Nginx内置lua版OpenResty拦截转发请求Redis等操作

Nginx内置lua版OpenResty拦截转发请求Redis等操作

1 下载并安装OpenResty

http://openresty.org/cn/download.html

2 下载 lua-resty-http-0.17.1 库 以让openresty的lua支持外部http访问能力

lua-resty-http-0.17.1

1 下载 lua-resty-http-0.17.1

2 然后将文件中lua-resty-http-0.17.1\lib\resty 下面的 http.lua放到openresty-1.21.4.2-win64\lualib\resty文件夹中

3 nginx.conf文件位于openresty-1.21.4.2-win64/conf文件夹中，而lua-resty-http库位于openresty-1.21.4.2-win64/lualib/resty目录中,按照以下方式设置lua_package_path指令：

http {
    lua_package_path "./../lualib/?.lua;;";
    ...
}

使用了相对路径./../lualib/?.lua来指定lua-resty-http库的路径。./..表示上一级目录，然后进入lualib目录，然后使用?.lua通配符来匹配所有的Lua文件

3 编写代码逻辑流程

在openresty-1.21.4.2-win64\luaCode文件中新建filterLogin.lua文件,并书写处理逻辑

local redis = require "resty.redis"

local function handleRequest()
    -- 连接到 Redis 服务器
    local red = redis:new()
    local ok, err = red:connect("127.0.0.1", 6379)
    if not ok then
        ngx.log(ngx.ERR, "failed to connect to Redis: ", err)
        return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
    end

    -- 选择 Redis 的 DB1
    ok, err = red:select(1)
    if not ok then
        ngx.log(ngx.ERR, "Failed to select Redis DB: ", err)
        return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
    end

    -- 判断请求 URL 是否包含 "ssologin" 或 "authToken"
    local request_uri = ngx.var.request_uri
    local auth_token = ngx.var.http_authtoken
    local body_data = ngx.req.get_body_data()

    -- 从 Redis 中获取指定 key 的值
    local client_ip = ngx.var.remote_addr
    local client_ip_str = "ip" .. client_ip
    local value, err = red:get(client_ip_str)

    if request_uri:find("ssologin") or request_uri:find("authToken") or request_uri:find("keepLogin") or request_uri:find("websocket")  or (body_data and body_data:find("authToken")) then
        -- 放行请求
        if request_uri:find("extensionAuthority") then
            -- 将值重新放入 Redis 并设置有效期为 30 分钟
            ok, err = red:setex(client_ip_str, 1800, value)
        end
        return
    end



    if not value then
        ngx.log(ngx.ERR, "failed to get value from Redis: ", err)
        return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
    end

    -- 判断值是否存在并进行相应处理
    if value == ngx.null then
        -- 转发到 www.baidu.com
        -- return ngx.redirect("http://192.9.100.73:31100/operation/keepLogin/sendLoginOut?ip=" .. client_ip_str)
        -- 构建GET请求的URL
        local http = require("resty.http")

        local httpc = http.new()
        local url = "http://192.9.100.73:31100/operation/keepLogin/sendLoginOut?ip=" .. ngx.escape_uri(client_ip_str)

        local res, err = httpc:request_uri(url, {
            method = "GET",
        })

        if not res then
            ngx.log(ngx.ERR, "failed to send GET request: ", err)
            return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end

        if res.status == ngx.HTTP_OK then
            local body = res.body
            -- 处理响应
            -- body 为响应体内容
            -- ...
        else
            ngx.log(ngx.ERR, "failed to send GET request: ", res.status)
            return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end
    else
        -- 放行请求
        -- 将值重新放入 Redis 并设置有效期为 30 分钟
        ok, err = red:setex(client_ip_str, 60, value)
        if not ok then
            ngx.log(ngx.ERR, "failed to set value in Redis: ", err)
        end
        return
    end

    -- 关闭与 Redis 的连接
    local ok, err = red:set_keepalive(10000, 100)
    if not ok then
        ngx.log(ngx.ERR, "failed to set Redis keepalive: ", err)
    end
end
handleRequest()

4 nginx.conf里面增加代码处理进行转发处理

在openresty-1.21.4.2-win64/conf文件夹中nginx.conf里面进行转发处理

http {
    include       mime.types;
    default_type  application/octet-stream;
    lua_shared_dict redis_cache 100m;
    include mime.types;
    client_max_body_size 200m;
    # 引入lua-resty-http-0.17.1以让openresty的lua支持外部http访问能力
	lua_package_path "./../lualib/?.lua;;";

    sendfile        on;

    keepalive_timeout  65;

    #自定义变量
    #FastCGI相关参数是为了改善网站的性能：减少资源占用，提高访问速度。
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 8 128k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    map $http_user_agent $basePath {
      default '';
    }
    map $http_user_agent $baseUrl {
      default '';
    }

    server {
            listen 31100;

            location ^~ /operation/ {
                 proxy_set_header Host $host;
                 proxy_set_header X-Real-IP $remote_addr;
                 # 让后续可以获取代理前的请求原地址
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header Connection 'upgrade';
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_pass http://192.9.100.73:7013/;
                 # 表示走此文件的代理逻辑
                 access_by_lua_file ./luaCode/filterLogin.lua;
            }

            location ^~ /zuul/ {
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header Connection 'upgrade';
                  proxy_set_header Upgrade $http_upgrade;
                  proxy_pass http://192.9.100.73:7012/;
                  # 表示走此文件的代理逻辑
                  access_by_lua_file ./luaCode/filterLogin.lua;
            }
			
			location ^~ /service/ {
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header Connection 'upgrade';
                  proxy_set_header Upgrade $http_upgrade;
                  # 表示走此文件的代理逻辑
                  proxy_pass http://192.9.100.73:7080/;
            }
        }
}