[关闭]
@zhangyy 2021-07-16T11:31:00.000000Z 字数 7716 阅读 267

openresty+lua+GeoIP编译配置部署

运维系列


一: openresty 简介

1.1 openresty 介绍

  1. OpenResty® 是一个基于 Nginx Lua 的高性能 Web 平台,其内部集成了大量精良的 Lua 库、第三方模块以及大多数的依赖项。用于方便地搭建能够处理超高并发、扩展性极高的动态 Web 应用、Web 服务和动态网关。
  2. OpenResty® 通过汇聚各种设计精良的 Nginx 模块(主要由 OpenResty 团队自主开发),从而将 Nginx 有效地变成一个强大的通用 Web 应用平台。这样,Web 开发人员和系统工程师可以使用 Lua 脚本语言调动 Nginx 支持的各种 C 以及 Lua 模块,快速构造出足以胜任 10K 乃至 1000K 以上单机并发连接的高性能 Web 应用系统。
  3. OpenResty® 的目标是让你的Web服务直接跑在 Nginx 服务内部,充分利用 Nginx 的非阻塞 I/O 模型,不仅仅对 HTTP 客户端请求,甚至于对远程后端诸如 MySQLPostgreSQLMemcached 以及 Redis 等都进行一致的高性能响应。
  4. openresty 中文官网:
  5. http://openresty.org/cn/

二:openresty 的部署安装

2.1 openresty 的编译安装

  1. 配置依赖包:
  2. yum install pcre-devel openssl-devel gcc curl zlib-devel readline readline-devel\
  3. readline-devel libxslt-devel gd-devel \
  4. libevent libevent-devel

image_1famgc72luiqqt4eh17ebnpo9.png-138.5kB

  1. tar -zxvf openresty-1.19.3.1.tar.gz
  2. cd openresty-1.19.3.1
  3. # 编译安装LuaJIT
  4. cd bundle/LuaJIT-2.1-20201027
  5. make clean && make && make install
  6. # 安装openresty 可根据自己需要启用模块
  7. ./configure \
  8. --prefix=/usr/local/openresty \
  9. --http-proxy-temp-path=//usr/local/openresty/proxy_temp \
  10. --http-fastcgi-temp-path=/usr/local/openresty/nginx/fastcgi_temp \
  11. --with-http_ssl_module \
  12. --with-threads \
  13. --with-file-aio \
  14. --with-http_ssl_module \
  15. --with-http_iconv_module \
  16. --with-http_realip_module \
  17. --with-http_gzip_static_module \
  18. --with-http_secure_link_module \
  19. --with-http_stub_status_module \
  20. --with-http_auth_request_module \
  21. --with-http_random_index_module \
  22. --with-http_image_filter_module
  23. make && make install

image_1famgrsbr741io11hop1o84h7cm.png-219.9kB

  1. 启动openresty:
  2. cd /usr/local/openresty/nginx/
  3. sbin/nginx

image_1famh02lp16fg1k0e1amb7jn1k0v13.png-100.2kB

image_1famh0u1uivb1r41g5t1llscl1g.png-84.4kB

image_1famh1jfr1af41668115cuiur741t.png-192.9kB

2.2 集成GeoIP2 模块

  1. geoip2核心识别库
  2. 下载:libmaxminddb
  3. https://github.com/maxmind/libmaxminddb/releases/tag/1.6.0
  4. 下载libmaxminddb-1.6.0.tar.gz
  5. tar -xzf libmaxminddb-1.6.0.tar.gz
  6. cd libmaxminddb-1.3.2
  7. ./configure
  8. make
  9. make check
  10. sudo make install
  11. sudo ldconfig

image_1famhstqr1q3pq3q10311j3b10do2a.png-198.7kB

  1. geoip2-nginx模块
  2. 下载地址:
  3. https://github.com/TravelEngineers/ngx_http_geoip2_module
  4. git clone https://github.com/TravelEngineers/ngx_http_geoip2_module
  5. 从新编译openresty 增加 geoip2 模块
  6. cd /root/openresty-1.19.3.1
  7. ./configure --prefix=/usr/local/openresty --with-http_stub_status_module --with-http_realip_module --with-http_gzip_static_module --add-module=/root/ngx_http_geoip2_module/
  8. make && make install

image_1famjc6av40kofv1mftegp25n2n.png-177.8kB

  1. geoip2 IP地址库下载:
  2. 下载地址:https://dev.maxmind.com/geoip/geoip2/geolite2/
  3. 注意GeoLite2 City GeoLite2 Country 2个文件都要下载。
  4. 下载选择:MaxMind DB binary, gzipped
  5. GeoLite2-City.mmdb GeoLite2-Country.mmdb 文件
  6. mkdir -p /data/softwares/
  7. GeoLite2-City.mmdb GeoLite2-Country.mmdb 文件 放到/data/softwares/GeoIP 下面
  8. # nginx加载使用geoip2数据库
  9. geoip2 /data/softwares/GeoIP/GeoLite2-City.mmdb {
  10. $geoip2_data_country_code source=$real_ip country iso_code;
  11. $geoip2_data_country_name source=$real_ip country names en;
  12. $geoip2_data_city_name source=$real_ip city names en;
  13. $geoip2_data_province_name source=$real_ip subdivisions 0 names en;
  14. $geoip2_data_province_isocode subdivisions 0 iso_code;
  15. }
  16. fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
  17. fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
  18. fastcgi_param CITY_NAME $geoip2_data_city_name;
  19. fastcgi_param PROVINCE_NMAE $geoip2_data_province_name;
  20. }
  1. nginx 配置文件
  2. /usr/local/openresty/nginx/conf
  3. vim nginx.conf
  4. ----
  5. user root root;
  6. worker_processes auto;
  7. worker_cpu_affinity auto;
  8. worker_rlimit_nofile 65535;
  9. daemon on;
  10. error_log /usr/local/openresty/nginx/logs/error.log warn;
  11. pid /usr/local/openresty/nginx/pid/nginx.pid;
  12. events {
  13. use epoll;
  14. worker_connections 65535;
  15. }
  16. # 开启环境变量
  17. env SPRING_PROFILES_ACTIVE=master;
  18. http {
  19. # 加载lua库和动态库
  20. lua_package_path "/usr/local/openresty/lualib/?.lua;;";
  21. lua_package_cpath "/usr/local/openresty/lualib/?.so;;";
  22. include mime.types;
  23. default_type application/octet-stream;
  24. charset utf-8;
  25. log_format main '$remote_addr - $remote_user [$time_local] '
  26. '"$request" $status $body_bytes_sent '
  27. '"$http_referer" "$http_user_agent" '
  28. '"$http_x_forwarded_for" $host $request_time $upstream_response_time $scheme';
  29. log_format main1 '$remote_addr|$remote_user|[$time_local]|$request|'
  30. '$status|$upstream_status|$body_bytes_sent|$http_referer|'
  31. '$http_user_agent|$request_time|$host|$upstream_addr|$request_body|$upstream_response_time';
  32. log_format main3 '$http_x_forwarded_for|$remote_user|[$time_local]|$request|'
  33. '$status|$upstream_status|$body_bytes_sent|$http_referer|'
  34. '$http_user_agent|$request_time|$host|$upstream_addr|$request_body|$upstream_response_time';
  35. log_format lua '$remote_addr|$remote_user|[$time_local]|$request|'
  36. '$status|$body_bytes_sent|$http_referer|'
  37. '$http_user_agent|$request_time|$host|$upstream_addr|$upstream_response_time';
  38. log_format main2 escape=json
  39. '{"@timestamp":"$time_iso8601",'
  40. '"host":"$hostname",'
  41. '"server_ip":"$server_addr",'
  42. '"client_ip":"$http_x_forwarded_for",'
  43. '"xff":"$http_x_forwarded_for",'
  44. '"domain":"$host",'
  45. '"url":"$uri",'
  46. '"referer":"$http_referer",'
  47. '"args":"$args",'
  48. '"upstreamtime":"$upstream_response_time",'
  49. '"responsetime":"$request_time",'
  50. '"request_method":"$request_method",'
  51. '"status":"$status",'
  52. '"size":"$body_bytes_sent",'
  53. '"request_body":"$request_body",'
  54. '"request_length":"$request_length",'
  55. '"protocol":"$server_protocol",'
  56. '"upstreamhost":"$upstream_addr",'
  57. '"file_dir":"$request_filename",'
  58. '"http_user_agent":"$http_user_agent"'
  59. '}';
  60. #基础优化
  61. server_tokens off;
  62. sendfile on;
  63. tcp_nopush on;
  64. tcp_nodelay on;
  65. keepalive_timeout 65;
  66. keepalive_requests 8192;
  67. # gzip
  68. gzip on;
  69. gzip_min_length 1k;
  70. gzip_buffers 4 16k;
  71. gzip_comp_level 3;
  72. gzip_types text/plain application/javascript text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-httpd-php image/jpeg image/gif image/png;
  73. gzip_vary on;
  74. client_body_timeout 300;
  75. client_header_timeout 300;
  76. send_timeout 600;
  77. reset_timedout_connection on;
  78. client_max_body_size 50m;
  79. #client_body_buffer_size 4096k;
  80. client_body_buffer_size 8192k;
  81. #client_header_buffer_size 4k;
  82. #large_client_header_buffers 4 64k;
  83. client_header_buffer_size 16k;
  84. large_client_header_buffers 8 256k;
  85. server_names_hash_bucket_size 512;
  86. proxy_connect_timeout 600;
  87. proxy_read_timeout 600;
  88. proxy_send_timeout 600;
  89. proxy_buffer_size 128k;
  90. proxy_buffers 8 128k;
  91. proxy_busy_buffers_size 256k;
  92. output_buffers 1 32k;
  93. postpone_output 1460;
  94. open_file_cache max=65535 inactive=60s;
  95. open_file_cache_valid 80s;
  96. open_file_cache_min_uses 1;
  97. open_file_cache_errors on;
  98. # fastcgi set
  99. fastcgi_ignore_client_abort on;
  100. fastcgi_connect_timeout 300;
  101. fastcgi_send_timeout 300;
  102. fastcgi_read_timeout 300;
  103. #fastcgi_buffer_size 4k;
  104. #fastcgi_buffers 8 4k;
  105. #fastcgi_busy_buffers_size 8k;
  106. #fastcgi_temp_file_write_size 8k;
  107. fastcgi_buffer_size 64k;
  108. fastcgi_buffers 4 64k;
  109. fastcgi_busy_buffers_size 128k;
  110. fastcgi_temp_file_write_size 128k;
  111. # fastcgi TEST
  112. fastcgi_cache_valid 200 302 1h;
  113. fastcgi_cache_valid 301 1d;
  114. fastcgi_cache_valid any 1m;
  115. fastcgi_cache_min_uses 1;
  116. fastcgi_cache_use_stale error timeout invalid_header http_500;
  117. # include /data/conf/nginx/conf.d/*.conf;
  118. # include /data/conf/nginx/conf.d/private-01/*.conf;
  119. # include /data/conf/nginx/conf.d/private-12/*.conf;
  120. # include /data/conf/nginx/conf.d/private-13/*.conf;
  121. # 开启缓存LUA代码
  122. lua_code_cache on;
  123. # 允许用户自定义请求头
  124. underscores_in_headers on;
  125. # include config
  126. include /data/apps/nglua/conf/*.conf;
  127. # nginx 使用 geoip设置
  128. map $http_x_forwarded_for $real_ip {
  129. #~^(\d+\.\d+\.\d+\.\d+) $http_x_forwarded_for;
  130. #(?P)命名补货
  131. ~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
  132. default $remote_addr;
  133. }
  134. # nginx加载使用geoip2数据库
  135. geoip2 /data/softwares/GeoIP/GeoLite2-City.mmdb {
  136. $geoip2_data_country_code source=$real_ip country iso_code;
  137. $geoip2_data_country_name source=$real_ip country names en;
  138. $geoip2_data_city_name source=$real_ip city names en;
  139. $geoip2_data_province_name source=$real_ip subdivisions 0 names en;
  140. $geoip2_data_province_isocode subdivisions 0 iso_code;
  141. }
  142. fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
  143. fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
  144. fastcgi_param CITY_NAME $geoip2_data_city_name;
  145. fastcgi_param PROVINCE_NMAE $geoip2_data_province_name;
  146. }
  147. ----
  1. 关于启动报错:
  2. sbin/nginx: error while loading shared libraries: libmaxminddb.so.0: cannot open shared object file: No such file or directory
  3. ldd $(which /usr/local/openresty/nginx/sbin/nginx)

image_1famkoocrnpkkot18lv41au34.png-219.1kB

  1. 这个libmaxmind 包编译完成放在了/usr/local/lib/ 下面 需要重新建立软连接到新的
  2. /lib64 下面
  3. cd /usr/local/lib
  4. ln -s /usr/local/lib/libmaxminddb.so.0.0.7 /lib64/libmaxminddb.so.0

image_1faml0c3hc961bp116h1s2r16fe3h.png-147.9kB

image_1faml3b1uja02sd1o24fmj1ris3u.png-62.9kB

  1. cd /usr/local/openresty/nginx
  2. sbin/nginx -t

image_1faml5lid1q4v1s0982b1924dgq4b.png-74.2kB

  1. sbin/nginx - stop
  2. sbin/nginx
  3. ps -ef |grep nginx

image_1faml8r6gvbhc6u1lf685jee24o.png-120.5kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注