[关闭]
@zhangyy 2021-07-16T03:31:00.000000Z 字数 7716 阅读 673

openresty+lua+GeoIP编译配置部署

运维系列

一: openresty 简介

1.1 openresty 介绍

  1. OpenResty® 是一个基于 Nginx  Lua 的高性能 Web 平台,其内部集成了大量精良的 Lua 库、第三方模块以及大多数的依赖项。用于方便地搭建能够处理超高并发、扩展性极高的动态 Web 应用、Web 服务和动态网关。
  3. OpenResty® 通过汇聚各种设计精良的 Nginx 模块(主要由 OpenResty 团队自主开发),从而将 Nginx 有效地变成一个强大的通用 Web 应用平台。这样,Web 开发人员和系统工程师可以使用 Lua 脚本语言调动 Nginx 支持的各种 C 以及 Lua 模块,快速构造出足以胜任 10K 乃至 1000K 以上单机并发连接的高性能 Web 应用系统。
  5. OpenResty® 的目标是让你的Web服务直接跑在 Nginx 服务内部,充分利用 Nginx 的非阻塞 I/O 模型,不仅仅对 HTTP 客户端请求,甚至于对远程后端诸如 MySQLPostgreSQLMemcached 以及 Redis 等都进行一致的高性能响应。
  7. openresty 中文官网:
  8.       http://openresty.org/cn/

二:openresty 的部署安装

2.1 openresty 的编译安装

  1. 配置依赖包:
  2.    yum install pcre-devel openssl-devel gcc curl zlib-devel readline readline-devel\
  3. readline-devel libxslt-devel gd-devel \
  4. libevent libevent-devel

image_1famgc72luiqqt4eh17ebnpo9.png-138.5kB

  1. tar -zxvf openresty-1.19.3.1.tar.gz 
  2. cd openresty-1.19.3.1
  3. # 编译安装LuaJIT
  4. cd bundle/LuaJIT-2.1-20201027
  5. make clean && make && make install
  7. # 安装openresty  可根据自己需要启用模块
  9. ./configure \
  10. --prefix=/usr/local/openresty \
  11. --http-proxy-temp-path=//usr/local/openresty/proxy_temp \
  12. --http-fastcgi-temp-path=/usr/local/openresty/nginx/fastcgi_temp \
  13. --with-http_ssl_module \
  14. --with-threads \
  15. --with-file-aio \
  16. --with-http_ssl_module \
  17. --with-http_iconv_module \
  18. --with-http_realip_module \
  19. --with-http_gzip_static_module \
  20. --with-http_secure_link_module \
  21. --with-http_stub_status_module \
  22. --with-http_auth_request_module \
  23. --with-http_random_index_module \
  24. --with-http_image_filter_module
  26. make && make install

image_1famgrsbr741io11hop1o84h7cm.png-219.9kB

  1. 启动openresty:
  2.   cd /usr/local/openresty/nginx/
  3.   sbin/nginx

image_1famh02lp16fg1k0e1amb7jn1k0v13.png-100.2kB

image_1famh0u1uivb1r41g5t1llscl1g.png-84.4kB

image_1famh1jfr1af41668115cuiur741t.png-192.9kB

2.2 集成GeoIP2 模块

  1.  geoip2核心识别库
  2.  下载:libmaxminddb
  3.  https://github.com/maxmind/libmaxminddb/releases/tag/1.6.0
  4. 下载libmaxminddb-1.6.0.tar.gz 
  6. tar -xzf libmaxminddb-1.6.0.tar.gz
  7. cd libmaxminddb-1.3.2
  8. ./configure
  9. make
  10. make check
  11. sudo make install
  12. sudo ldconfig

image_1famhstqr1q3pq3q10311j3b10do2a.png-198.7kB

  1. geoip2-nginx模块
  2. 下载地址:
  3.    https://github.com/TravelEngineers/ngx_http_geoip2_module
  5.   git clone https://github.com/TravelEngineers/ngx_http_geoip2_module
  7.   从新编译openresty 增加 geoip2 模块
  9.   cd /root/openresty-1.19.3.1
  11. ./configure --prefix=/usr/local/openresty --with-http_stub_status_module  --with-http_realip_module --with-http_gzip_static_module  --add-module=/root/ngx_http_geoip2_module/
  13. make && make install

image_1famjc6av40kofv1mftegp25n2n.png-177.8kB

  1. geoip2 IP地址库下载:
  3.   下载地址:https://dev.maxmind.com/geoip/geoip2/geolite2/
  5.    注意GeoLite2 City GeoLite2 Country 2个文件都要下载。
  7.    下载选择:MaxMind DB binary, gzipped
  9.     GeoLite2-City.mmdb  GeoLite2-Country.mmdb 文件
  12.    mkdir -p /data/softwares/
  14.     GeoLite2-City.mmdb  GeoLite2-Country.mmdb 文件 放到/data/softwares/GeoIP 下面
  15.     # nginx加载使用geoip2数据库
  16.     geoip2 /data/softwares/GeoIP/GeoLite2-City.mmdb {
  17.         $geoip2_data_country_code source=$real_ip country iso_code;
  18.         $geoip2_data_country_name source=$real_ip country names en;
  19.         $geoip2_data_city_name source=$real_ip city names en;
  20.         $geoip2_data_province_name source=$real_ip subdivisions 0 names en;
  21.         $geoip2_data_province_isocode subdivisions 0 iso_code;
  22.     }
  24.     fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
  25.     fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
  26.     fastcgi_param CITY_NAME    $geoip2_data_city_name;
  27.     fastcgi_param PROVINCE_NMAE $geoip2_data_province_name;
  28. }
  1. nginx 配置文件
  3. /usr/local/openresty/nginx/conf
  4. vim nginx.conf
  5. ----
  6. user root root;
  7. worker_processes auto;
  8. worker_cpu_affinity auto;
  9. worker_rlimit_nofile 65535;
  11. daemon on;
  12. error_log /usr/local/openresty/nginx/logs/error.log warn;
  13. pid /usr/local/openresty/nginx/pid/nginx.pid;
  15. events {
  16.     use epoll;
  17.     worker_connections  65535;
  18. }
  20. # 开启环境变量
  21. env SPRING_PROFILES_ACTIVE=master;
  23. http {
  24.     # 加载lua库和动态库
  25.     lua_package_path  "/usr/local/openresty/lualib/?.lua;;";
  26.     lua_package_cpath  "/usr/local/openresty/lualib/?.so;;";
  28.     include mime.types;
  29.     default_type application/octet-stream;
  31.     charset utf-8;
  33.     log_format main '$remote_addr - $remote_user [$time_local] '
  34.                     '"$request" $status $body_bytes_sent '
  35.                     '"$http_referer" "$http_user_agent" '
  36.                     '"$http_x_forwarded_for" $host $request_time $upstream_response_time $scheme';
  38.     log_format main1 '$remote_addr|$remote_user|[$time_local]|$request|'
  39.                      '$status|$upstream_status|$body_bytes_sent|$http_referer|'
  40.                      '$http_user_agent|$request_time|$host|$upstream_addr|$request_body|$upstream_response_time';
  42.     log_format main3 '$http_x_forwarded_for|$remote_user|[$time_local]|$request|'
  43.                      '$status|$upstream_status|$body_bytes_sent|$http_referer|'
  44.                      '$http_user_agent|$request_time|$host|$upstream_addr|$request_body|$upstream_response_time';
  46.     log_format lua '$remote_addr|$remote_user|[$time_local]|$request|'
  47.                      '$status|$body_bytes_sent|$http_referer|'
  48.                      '$http_user_agent|$request_time|$host|$upstream_addr|$upstream_response_time';
  50.     log_format    main2  escape=json
  51.         '{"@timestamp":"$time_iso8601",'
  52.         '"host":"$hostname",'
  53.         '"server_ip":"$server_addr",'
  54.         '"client_ip":"$http_x_forwarded_for",'
  55.         '"xff":"$http_x_forwarded_for",'
  56.         '"domain":"$host",'
  57.         '"url":"$uri",'
  58.         '"referer":"$http_referer",'
  59.         '"args":"$args",'
  60.         '"upstreamtime":"$upstream_response_time",'
  61.         '"responsetime":"$request_time",'
  62.         '"request_method":"$request_method",'
  63.         '"status":"$status",'
  64.         '"size":"$body_bytes_sent",'
  65.         '"request_body":"$request_body",'
  66.         '"request_length":"$request_length",'
  67.         '"protocol":"$server_protocol",'
  68.         '"upstreamhost":"$upstream_addr",'
  69.         '"file_dir":"$request_filename",'
  70.         '"http_user_agent":"$http_user_agent"'
  71.      '}';    
  73.     #基础优化
  74.     server_tokens off;
  76.     sendfile on;
  77.     tcp_nopush on; 
  78.     tcp_nodelay on;
  80.     keepalive_timeout  65;
  81.     keepalive_requests 8192;
  83.     # gzip
  84.     gzip on;
  85.     gzip_min_length 1k;
  86.     gzip_buffers 4 16k;
  87.     gzip_comp_level 3;
  88.     gzip_types text/plain application/javascript  text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-httpd-php image/jpeg image/gif image/png;
  89.     gzip_vary on;
  91.     client_body_timeout 300;
  92.     client_header_timeout 300;
  93.     send_timeout 600;
  94.     reset_timedout_connection on;
  96.     client_max_body_size 50m;
  97.     #client_body_buffer_size 4096k;
  98.     client_body_buffer_size 8192k;
  100.     #client_header_buffer_size 4k;
  101.     #large_client_header_buffers 4 64k;
  102.     client_header_buffer_size 16k;
  103.     large_client_header_buffers 8 256k;
  105.     server_names_hash_bucket_size 512;
  107.     proxy_connect_timeout 600;
  108.     proxy_read_timeout 600;
  109.     proxy_send_timeout 600;
  111.     proxy_buffer_size  128k;
  112.     proxy_buffers   8 128k;
  113.     proxy_busy_buffers_size 256k;
  115.     output_buffers 1 32k;
  116.     postpone_output 1460;
  118.     open_file_cache max=65535 inactive=60s;
  119.     open_file_cache_valid    80s;
  120.     open_file_cache_min_uses 1;
  121.     open_file_cache_errors   on;
  123.     # fastcgi set
  124.     fastcgi_ignore_client_abort       on;
  125.     fastcgi_connect_timeout           300;
  126.     fastcgi_send_timeout              300;
  127.     fastcgi_read_timeout              300;
  128.     #fastcgi_buffer_size               4k;
  129.     #fastcgi_buffers                   8 4k;
  130.     #fastcgi_busy_buffers_size         8k;
  131.     #fastcgi_temp_file_write_size      8k;
  133.     fastcgi_buffer_size               64k;
  134.     fastcgi_buffers                   4 64k;
  135.     fastcgi_busy_buffers_size         128k;
  136.     fastcgi_temp_file_write_size      128k;
  138.     # fastcgi TEST
  139.     fastcgi_cache_valid 200 302 1h;
  140.     fastcgi_cache_valid 301 1d;
  141.     fastcgi_cache_valid any 1m;
  142.     fastcgi_cache_min_uses 1;
  143.     fastcgi_cache_use_stale error timeout invalid_header http_500;
  144.    # include /data/conf/nginx/conf.d/*.conf;
  145.    # include /data/conf/nginx/conf.d/private-01/*.conf;
  146.    # include /data/conf/nginx/conf.d/private-12/*.conf;
  147.    # include /data/conf/nginx/conf.d/private-13/*.conf;
  149.     # 开启缓存LUA代码
  150.     lua_code_cache on;
  152.     # 允许用户自定义请求头
  153.     underscores_in_headers on;
  155.     # include config
  156.     include /data/apps/nglua/conf/*.conf;
  158.     # nginx 使用 geoip设置
  159.     map $http_x_forwarded_for $real_ip {
  160.         #~^(\d+\.\d+\.\d+\.\d+) $http_x_forwarded_for;
  161.         #(?P)命名补货
  162.         ~^(?P<firstAddr>[0-9\.]+),?.*$    $firstAddr;
  163.         default $remote_addr;
  164.     }
  166.     # nginx加载使用geoip2数据库
  167.     geoip2 /data/softwares/GeoIP/GeoLite2-City.mmdb {
  168.         $geoip2_data_country_code source=$real_ip country iso_code;
  169.         $geoip2_data_country_name source=$real_ip country names en;
  170.         $geoip2_data_city_name source=$real_ip city names en;
  171.         $geoip2_data_province_name source=$real_ip subdivisions 0 names en;
  172.         $geoip2_data_province_isocode subdivisions 0 iso_code;
  173.     }
  175.     fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
  176.     fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
  177.     fastcgi_param CITY_NAME    $geoip2_data_city_name;
  178.     fastcgi_param PROVINCE_NMAE $geoip2_data_province_name;
  179. }
  181. ----
  1. 关于启动报错:
  2. sbin/nginx: error while loading shared libraries: libmaxminddb.so.0: cannot open shared object file: No such file or directory
  4. ldd $(which /usr/local/openresty/nginx/sbin/nginx)

image_1famkoocrnpkkot18lv41au34.png-219.1kB

  1. 这个libmaxmind 包编译完成放在了/usr/local/lib/ 下面 需要重新建立软连接到新的
  2. /lib64 下面
  3. cd /usr/local/lib
  4. ln -s /usr/local/lib/libmaxminddb.so.0.0.7 /lib64/libmaxminddb.so.0

image_1faml0c3hc961bp116h1s2r16fe3h.png-147.9kB

image_1faml3b1uja02sd1o24fmj1ris3u.png-62.9kB

  1. cd /usr/local/openresty/nginx
  2. sbin/nginx -t

image_1faml5lid1q4v1s0982b1924dgq4b.png-74.2kB

  1. sbin/nginx - stop 
  2. sbin/nginx 
  3. ps -ef |grep nginx

image_1faml8r6gvbhc6u1lf685jee24o.png-120.5kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注