OpenResty + Lua + Redis 鉴权案例，适用于 x86 和 ARM 架构的 Docker 环境。

🐳 一、拉取 OpenResty 镜像
x86 架构

docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty:latest

ARM 架构

docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty:latest

二、准备目录结构与文件
创建如下目录结构：

/data/lua/
├── conf.d/
│   └── script/
│       └── judge.lua
├── logs/
└── html/

⚙️ 三、准备 Lua 脚本
/data/lua/conf.d/script/judge.lua
lua
local redis = require "resty.redis"
local cjson = require "cjson"local red = redis:new()
red:set_timeout(1000)local ok, err = red:connect("172.16.11.10", 6379)  # 修改为redis相关
if not ok thenngx.log(ngx.ERR, "Failed to connect to Redis: ", err)return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
endok, err = red:auth("87vhqEne05u8")
if not ok thenngx.log(ngx.ERR, "Failed to authenticate with Redis: ", err)return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
endok, err = red:select(14)
if not ok thenngx.log(ngx.ERR, "Failed to select Redis database: ", err)return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
endlocal token = ngx.var.arg_tokenif not token or token == "" thenngx.header.content_type = "application/json"ngx.say(cjson.encode({status = "error", message = "token is required"}))ngx.exit(ngx.HTTP_UNAUTHORIZED)
elselocal exist, err = red:get("tk:" .. token)if not exist or exist == ngx.null thenngx.log(ngx.WARN, "Token is invalid or does not exist: ", token)ngx.header.content_type = "application/json"ngx.say(cjson.encode({status = "error", message = "token is invalid or expired"}))ngx.exit(ngx.HTTP_UNAUTHORIZED)elsengx.log(ngx.INFO, "Token is valid: ", token)end
endred:close()

🔧 四、准备 Nginx 配置文件

/data/lua/conf.d/default.confhttp {lua_package_path "/usr/local/openresty/lualib/?.lua;;";server {listen 1004;server_name localhost;root /usr/local/openresty/nginx/html/zszhjg/zsd/;location /ctis-zszhjg/ {set $token "";if ($arg_token) {set $token "tk:$arg_token";}access_by_lua_file /etc/nginx/conf.d/script/judge.lua;proxy_pass http://172.16.14.11:7000/ctis-zszhjg/;proxy_set_header Host $host;proxy_set_header x-Real-IP $remote_addr;proxy_set_header x-Forwarded-For $proxy_add_x_forwarded_for;if ($arg_filename ~ "\(.+)" ) {add_header Content-Disposition "attachment;filename=$arg_filename";}}}
}

🐘 五、准备 Redis Lua 库

cd /data/lua
git clone https://github.com/openresty/lua-resty-redis.git
cp lua-resty-redis/lib/resty/redis.lua /data/lua/conf.d/resty/redis.lua

🚀 六、启动 OpenResty 容器
bash
docker run -d \--name openresty \--restart=always \-v /etc/localtime:/etc/localtime:ro \-v /data/lua/conf.d:/etc/nginx/conf.d \-v /data/lua/logs:/usr/local/openresty/nginx/logs \-v /data/lua/html:/usr/local/openresty/nginx/html \-v /data/lua/conf.d/resty/redis.lua:/usr/local/openresty/lualib/resty/redis.lua \registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty:latest

ARM 架构 OpenResty + Lua-Redis 案例

🐳 一、拉取 OpenResty 镜像
ARM 架构

docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty:latest

📁 二、准备目录结构与文件
创建目录结构：

mkdir -p /data/lua/conf.d/script
mkdir -p /data/lua/logs
mkdir -p /data/lua/html
mkdir -p /data/lua/lualib/resty

📥 三、下载 Lua-Redis 库

cd /data/lua
git clone https://github.com/openresty/lua-resty-redis.git
cp lua-resty-redis/lib/resty/redis.lua /data1/lua/lualib/resty/redis.lua

⚙️ 四、准备 Lua 脚本
/data/lua/conf.d/script/judge.lua

local redis = require "resty.redis"
local cjson = require "cjson"-- 创建 Redis 连接对象
local red = redis:new()-- 设置 Redis 连接信息
red:set_timeout(1000) -- 1秒超时
local ok, err = red:connect("172.16.11.10", 6379)
if not ok thenngx.log(ngx.ERR, "Failed to connect to Redis: ", err)return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end-- 设置 Redis 密码
ok, err = red:auth("87vhqEne05u8")
if not ok thenngx.log(ngx.ERR, "Failed to authenticate with Redis: ", err)return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end-- 选择 Redis 数据库索引
ok, err = red:select(14)
if not ok thenngx.log(ngx.ERR, "Failed to select Redis database: ", err)return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end-- 从 Nginx 变量中获取 token
local token = ngx.var.arg_token-- 检查 token 是否存在
if not token or token == "" then-- 如果没有 token 参数，返回 401 unauthorizedngx.header.content_type = "application/json"ngx.say(cjson.encode({status = "error", message = "token is required"}))ngx.exit(ngx.HTTP_UNAUTHORIZED)
else-- 检查 token 是否有有效且未过期local exist, err = red:get("tk:" .. token)if not exist or exist == ngx.null thenngx.log(ngx.WARN, "Token is invalid or does not exist: ", token)ngx.header.content_type = "application/json"ngx.say(cjson.encode({status = "error", message = "token is invalid or expired"}))ngx.exit(ngx.HTTP_UNAUTHORIZED)else-- Token 是有效的，允许请求通过ngx.log(ngx.INFO, "Token is valid: ", token)-- 这里不需要返回内容，继续执行后续的 proxy_passend
end-- 关闭 Redis 连接
red:set_keepalive(10000, 100)  -- 使用连接池，提高性能

🔧 五、准备 Nginx 配置文件
/data1/lua/conf.d/default.conf

worker_processes  auto;events {worker_connections  1024;
}http {include       mime.types;default_type  application/octet-stream;# Lua 模块路径配置lua_package_path "/usr/local/openresty/lualib/?.lua;;";lua_package_cpath "/usr/local/openresty/lualib/?.so;;";sendfile        on;keepalive_timeout  65;server {listen 1004;server_name localhost;# 静态文件根目录root /usr/local/openresty/nginx/html;location /ctis-zszhjg/ {# 设置 token 变量set $token "";if ($arg_token) {set $token "tk:$arg_token";}# Lua 鉴权脚本access_by_lua_file /etc/nginx/conf.d/script/judge.lua;# 代理到后端服务proxy_pass http://192.168.14.89:9000/ctis-zszhjg/;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;# 文件下载头处理if ($arg_filename ~ "\(.+)" ) {add_header Content-Disposition "attachment;filename=$arg_filename";}}# 健康检查端点location /health {access_log off;return 200 "healthy\n";add_header Content-Type text/plain;}}
}

🚀 六、启动 OpenResty 容器（ARM）

docker run -d \--name openresty-arm \--restart=always \-v /etc/localtime:/etc/localtime:ro \-v /data/lua/conf.d:/etc/nginx/conf.d \-v /data/lua/logs:/usr/local/openresty/nginx/logs \-v /data/lua/html:/usr/local/openresty/nginx/html \-v /data/lua/lualib:/usr/local/openresty/lualib \registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty:latest

OpenResty Manager：可视化+高性能+安全

配置文件可参考

https://github.com/Safe3/openresty-manager/blob/main/docker/docker-compose.yml

创建目录

mkdir -p /data/om_acme /data/om_data /data/om_conf /data/om_logs

拉取x86镜像

docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty-manager:latest

拉取arm64镜像

docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty-manager:latest

运行命令：

docker run -d --name openresty-manager --restart always --network host -v /etc/localtime:/etc/localtime:ro -v /etc/resolv.conf:/etc/resolv.conf:ro -v /var/run/docker.sock:/var/run/docker.sock -v /data/om_acme:/opt/om/acme -v /data/om_data:/opt/om/data -v /data/om_conf:/opt/om/nginx/conf -v /data/om_logs:/opt/om/nginx/logs registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty-manager:latest

或者

docker run -d --name openresty-manager --restart always -p 80:80 -p 443:443 -p 9080:9080 -v /etc/localtime:/etc/localtime:ro -v /etc/resolv.conf:/etc/resolv.conf:ro -v /var/run/docker.sock:/var/run/docker.sock -v /data/om_acme:/opt/om/acme -v /data/om_data:/opt/om/data -v /data/om_conf:/opt/om/nginx/conf -v /data/om_logs:/opt/om/nginx/logs uusec/openresty-manager:latest

1.登录管理：访问 https://ip:9080 ，默认用户名为“admin”，默认密码为“#Passw0rd”。（登录之后不要忘记第一时间改密）