openresty增加nginx_upstream_check_
2022-04-25 本文已影响0人
大鹏一怒乘风起
源码编译一个rpm包一致的openrestry,这里增加两个模块
一个是check模块
一个是LDAP模块
配置openrest源
[openresty]
name=Official OpenResty Open Source Repository for CentOS
baseurl=https://openresty.org/package/centos/$releasever/$basearch
skip_if_unavailable=False
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://openresty.org/package/pubkey.gpg
enabled=1
enabled_metadata=1
安装依赖
yum -y install ccache pcre-devel openssl-devel gcc curl openldap-devel openresty-openssl111-devel
创建个临时目录存放文件
mkdir /tmp/test
先下载一个和官方一致的openresty的软件包
wget https://openresty.org/download/openresty-1.19.9.1.tar.gz
cd bundle/
export LUAJIT_LIB=/usr/local/openresty/luajit/lib ;export LUAJIT_INC=/usr/local/openresty/luajit/include/luajit-2.1
1.下载check模块 和LDAP模块
cd /tmp/test/openresty-1.19.9.1/bundle
从GitHub下载zip 包
https://github.com/yaoweibin/nginx_upstream_check_module.git
https://github.com/kvspb/nginx-auth-ldap.git
unzip nginx_upstream_check_module-master.zip
unzip nginx-auth-ldap-master.zip
2.切换至nginx目录添加check_module补丁(patch 命令不存在的话,需要用yum安装下)
patch -p1 < ../nginx_upstream_check_module-master/check_1.16.1+.patch (1.19.9.1满足1.16.1+)
3.执行源码安装
./configure --prefix="/usr/local/openresty" --with-cc='ccache gcc -fdiagnostics-color=always' --with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include" --with-ld-opt="-L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib" --with-pcre-jit --without-http_rds_json_module --without-http_rds_csv_module --without-lua_rds_parser --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT' --add-module=bundle/nginx_upstream_check_module-master --add-module=bundle/nginx-auth-ldap -j2
执行gmake
执行完之后,该目录下的nginx
/tmp/test/openresty-1.19.9.1/build/nginx-1.19.9/objs
就是编译之后的二进制,建议用yum 安装,然后替换yum安装的二进制文件即可
check使用
在upstream组下健康检查,支持http和tcp的模式
upstream atest {
server 10.1.1.1:8080;
server 10.1.1.2:8080;
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
}
ldap使用
和server{}平级目录下 配置
ldap_server testldap {
url "ldap://10.1.1.3:389/OU=user,OU=dage,DC=xxx,DC=com?sAMAccountName?sub?(&(objectClass=person)(sAMAccountName=*)(mail=*))";
binddn "testldap\da";
binddn_passwd 'dagedage';
group_attribute uniquemember;
group_attribute_is_dn on;
require valid_user;
}
server {
listen 80;
server_name hihi.test.com;
server_tokens off;
large_client_header_buffers 4 1m;
client_header_buffer_size 1m;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 150M;
underscores_in_headers on;
auth_ldap "Input AD user name and password!";
auth_ldap_servers testldap;
···
}
