首先参考
https://heapdump.cn/article/4978591
1.官网下载nginx源码包(nginx-1.20.0.tar.gz)
新建nginx安装目录mkdir -p /opt/nginx新增nginx运行用户
useradd -s /sbin/nologin -M nginx
2.安装依赖
yum -y install wget unzip gcc gcc-c++ make automake autoconf pcre pcre-devel zlib zlib-devel openssl openssl-devel libtool
3.安装lua相关包(waf配置需要)
下载luajit 2.0并安装
wget http://luajit.org/download/LuaJIT-2.0.5.tar.gztar -xf tar -zxvf LuaJIT-2.0.5.tar.gzcd LuaJIT-2.0.5make && make install
安装ngx_devel_kit(nginx development kit)模块是一个拓展nginx服务器核心功能的模块,第三方模块开发可以基于它来快速实现。
wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.0.tar.gztar -xf ngx_devel_kit-0.3.0.tar.gz #nginx编译安装时需要此模块安装nginx_lua_moduletar -xf lua-nginx-module-0.10.13.tar.gz #nginx编译安装时需要此模块
4.导入环境变量:
echo "export LUAJIT_LIB=/usr/local/lib" >> /etc/profileecho "export LUAJIT_INC=/usr/local/include/luajit-2.0" >> /etc/profilesource /etc/profile
5.nginx编译安装
tar -zxvf nginx-1.20.0.tar.gzcd nginx-1.20.0./configure --prefix=/opt/nginx --user=nginx --group=nginx --add-module=/root/ngx_devel_kit-0.3.0 --add-module=/root/lua-nginx-module-0.10.13 --with-ld-opt="-Wl,-rpath,$LUAJIT_LIB"make && make installcd ../chown -R nginx:nginx nginx
新建/opt/nginx/logs/hack/攻击日志目录,并赋予nginx用户对该目录的写入权限。
mkdir -p /opt/nginx/logs/hack/chown -R nginx.nginx /opt/nginx/logs/hack/chmod -R 755 /opt/nginx/logs/hack/
6.下载安装waf
wget https://github.com/loveshell/ngx_lua_waf/archive/master.zipunzip master.zip -d /opt/nginx/conf/cd /opt/nginx/conf/ mv ngx_lua_waf-master wafchown -R nginx:nginx waf/
7.nginx配置如下
lua_package_path "/opt/nginx/conf/waf/?.lua";lua_shared_dict limit 10m;init_by_lua_file /opt/nginx/conf/waf/init.lua;access_by_lua_file /opt/nginx/conf/waf/waf.lua;
配置config.lua里的waf规则目录(一般在waf/conf/目录下):
cd /opt/nginx/conf/waf/confvim config.lua
8.启动nginx服务完成配置