准备好工作目录
mkdir work
cd work
mkdir conf logs
准备好 conf/nginx.conf 配置文件, 把 your.domain 换成你自己的域名
user abcd; ## 换成自己的 user
worker_processes 1;
error_log logs/error.log warn;
events {
worker_connections 1024;
}
http {
resolver 114.114.114.114 ipv6=off;
lua_package_path '${prefix}lua/?.lua;;';
lua_code_cache on;
ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
lua_ssl_verify_depth 2;
lua_ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt;
sendfile on;
server {
listen 8080 ssl;
server_name your.domain;
keepalive_timeout 70;
## http://domain.name:8080 自动跳转到 https://domain.name:8080
error_page 497 301 =307 https://$host:$server_port$request_uri;
location ~ ^/api/([-_a-zA-Z0-9/]+) {
access_by_lua_file lua/access_check.lua;
content_by_lua_file lua/$1.lua;
}
location / {
default_type text/html;
content_by_lua_block {
ngx.say("<p>hello, world</p>")
}
}
}
server { ## 禁止 ip 直接访问
listen 8080 default_server;
server_name _;
return 500;
}
}
openresty 启动
cd work
openresty -p `pwd` -c conf/nginx.conf
-p 指定工作目录
-c 指定配置文件
reload 配置文件也要带上启动时的 -p -c
openresty -p `pwd` -c conf/nginx.conf -s reload