openresty使用
docker.io/openresty/openresty:latest
sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list
/etc/openresty/nginx.conf
/etc/nginx/conf.d/default.conf
docker cp ./default.conf opresty:/etc/nginx/conf.d/default.conf
access_by_lua_file:指定一个 Lua 文件,在 access 阶段执行该文件中的 Lua 代码。
content_by_lua_block:在 content 阶段执行一段 Lua 代码块。
content_by_lua_file:指定一个 Lua 文件,在 content 阶段执行该文件中的 Lua 代码。
header_filter_by_lua_block:在 header_filter 阶段执行一段 Lua 代码块,用于修改响应头。
header_filter_by_lua_file:指定一个 Lua 文件,在 header_filter 阶段执行该文件中的 Lua 代码。
body_filter_by_lua_block:在 body_filter 阶段执行一段 Lua 代码块,用于修改响应体。
body_filter_by_lua_file:指定一个 Lua 文件,在 body_filter 阶段执行该文件中的 Lua 代码。
log_by_lua_block:在 log 阶段执行一段 Lua 代码块,用于自定义日志记录。
log_by_lua_file:指定一个 Lua 文件,在 log 阶段执行该文件中的 Lua 代码
vscode扩展
# 适用于nginx语言环境, 可以格式化
hangxingliu.vscode-nginx-conf-hint
限流demo https://opm.openresty.org/package/openresty/lua-resty-limit-traffic
# nginx.vh.default.conf -- docker-openresty
#
# This file is installed to:
# `/etc/nginx/conf.d/default.conf`
#
# It tracks the `server` section of the upstream OpenResty's `nginx.conf`.
#
# This config (and any other configs in `etc/nginx/conf.d/`) is loaded by
# default by the `include` directive in `/usr/local/openresty/nginx/conf/nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#
# 设置限流空间
lua_shared_dict my_limit_req_store 100m;
server {
listen 8099;
#server_name localhost;
#charset koi8-r;
access_log /tmp/host.access2.log;
error_log /tmp/error2.log;
location / {
content_by_lua_block {
error_log file [level];
}
access_by_lua_block {
local limit_req = require "resty.limit.req"
-- req/sec, and reject any requests exceeding 300 req/sec.
local lim, err = limit_req.new("my_limit_req_store", 1, 5)
if not lim then
ngx.say("lim error")
return ngx.exit(500)
end
-- the following call must be per-request.
-- here we use the remote (IP) address as the limiting key
local key = ngx.var.binary_remote_addr
local delay, err = lim:incoming(key, true)
if not delay then
if err == "rejected" then
ngx.say("rejected 503")
return ngx.exit(503)
end
ngx.say(err)
return ngx.exit(500)
end
-- 延迟
-- if delay >= 0.001 then
-- the 2nd return value holds the number of excess requests
-- per second for the specified key. for example, number 31
-- means the current request rate is at 231 req/sec for the
-- specified key.
-- local excess = err
-- the request exceeding the 200 req/sec but below 300 req/sec,
-- so we intentionally delay it here a bit to conform to the
-- 200 req/sec rate.
-- ngx.sleep(delay)
-- end
}
root /usr/local/openresty/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/openresty/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root /usr/local/openresty/nginx/html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
使用防火墙 registry.cn-hangzhou.aliyuncs.com/jcleng/openresty-waf:latest
# 防火墙: https://github.com/codiy1992/lua-resty-waf
### 获取配置
GET http://adhome.2011101.xyz:1122/waf/config
Authorization: Basic d2FmOlRUcHNYSHRJNW13cQ==
### 更新规则和配置
POST http://adhome.2011101.xyz:1122/waf/config
Authorization: Basic d2FmOlRUcHNYSHRJNW13cQ==
Content-Type: application/json