|
1、安装开发环境
# aptitute update
# aptitude install -y build-essential
# aptitude install -y libldap2-dev openssl libssl-dev
2、升级gcc和glibc(debian7自带的版本太低,编译会报错)
# vim /etc/apt/sources.list
deb http://ftp.debian.org/debian sid main
# apt-get update
# apt-get -t sid install libc6 gcc
# gcc -v
gcc version 6.4.0 20170724 (Debian 6.4.0-2)
3、下载nginx-auth-ldap模块包
# git clone https://github.com/kvspb/nginx-auth-ldap.git
4、安装lua
# aptitude install -y lua5.1 liblua5.1-0 liblua5.1-0-dev
# lua -v
Lua 5.1.5 Copyright (C) 1994-2012 Lua.org, PUC-Rio
5、下载nginx-lua模块包
# wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc8.tar.gz
# tar xvf v0.10.9rc8.tar.gz
# mv lua-nginx-module-0.10.9rc8/ lua-nginx-module
6、编译安装tengine
查看帮助
--with-http_lua_module enable ngx_http_lua_module (will also enable --with-md5 and --with-sha1)
--with-http_lua_module=shared enable ngx_http_lua_module (shared) (will also enable --with-md5 and --with-sha1)
--with-lua-inc=PATH set Lua headers path (where lua.h/lauxlib.h/... are located)
--with-lua-lib=PATH set Lua library path (where liblua.{a,so} are located, only support Lua-5.1.x)
--with-http_reqstat_module=shared enable ngx_http_reqstat_module (shared)
下载源码包解压编译
# cd /usr/local/src
# wget http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
# tar xvf tengine-2.2.0.tar.gz
# cd tengine-2.2.0/
# ./configure --prefix=/usr/local/nginx01 --with-http_reqstat_module=shared --add-module=../nginx-auth-ldap --add-module=../lua-nginx-module
# make -j 32
# make install
或者把lua模块编译成动态shrared
# ./configure --prefix=/docker/tengine-2.2.0 --with-http_reqstat_module=shared --with-http_lua_module=shared --add-module=../nginx-auth-ldap
拷贝动态共享对象文件到安装目录的modules目录
# make dso_install
7、修改主配置文件
# vim nginx.conf
user www;
worker_processes 8;
worker_rlimit_nofile 409600;
pid sbin/nginx-tengine.pid;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
events {
use epoll;
worker_connections 409600;
}
# load modules compiled as Dynamic Shared Object (DSO)
#
dso {
# load ngx_http_lua_module;
load ngx_http_reqstat_module.so;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 64m;
sendfile on;
server_tokens off;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
add_header Xdebug proxy01;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_ignore_client_abort on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml text/javascript image/png image/jpgi application/javascripti image/jpeg;
gzip_vary on;
lua_package_path "/usr/local/nginx/lua/redis.lua;;";
map $http_upgrade $connection_upgrade {
default "";
'' "";
}
log_format oupeng_logs '$remote_addr - $remote_user [$time_local] "$request" "$request_body" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for '
'$request_time $upstream_response_time';
log_format mini.oupeng '"$remote_addr" "$remote_user" "$time_local" "$request" '
'"$status" "$body_bytes_sent" "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$http_x_operette_branding" "$http_x_nhorizon_channel_id" '
'"$http_x_operamini_screen_width" "$http_x_operamini_screen_height" '
'"$http_x_operamini_id" "$http_x_operamini_phone_ua"';
log_format main '[$time_local] $status $remote_addr "$request" "$upstream_addr"';
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"http_user_agent":"$http_user_agent",'
'"cookie_uid":"$cookie_uid",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
include vhosts/*.conf ;
}
8、添加ldap配置
# mkdir vhosts
# cd vhosts/
# vim a_ldap.conf
ldap_server ldapsv {
url ldap://192.168.2.164:389/dc=beijing,dc=op?uid?sub?(&(objectClass=person));
binddn "cn=admin,dc=beijing,dc=op";
binddn_passwd "D3llD3ll";
group_attribute uid;
group_attribute_is_dn on;
require valid_user;
}
9、添加kibana代理配置
# vim kibana.conf
upstream kibana-oupeng-com {
server 192.168.3.56:5601 weight=10 max_fails=3 fail_timeout=10;
server 192.168.3.49:5601 weight=10 max_fails=3 fail_timeout=10;
server 192.168.3.57:5601 weight=10 max_fails=3 fail_timeout=10;
ip_hash;
check interval=5000 rise=2 fall=5 timeout=1000 type=tcp;
}
server {
listen 80;
server_name kibana.oupeng.com;
# auth_basic "Restricted Access";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd.users;
auth_ldap "Forbidden";
auth_ldap_servers ldapsv;
location / {
proxy_pass http://kibana-oupeng-com;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
10、启动nginx
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx
11、查看版本和模块信息
# /usr/local/nginx/sbin/nginx -V
|
客服电话
APP下载
官方微信
请发表评论