search

p0pr0ck5 / lua-resty-waf

High-performance WAF built on the OpenResty stack
GNU General Public License v3.0
1.28k stars 306 forks source link

Installation steps #138

Closed ghost closed 8 years ago

ghost commented 8 years ago

I am running into some silly errors while trying out resty waf. While starting nginx with changes made as shown in readme.synopsis, I get

unknown directive "require"

I think, I am missing something basic here. If someone can post following, it will help. I will add it to the documentation later.

  1. How openresty was configured i.e. output of nginx -V
  2. A complete working nginx.conf which enables all detection rules

Once this is done, I will take up adding Dockerfile for the same.

ghost commented 8 years ago

http { include mime.types; default_type application/octet-stream;

sendfile        on;
keepalive_timeout  65;

# include lua_resty_waf in the appropriate paths
lua_package_path '/home/sunny/openresty-1.9.7.4/install/lualib/lua-resty-waf/?.lua;;';
lua_package_cpath '/home/sunny/openresty-1.9.7.4/install/lualib/lua-resty-waf/?.lua;;';

# use resty.core for performance improvement, see the status note above
require "resty.core"

# require the base module
local lua_resty_waf = require "waf"

# define options that will be inherited across all scopes
lua_resty_waf.default_option("debug", true)
lua_resty_waf.default_option("mode", "ACTIVE")

# perform some preloading and optimization
lua_resty_waf.init()

server {
    listen       80;
    server_name  localhost;

    location / {
       # Ignore this, had added for testing
        content_by_lua '
        ngx.say("<p>hello, world</p>")
        ';
    }
}

}

ghost commented 8 years ago

$ sudo ./nginx/sbin/nginx -T nginx: [emerg] unknown directive "require" in /home/sunny/openresty-1.9.7.4/install/nginx/conf/nginx.conf:42 nginx: configuration file /home/sunny/openresty-1.9.7.4/install/nginx/conf/nginx.conf test failed

p0pr0ck5 commented 8 years ago

@sunny137 you need to wrap your lua code in an init_by_lua block

p0pr0ck5 commented 8 years ago

I suppose the synopsis should have the proper syntax as well. Whoops! I'll fix that shortly!

p0pr0ck5 commented 8 years ago

@sunny137 your config should look like this:

    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    # include lua_resty_waf in the appropriate paths
    lua_package_path '/home/sunny/openresty-1.9.7.4/install/lualib/lua-resty-waf/?.lua;;';
    lua_package_cpath '/home/sunny/openresty-1.9.7.4/install/lualib/lua-resty-waf/?.lua;;';

    init_by_lua '
    # use resty.core for performance improvement, see the status note above
    require "resty.core"

    # require the base module
    local lua_resty_waf = require "waf"

    # define options that will be inherited across all scopes
    lua_resty_waf.default_option("debug", true)
    lua_resty_waf.default_option("mode", "ACTIVE")

    # perform some preloading and optimization
    lua_resty_waf.init()
    ';

    server {
        listen       80;
        server_name  localhost;

        location / {
           # Ignore this, had added for testing
            content_by_lua '
            ngx.say("<p>hello, world</p>")
            ';
        }
    }
}
ghost commented 8 years ago

Cool, it works now. I see that you have already updated synopsis. Thanks for quick response.