OpenResty 是一款基于 NGINX 和 LuaJIT 的 Web 平台
一、安装环境
根据官网教程,macos我们只需要一行命令就可以开心的安装openresty (brew install openresty/brew/openresty)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 ➜ sshkey brew untap homebrew/nginx Error: No available tap homebrew/nginx. ➜ sshkey brew install openresty/brew/openresty Updating Homebrew... ==> Tapping openresty/brew Cloning into '/usr/local/Homebrew/Library/Taps/openresty/homebrew-brew' ... remote: Enumerating objects: 72, done . remote: Counting objects: 100% (72/72), done . remote: Compressing objects: 100% (71/71), done . remote: Total 72 (delta 1), reused 32 (delta 1), pack-reused 0 Unpacking objects: 100% (72/72), done . Tapped 62 formulae (162 files, 132.9KB). ==> Installing openresty from openresty/brew ==> Installing dependencies for openresty/brew/openresty: openresty/brew/openresty-openssl and geoip ==> Installing openresty/brew/openresty dependency: openresty/brew/openresty-openssl ==> Downloading https://www.openssl.org/source /openssl-1.1.0h.tar.gz ==> Downloading https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-1.1.0d-s ==> Patching ==> Applying openssl-1.1.0d-sess_set_get_cb_yield.patch patching file include/openssl/bio.h Hunk patching file include/openssl/ssl.h Hunk Hunk Hunk Hunk patching file ssl/bio_ssl.c Hunk Hunk Hunk patching file ssl/ssl_lib.c Hunk patching file ssl/ssl_sess.c Hunk Hunk patching file ssl/statem/statem.c Hunk Hunk patching file ssl/statem/statem.h patching file ssl/statem/statem_srvr.c Hunk patching file util/libssl.num ==> perl ./Configure --prefix=/usr/local /Cellar/openresty-openssl/1.1.0h_1 --openssldir=/usr/local /et ==> make ==> make install MANDIR=/usr/local /Cellar/openresty-openssl/1.1.0h_1/share/man MANSUFFIX=ssl ==> Caveats openresty-openssl is keg-only, which means it was not symlinked into /usr/local , because only for use with OpenResty. If you need to have openresty-openssl first in your PATH run: echo 'export PATH="/usr/local/opt/openresty-openssl/bin:$PATH"' >> ~/.zshrc For compilers to find openresty-openssl you may need to set : export LDFLAGS="-L/usr/local/opt/openresty-openssl/lib" export CPPFLAGS="-I/usr/local/opt/openresty-openssl/include" For pkg-config to find openresty-openssl you may need to set : export PKG_CONFIG_PATH="/usr/local/opt/openresty-openssl/lib/pkgconfig" ==> Summary � /usr/local /Cellar/openresty-openssl/1.1.0h_1: 6,583 files, 15.6MB, built in 5 minutes 43 seconds ==> Installing openresty/brew/openresty dependency: geoip ==> Downloading https://homebrew.bintray.com/bottles/geoip-1.6.12.high_sierra.bottle.tar.gz ==> Pouring geoip-1.6.12.high_sierra.bottle.tar.gz � /usr/local /Cellar/geoip/1.6.12: 18 files, 548.9KB ==> Installing openresty/brew/openresty ==> Downloading https://openresty.org/download/openresty-1.13.6.2.tar.gz ==> ./configure --prefix=/usr/local /Cellar/openresty/1.13.6.2 --pid-path=/usr/local /var/run/openresty ==> make ==> make install ==> Caveats To have launchd start openresty/brew/openresty now and restart at login: brew services start openresty/brew/openresty Or, if you don't want/need a background service you can just run: openresty ==> Summary � /usr/local/Cellar/openresty/1.13.6.2: 293 files, 6.3MB, built in 1 minute 26 seconds ==> Caveats ==> openresty-openssl openresty-openssl is keg-only, which means it was not symlinked into /usr/local, because only for use with OpenResty. If you need to have openresty-openssl first in your PATH run: echo ' export PATH="/usr/local/opt/openresty-openssl/bin:$PATH " ' >> ~/.zshrc For compilers to find openresty-openssl you may need to set: export LDFLAGS="-L/usr/local/opt/openresty-openssl/lib" export CPPFLAGS="-I/usr/local/opt/openresty-openssl/include" For pkg-config to find openresty-openssl you may need to set: export PKG_CONFIG_PATH="/usr/local/opt/openresty-openssl/lib/pkgconfig" ==> openresty To have launchd start openresty/brew/openresty now and restart at login: brew services start openresty/brew/openresty Or, if you don' t want/need a background service you can just run: openresty ➜ sshkey brew services start openresty/brew/openresty ==> Tapping homebrew/services Cloning into '/usr/local/Homebrew/Library/Taps/homebrew/homebrew-services' ... remote: Enumerating objects: 14, done . remote: Counting objects: 100% (14/14), done . remote: Compressing objects: 100% (10/10), done . remote: Total 14 (delta 0), reused 9 (delta 0), pack-reused 0 Unpacking objects: 100% (14/14), done . Tapped 1 command (43 files, 55.6KB). ==> Successfully started `openresty` (label: homebrew.mxcl.openresty) ➜ sshkey sudo find / -name nginx Password: /usr/local /bin/nginx /usr/local /etc/nginx /usr/local /var/homebrew/linked/nginx /usr/local /var/log /nginx /usr/local /var/run/nginx /usr/local /opt/nginx /usr/local /Cellar/openresty/1.13.6.2/pod/nginx /usr/local /Cellar/openresty/1.13.6.2/nginx /usr/local /Cellar/openresty/1.13.6.2/nginx/sbin/nginx=====> this is you need add nginx path /usr/local /Cellar/nginx /usr/local /Cellar/nginx/1.15.5/bin/nginx /usr/local /Cellar/nginx/1.15.5/.bottle/etc/nginx /usr/local /Cellar/nginx/1.15.5/.bottle/var/log /nginx ^C sudo vim ~/.bash_profile ➜ sshkey nginx -v nginx version: nginx/1.15.5 ➜ sshkey brew uninstall nginx Uninstalling /usr/local /Cellar/nginx/1.15.5... (23 files, 1.4MB) ➜ sshkey nginx zsh: command not found: nginx ➜ sshkey source ~/.bash_profile ➜ sshkey nginx -v nginx version: openresty/1.13.6.2 ➜ sshkey history | grep nginx-https.conf 2821* touch nginx-https.conf 2822* vim nginx-https.conf 2825* sudo nginx -c /Users/weiqian/sshkey/nginx-https.conf 2831* sudo nginx -c /Users/weiqian/sshkey/nginx-https.conf 2833* sudo nginx -c /Users/weiqian/sshkey/nginx-https.conf 2834* vim nginx-https.conf 2836* sudo nginx -c /Users/weiqian/sshkey/nginx-https.conf 2847* open nginx-https.conf ➜ sshkey history | grep stop 2594 nginx -s stop -c /usr/local /etc/nginx/nginx.conf 2719* nginx -s stop 2824* sudo nginx -s stop 2832* sudo nginx -s stop 2835* sudo nginx -s stop ➜ sshkey sudo nginx -s stop nginx: [error] invalid PID number "" in "/usr/local/var/run/openresty.pid" ➜ sshkey sudo nginx -t -c /Users/weiqian/sshkey/nginx-https.conf nginx: the configuration file /Users/weiqian/sshkey/nginx-https.conf syntax is ok nginx: configuration file /Users/weiqian/sshkey/nginx-https.conf test is successful ➜ sshkey sudo nginx -c /Users/weiqian/sshkey/nginx-https.conf Password: nginx: [emerg] bind () to 0.0.0.0:80 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:443 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:80 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:443 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:80 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:443 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:80 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:443 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:80 failed (48: Address already in use) nginx: [emerg] bind () to 0.0.0.0:443 failed (48: Address already in use) nginx: [emerg] still could not bind () ➜ sshkey sudo lsof -i 4tcp:8080 ➜ sshkey sudo ps aux | grep nginx weiqian 12641 1.8 0.0 4286184 920 s004 S+ 12:59上午 0:00.01 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn nginx root 90055 0.0 0.0 4299904 1404 ?? S 11:49下午 0:00.02 nginx: worker process root 90054 0.0 0.0 4291212 200 ?? Ss 11:49下午 0:00.00 nginx: master process nginx -c /Users/weiqian/sshkey/nginx-https.conf ➜ sshkey sudo kill -9 90054 ➜ sshkey sudo kill -9 90055 ➜ sshkey sudo ps aux | grep nginx weiqian 12677 0.0 0.0 4276968 900 s004 S+ 12:59上午 0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn nginx ➜ sshkey sudo nginx -s stop nginx: [error] invalid PID number "" in "/usr/local/var/run/openresty.pid" ➜ sshkey sudo nginx -c /Users/weiqian/sshkey/nginx-https.conf
测试的nginx文件配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 user root owner;worker_processes 1 ;events { worker_connections 1024 ; } http{ server{ listen 80 ; server_name www.example.com; root /Users/weiqian/sshkey; location / { return 301 https://$host $request_uri ; } location /test-lua { default_type text/html; content_by_lua ' ngx.say("<p>hello, world</p>") ' ; } } server { listen 443 ssl; server_name www.example.com; root /Users/weiqian/sshkey; ssl_certificate /Users/weiqian/sshkey/demoCA/www.example.com.crt; ssl_certificate_key /Users/weiqian/sshkey/demoCA/www.example.com.key; location / { index index.html; } location /produk-digital/m { try_files $uri /digital-product/m/index.html; } location = /digital-product/m/index.html { alias /Users/weiqian/sshkey/index.html; } } }
访问http://www.example.com/test-lua页面显示hello world说明我们lua环境配置正确可以,开始编写lua脚本了
二、lua脚本配置关闭http链接,所有链接跳转到https
lua的nginx模块具体代码如下
1 2 3 4 5 access_by_lua_block { if ngx.var.scheme == 'http' then return ngx.redirect ("https://" .. ngx.var.host .. ngx.var.request_uri) end }
修改后的本地测试实栗
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 user root owner;worker_processes 1 ;events { worker_connections 1024 ; } http{ server { listen 80 ; listen 443 ssl http2; <版权声明: 本博客所有文章除特别声明外,均采用 null 许可协议。转载请注明来自 安全书 !
