- 下載下傳鏡像源
wget https://openresty.org/package/centos/openresty.repo
sudo mv openresty.repo /etc/yum.repos.d/
sudo yum check-update
出現警告:按要求執行:
yum-config-manager --save --setopt=percona-release-x86_64.skip_if_unavailable=true
2. 下載下傳openresty
sudo yum install -y openresty
3. 安裝openresy-resty指令行工具
sudo yum install -y openresty-resty
4. cd 至使用者目錄,下載下傳waf
git clone https://github.com/unixhot/waf.git
cp -a ./waf/waf /usr/local/openresty/nginx/conf/
5. 建立軟連接配接【重要!!!】
ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty
6. 檢視waf/config.lua中的path是否正确
7. 進行複制原始nginx配置檔案及檔案夾(nginx.conf 及 項目域名配置.conf)
8. 測試openresy的nginx是否正常
openresty -t
nginx: [emerg] module "/usr/lib64/nginx/modules/ngx_http_geoip_module.so" version 1012002 instead of 1021004 in /usr/share/nginx/modules/mod-http-geoip.conf:1
解決:
注釋次子產品引入,先觀察觀察x天後,注釋對原有nginx業務不産生影響;
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/openresty/nginx/conf/sites/xxxx.conf:5
nginx: the configuration file /usr/local/openresty/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test is successful
解決:
注釋ssl on;
#ssl on;
9. nginx.conf引入waf代碼
http{
#WAF
lua_shared_dict limit 50m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
....
10. 檢測 ok
openresty -t
nginx: the configuration file /usr/local/openresty/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test is successful
11. 配置白名單
01.項目業務ip白名單,不受cc控制;
02.更改CC防護:600000/60
備注:盡量前期調高cc後期慢慢縮減
12. 隐藏waf和nginx的版本号:
http{
#隐藏nginx版本号
server_tokens off;
.....
13. 所有确認無誤後,關閉原始nginx切換至openrestry
12. 進行殺死nginx && 啟動 openresty
pkill nginx && openresty
至此所有步驟完結,希望能對大家有幫助!!
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)