首先参考

https://heapdump.cn/article/4978591

1.官网下载nginx源码包(nginx-1.20.0.tar.gz)

新建nginx安装目录​mkdir -p /opt/nginx​新增nginx运行用户

​useradd -s /sbin/nologin -M nginx

2.安装依赖

yum -y install wget unzip gcc gcc-c++ make automake autoconf pcre pcre-devel zlib zlib-devel openssl openssl-devel libtool

3.安装lua相关包(waf配置需要)

下载luajit 2.0并安装


wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz​tar -xf tar -zxvf LuaJIT-2.0.5.tar.gz​cd LuaJIT-2.0.5​make && make install

安装ngx_devel_kit(nginx development kit)模块是一个拓展nginx服务器核心功能的模块,第三方模块开发可以基于它来快速实现。

wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.0.tar.gz​tar -xf ngx_devel_kit-0.3.0.tar.gz #nginx编译安装时需要此模块​安装nginx_lua_module​tar -xf lua-nginx-module-0.10.13.tar.gz #nginx编译安装时需要此模块

4.导入环境变量:

echo "export LUAJIT_LIB=/usr/local/lib" >> /etc/profileecho "export LUAJIT_INC=/usr/local/include/luajit-2.0" >> /etc/profilesource /etc/profile

5.nginx编译安装

tar -zxvf nginx-1.20.0.tar.gz​cd nginx-1.20.0​./configure --prefix=/opt/nginx --user=nginx --group=nginx --add-module=/root/ngx_devel_kit-0.3.0 --add-module=/root/lua-nginx-module-0.10.13 --with-ld-opt="-Wl,-rpath,$LUAJIT_LIB"​make && make install​cd ../​chown -R nginx:nginx nginx

新建/opt/nginx/logs/hack/攻击日志目录,并赋予nginx用户对该目录的写入权限。

mkdir -p /opt/nginx/logs/hack/​chown -R nginx.nginx /opt/nginx/logs/hack/​chmod -R 755 /opt/nginx/logs/hack/

6.下载安装waf


wget https://github.com/loveshell/ngx_lua_waf/archive/master.zip​unzip master.zip -d /opt/nginx/conf/​cd /opt/nginx/conf/ ​mv ngx_lua_waf-master waf​chown -R nginx:nginx waf/

7.nginx配置如下


lua_package_path "/opt/nginx/conf/waf/?.lua";lua_shared_dict limit 10m;init_by_lua_file  /opt/nginx/conf/waf/init.lua;access_by_lua_file /opt/nginx/conf/waf/waf.lua;

配置config.lua里的waf规则目录(一般在waf/conf/目录下):

cd /opt/nginx/conf/waf/conf​vim config.lua

 

8.启动nginx服务完成配置