf/?.lua";
lua_shared_dict guard_dict 100m;
lua_shared_dict dict_captcha 70m;
init_by_lua_file '/data/www/waf/init.lua';
access_by_lua_file '/data/www/waf/runtime.lua';
lua_max_running_timers 1;

#配置HttpGuard,配置项都在config.lua

参考：http://www.cnblogs.com/kgdxpr/p/3550633.html

            https://www.centos.bz/2012/12/openresty-nginx-block-cc-attack-deploy/