debian7编译安装tengine添加lua和ldap模块

1、安装开发环境

# aptitute update
# aptitude install -y build-essential
# aptitude install -y libldap2-dev openssl libssl-dev

2、升级gcc和glibc（debian7自带的版本太低，编译会报错）

# vim /etc/apt/sources.list
deb http://ftp.debian.org/debian sid main

# apt-get update
# apt-get -t sid install libc6 gcc

# gcc -v
gcc version 6.4.0 20170724 (Debian 6.4.0-2)

3、下载nginx-auth-ldap模块包

# git clone https://github.com/kvspb/nginx-auth-ldap.git

4、安装lua

# aptitude install -y lua5.1 liblua5.1-0 liblua5.1-0-dev

# lua -v
Lua 5.1.5  Copyright (C) 1994-2012 Lua.org, PUC-Rio

5、下载nginx-lua模块包

# wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc8.tar.gz
# tar xvf v0.10.9rc8.tar.gz
# mv lua-nginx-module-0.10.9rc8/ lua-nginx-module

6、编译安装tengine

查看帮助

--with-http_lua_module             enable ngx_http_lua_module (will also enable --with-md5 and --with-sha1)
--with-http_lua_module=shared      enable ngx_http_lua_module (shared) (will also enable --with-md5 and --with-sha1)
--with-lua-inc=PATH                set Lua headers path (where lua.h/lauxlib.h/... are located)
--with-lua-lib=PATH                set Lua library path (where liblua.{a,so} are located, only support Lua-5.1.x)

--with-http_reqstat_module=shared  enable ngx_http_reqstat_module (shared)

下载源码包解压编译

# cd /usr/local/src
# wget http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
# tar xvf tengine-2.2.0.tar.gz
# cd tengine-2.2.0/
# ./configure --prefix=/usr/local/nginx01 --with-http_reqstat_module=shared --add-module=../nginx-auth-ldap --add-module=../lua-nginx-module

# make -j 32
# make install

或者把lua模块编译成动态shrared

# ./configure --prefix=/docker/tengine-2.2.0 --with-http_reqstat_module=shared --with-http_lua_module=shared --add-module=../nginx-auth-ldap

拷贝动态共享对象文件到安装目录的modules目录

# make dso_install

7、修改主配置文件

# vim nginx.conf
user  www;
worker_processes  8;
worker_rlimit_nofile  409600;
pid  sbin/nginx-tengine.pid;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  info;

events {
        use epoll;
        worker_connections  409600;
}

# load modules compiled as Dynamic Shared Object (DSO)
#
dso {
#    load ngx_http_lua_module;
    load ngx_http_reqstat_module.so;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 64m;
    sendfile        on;
    server_tokens off;
    tcp_nopush     on;
    keepalive_timeout  60;
    tcp_nodelay on;
    add_header Xdebug proxy01;
    proxy_connect_timeout    60;
    proxy_read_timeout       60;
    proxy_send_timeout       60;
    proxy_buffer_size        128k;
    proxy_buffers            4 256k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;
    proxy_ignore_client_abort on;
    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain text/css application/json application/x-javascript text/xml  text/javascript  image/png image/jpgi application/javascripti image/jpeg;    
    gzip_vary on;

    lua_package_path "/usr/local/nginx/lua/redis.lua;;";

    map $http_upgrade $connection_upgrade {
        default "";
        ''      "";
    }

    log_format  oupeng_logs  '$remote_addr - $remote_user [$time_local] "$request" "$request_body" '
               '$status $body_bytes_sent "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for '
               '$request_time  $upstream_response_time';

    log_format  mini.oupeng  '"$remote_addr" "$remote_user" "$time_local" "$request" '
                '"$status" "$body_bytes_sent" "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" '
                '"$http_x_operette_branding" "$http_x_nhorizon_channel_id" '
                '"$http_x_operamini_screen_width" "$http_x_operamini_screen_height" '
                '"$http_x_operamini_id" "$http_x_operamini_phone_ua"';

    log_format  main  '[$time_local] $status $remote_addr "$request" "$upstream_addr"';

    log_format json '{"@timestamp":"$time_iso8601",'
                      '"host":"$server_addr",'
                      '"clientip":"$remote_addr",'
                      '"remote_user":"$remote_user",'
                      '"request":"$request",'
                      '"http_user_agent":"$http_user_agent",'
                      '"cookie_uid":"$cookie_uid",'
                      '"size":$body_bytes_sent,'
                      '"responsetime":$request_time,'
                      '"upstreamtime":"$upstream_response_time",'
                      '"upstreamhost":"$upstream_addr",'
                      '"http_host":"$host",'
                      '"url":"$uri",'
                      '"domain":"$host",'
                      '"xff":"$http_x_forwarded_for",'
                      '"referer":"$http_referer",'
                      '"status":"$status"}';

    include vhosts/*.conf ;
}

8、添加ldap配置

# mkdir vhosts
# cd vhosts/

# vim a_ldap.conf
ldap_server ldapsv {
    url ldap://192.168.2.164:389/dc=beijing,dc=op?uid?sub?(&(objectClass=person));
    binddn "cn=admin,dc=beijing,dc=op";
    binddn_passwd "D3llD3ll";
    group_attribute uid;
    group_attribute_is_dn on;
    require valid_user;
}

9、添加kibana代理配置

# vim kibana.conf
upstream kibana-oupeng-com {
    server 192.168.3.56:5601 weight=10 max_fails=3 fail_timeout=10;
    server 192.168.3.49:5601 weight=10 max_fails=3 fail_timeout=10;
    server 192.168.3.57:5601 weight=10 max_fails=3 fail_timeout=10;
    ip_hash;
    check interval=5000 rise=2 fall=5 timeout=1000 type=tcp;
}

server {
    listen 80;
    server_name kibana.oupeng.com;
#    auth_basic "Restricted Access";
#    auth_basic_user_file /usr/local/nginx/conf/htpasswd.users;

    auth_ldap "Forbidden";
    auth_ldap_servers ldapsv;

    location / {
        proxy_pass http://kibana-oupeng-com;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

10、启动nginx

# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx

11、查看版本和模块信息

# /usr/local/nginx/sbin/nginx -V