- 下载镜像源
wget https://openresty.org/package/centos/openresty.repo
sudo mv openresty.repo /etc/yum.repos.d/
sudo yum check-update
出现警告:按要求执行:
yum-config-manager --save --setopt=percona-release-x86_64.skip_if_unavailable=true
2. 下载openresty
sudo yum install -y openresty
3. 安装openresy-resty命令行工具
sudo yum install -y openresty-resty
4. cd 至用户目录,下载waf
git clone https://github.com/unixhot/waf.git
cp -a ./waf/waf /usr/local/openresty/nginx/conf/
5. 创建软连接【重要!!!】
ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty
6. 查看waf/config.lua中的path是否正确
7. 进行复制原始nginx配置文件及文件夹(nginx.conf 及 项目域名配置.conf)
8. 测试openresy的nginx是否正常
openresty -t
nginx: [emerg] module "/usr/lib64/nginx/modules/ngx_http_geoip_module.so" version 1012002 instead of 1021004 in /usr/share/nginx/modules/mod-http-geoip.conf:1
解决:
注释次模块引入,先观察观察x天后,注释对原有nginx业务不产生影响;
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/openresty/nginx/conf/sites/xxxx.conf:5
nginx: the configuration file /usr/local/openresty/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test is successful
解决:
注释ssl on;
#ssl on;
9. nginx.conf引入waf代码
http{
#WAF
lua_shared_dict limit 50m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
....
10. 检测 ok
openresty -t
nginx: the configuration file /usr/local/openresty/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test is successful
11. 配置白名单
01.项目业务ip白名单,不受cc控制;
02.更改CC防护:600000/60
备注:尽量前期调高cc后期慢慢缩减
12. 隐藏waf和nginx的版本号:
http{
#隐藏nginx版本号
server_tokens off;
.....
13. 所有确认无误后,关闭原始nginx切换至openrestry
12. 进行杀死nginx && 启动 openresty
pkill nginx && openresty
至此所有步骤完结,希望能对大家有帮助!!
![linux-svn卸载与安装[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)