Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how Nginx uses Lua+Redis to achieve dynamic blocking of IP". In daily operation, I believe many people have doubts about how Nginx uses Lua+Redis to achieve dynamic blocking of IP. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubt of "how Nginx uses Lua+Redis to achieve dynamic blocking of IP." Next, please follow the editor to study!

I. background

In our daily maintenance of the website, we often encounter such a requirement that in order to block certain crawlers or malicious users' requests to the server, we need to establish a dynamic ip blacklist. For the ip in the blacklist, the service is denied.

II. Structure

There are many ways to implement the function of ip blacklist:

1. At the operating system level, configure iptables and reject network requests that specify ip.

2. At the web server level, configure the ip blacklist through nginx's own deny option or lua plug-in

3. At the application level, check whether the client ip is blacklisted before requesting the service.

To facilitate management and sharing, we implement the function of ip blacklist through the architecture of nginx+lua+redis. The architecture figure is as follows:

Architecture diagram

III. Realization

1. Install the nginx+lua module. It is recommended to use openresty, which is a nginx server that integrates various lua modules:

Openresty

2. Install and start the redis server

3. Configure nginx example:

Nginx configuration

Among them

Lua_shared_dict ip_blacklist 1m

A 1m shared memory space is allocated by the nginx process to cache the ip blacklist. See:

Https://github.com/openresty/lua-nginx-module#lua_shared_dict

Access_by_lua_file lua/ip_blacklist.lua

Specify the lua script location

4. Configure the lua script to obtain the latest ip blacklist from redis on a regular basis. For more information, please see:

Https://gist.github.com/ceelog/39862d297d9c85e743b3b5111b7d44cb

Lua script content

5. Create a new data ip_blacklist of set type on the redis server and add the latest ip blacklist.

After completing the above steps, reload nginx and the configuration will take effect.

When accessing the server, if your ip address is on the blacklist, access will be denied:

Access denied

At this point, the study on "how Nginx uses Lua+Redis to dynamically block IP" is over. I hope to be able to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.