最近自己的博客系统发现经常有有一些ip攻击,所以,想做一个实现动态封禁攻击ip的功能,最初想的是使用redis实现,目前刚好在学习kafka,所以,本人使用了kafka实时发送访问的ip到后台,然后后台入库处理,并做归属地查询,然后分析出此ip是否存在攻击功能,使用脚本,将攻击者的ip动态封禁,实现网站保护的一个基本功能,由于是自己的网站使用,没有做太多的优化,今天,分享下第一个步骤,将访问ip入库话不多说
我们一起来看下,具体怎么操作的,首先,安装openstry,这个是支持lua脚本语言的nginx.大家可以上网搜索相关资料,进行安装,这个不是今天的重点,这里就不在叙述openstry的安装了,我们从安装kafka开始,
一:安装zookeeper
因为安装kafka需要使用zookeeper,当然,kafka内部自带zookeeper,小伙伴们也可以使用自带的zoookeeper,我今天演示的案例使用的是外部的zookeeper,
首先,在linux下载zookeeper安装包,执行解压,然后执行配置文件的配置,启动,就可以了,过程比较简单,我们大概看下就行
我的安装包是zookeeper-3.4.14,安装完成后,启动可以,启动命令,./zkServer.sh start
我的已经启动了,我们使用命令./zkServer.是status,可以看到如下信息的话,就证明已经启动成功了,我的是单机版,大家注意
二:安装kafka
kafka的官网是:[http://kafka.apache.org/](http://kafka.apache.org/),下载最新的版本就可以,用wget在线安装
我的安装版本是kafka_2.12-2.5.0.tgz,
执行解压,解压命令:tar -zxvf kafka_2.12-2.5.0.tgz
进入kafka的配置文件目录,执行配置文件的配置,配置文件名称是server.properties
主要配置下listeners,advertised.listeners,zookeeper,其他都按照默认配置即可,以下是我的配置文件配置,我删除了一部分注释信息
############################# Socket Server Settings #############################
# The address the socket server listens on. It will get the value returned from
# java.net.InetAddress.getCanonicalHostName() if not configured.
# FORMAT:
# listeners = listener_name://host_name:port
# EXAMPLE:
# listeners = PLAINTEXT://your.host.name:9092
listeners=PLAINTEXT://你自己的ip地址:9092
# Hostname and port the broker will advertise to producers and consumers. If not set,
# it uses the value for "listeners" if configured. Otherwise, it will use the value
# returned from java.net.InetAddress.getCanonicalHostName().
advertised.listeners=PLAINTEXT://你自己的ip地址:9092
num.network.threads=3
# The number of threads that the server uses for processing requests, which may include disk I/O
num.io.threads=8
# The send buffer (SO_SNDBUF) used by the socket server
socket.send.buffer.bytes=102400
# The receive buffer (SO_RCVBUF) used by the socket server
socket.receive.buffer.bytes=102400
# The maximum size of a request that the socket server will accept (protection against OOM)
socket.request.max.bytes=104857600
############################# Log Basics #############################
# A comma separated list of directories under which to store log files
log.dirs=/usr/local/software/kafka/logs/kafka-logs
# The default number of log partitions per topic. More partitions allow greater
# parallelism for consumption, but this will also result in more files across
# the brokers.
num.partitions=1
# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown.
# This value is recommended to be increased for installations with data dirs located in RAID array.
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
############################# Log Flush Policy #############################
# The maximum amount of time a message can sit in a log before we force a flush
#log.flush.interval.ms=1000
############################# Log Retention Policy #############################
# The following configurations control the disposal of log segments. The policy can
# be set to delete segments after a period of time, or after a given size has accumulated.
# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens
# from the end of the log.
# The minimum age of a log file to be eligible for deletion due to age
log.retention.hours=168
# A size-based retention policy for logs. Segments are pruned from the log unless the remaining
# segments drop below log.retention.bytes. Functions independently of log.retention.hours.
#log.retention.bytes=1073741824
# The maximum size of a log segment file. When this size is reached a new log segment will be created.
log.segment.bytes=1073741824
# The interval at which log segments are checked to see if they can be deleted according
# to the retention policies
log.retention.check.interval.ms=300000
############################# Zookeeper #############################
zookeeper.connect=localhost:2181
# Timeout in ms for connecting to zookeeper
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0
接下来就是启动了,一定记得,先启动zk,再启动kafka,
启动命令,当然你也可以使用nohup执行后台启动,
后台启动命令
启动成功后,执行jps命令,会看到kafka的进程,说明启动成功了,如果启动失败,一般会报错内存不够的话,需要改一下移动的内存,kafka默认的都是1g,我们改成512M就可以,
修改内存大小,将Xmx和Xms由原来的的1G修改为512M,注意这里不要修改的太小,否则kafka启动会很慢,
if [ "x$KAFKA_HEAP_OPTS" = "x" ]; then
export KAFKA_HEAP_OPTS="-Xmx512M -Xms512M"
fi
修改完内存,然后在执行启动,没啥别的问题,就启动成功了,这个时候,我们就可以创建主题了,以下是我的创建以及运行测试命令,如果已经创建过,执行创建命令的时候,会提示已经存在,创建成功的话,会提示created 表示已经创建成功,然后可以执行启动第二条命令,执行生产者,再打开一个窗口,执行第三条命令
启动消费者,这个时候,你就可以测试发送消息,然后另一个窗口就会消费到消息,比较简单,我这里就不做演示了
创建主题:
./kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic test
启动生产者:
./kafka-console-producer.sh --broker-list 自己的ip:9092 --topic test
启动消费者:
./kafka-console-consumer.sh --bootstrap-server 自己的ip:9092 --topic test --from-beginning
三:springboot集成kafka,
我们的目的是kafka发送消息,然后后台接受消息,拿到ip后,执行归属地查询,入库操作,
所以,先看看如何集成到spring项目中
引入依赖
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
<version>2.3.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>2.3.1</version>
</dependency>
配置kafka
spring.kafka.bootstrap-servers=你的ip:9092
spring.kafka.producer.retries=0
spring.kafka.producer.batch-size=123
spring.kafka.producer.buffer-memory=1234567889
#生产的编码解码方式
spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer
# 指定默认消费者group id
spring.kafka.consumer.group-id=blog_app
spring.kafka.consumer.auto-offset-reset=earliest
spring.kafka.consumer.enable-auto-commit=true
# 消费者的编解码方式
spring.kafka.consumer.key-deserializer=org.apache.kafka.common.serialization.StringDeserializer
spring.kafka.consumer.value-deserializer=org.apache.kafka.common.serialization.StringDeserializer
这样,就基本配置完成了,现在就是写生产者发送消息,消费者消费消息,使用spring提供的Kafkaemplete就可以操作了,
我们今天的任务是,实时采集nginx日志的访问ip,然后入库,我们需要写一个消费者类,我的代码如下,获取消息是模板代码,在注解Kafkalisteners中定义你自己的topic,然后获取转换,就可以,代码比较加单,
@Component
public class KafkaReceiver {
private static final Logger logger = LoggerFactory.getLogger(KafkaReceiver.class);
private Gson gson = new GsonBuilder().create();
@Autowired
private NingxRequestLogService ningxRequestLogService;
@Autowired
private RedisTemplate redisTemplate;
@KafkaListener(topics = {"access-log"})
public void listen(ConsumerRecord<?, ?> record) {
Optional<?> kafkaMessage = Optional.ofNullable(record.value());
if (kafkaMessage.isPresent()) {
String nginxLog = String.valueOf(kafkaMessage.get());
logger.info("------------------ 当前访问的信息为 =" + nginxLog);
try {
NginxLogParam nginxLogParam = gson.fromJson(nginxLog, NginxLogParam.class);
if (null != nginxLogParam && StringUtils.isNoneBlank(nginxLogParam.getClientIP())){
//归属地查询
IpAddr ipAddr = checkAttribution(nginxLogParam);
NingxRequestLog ningxRequestLog = new NingxRequestLog();
ningxRequestLog.setRequestIp(nginxLogParam.getClientIP());
ningxRequestLog.setRequestMethod(nginxLogParam.getMethod());
ningxRequestLog.setRequestHttpVersion("1.1");
ningxRequestLog.setCreateTime(new Date());
ningxRequestLog.setRequestCity(ipAddr.getCity());
ningxRequestLog.setRequestProvince(ipAddr.getProvince());
this.ningxRequestLogService.add(ningxRequestLog);
logger.info("访问ip[{}]入库successed:",ningxRequestLog.getRequestIp());
}else{
logger.info("当前访问的信息未成功获取到ip");
}
} catch (Exception e) {
logger.error("nginx 访问 ip 入库错误,原因为[{}]",e.getMessage());
}
}
}
private IpAddr checkAttribution(NginxLogParam nginxLogParam) {
String key = RedisCommonUtils.REQUEST_IP_PREIFIX + nginxLogParam.getClientIP();
Boolean exitIp = this.redisTemplate.hasKey(key);
IpAddr ipAddr = new IpAddr();
if (exitIp){
ipAddr = (IpAddr)this.redisTemplate.opsForValue().get(key);
logger.info("当前访问的ip:[{}]在缓存中存在归属地信息,从缓存中返回成功",nginxLogParam.getClientIP());
return ipAddr;
}
//归属地获取
HashMap<String, String> regionParamMap = new HashMap<>();
regionParamMap.put("lang","zh-CN");
String s = null;
try {
s = HttpUtil.sendGet(CommonUrls.XINLANG_REGIN_URL+nginxLogParam.getClientIP(), regionParamMap);
} catch (UnsupportedEncodingException e) {
logger.error("归属地查询失败,原因为[{}]",e);
ipAddr.setProvince(StringUtils.EMPTY);
ipAddr.setCity(StringUtils.EMPTY);
}
IpRegion ipRegion = JSON.parseObject(s, IpRegion.class);
ipAddr.setProvince(StringUtils.isBlank(ipRegion.getRegionName()) ? StringUtils.EMPTY : ipRegion.getRegionName());
ipAddr.setCity(ipRegion.getCity());
this.redisTemplate.opsForValue().set(key,ipAddr,24*60,TimeUnit.MINUTES);
return ipAddr;
}
private static class IpAddr {
public IpAddr() {}
private String city;
private String province;
public String getCity() {
return city;
}
public void setCity(String city) {
this.city = city;
}
public String getProvince() {
return province;
}
public void setProvince(String province) {
this.province = province;
}
}
}
四:使用lua脚本实时发送nginx访问日志到kafka,
接下来就是如何将nginx消息发送出去的问题,我们采用kafka的lua脚本执行发送,由于kafka已经存在lua标准库,所以我们得下载kafka支持的lua脚本让入到
openstry文件下,然后编写lua脚本执行就可以,一起来看看吧
第一步:下载kafka的lua脚本并加压后复制到指定的文件夹下 ,注意自己的路径就可以
wget https://github.com/doujiang24/lua-resty-kafka/archive/master.zip
yum install -y unzip
unzip lua-resty-kafka-master.zip
cp -rf /usr/local/lua-resty-kafka-master/lib/resty /usr/hello/lualib
第二步:编写kafka脚本
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by renxiaole.
--- DateTime: 2020/8/1 09:48
---
local cjson = require("cjson")
local producer = require("resty.kafka.producer")
local broker_list = {
{ host = "你自己的ip", port = 9092 }
}
--定义一个本地变量
local log_json = {}
--获取headers
local headers=ngx.req.get_headers()
--获取ip
local ip=headers["X-REAL-IP"] or headers["X_FORWARDED_FOR"] or ngx.var.remote_addr or "0.0.0.0"
log_json["ip"]=ip
--对发送的消息执行编码
local message = cjson.encode(log_json);
local productId = ngx.req.get_uri_args()["productId"]
--创建producer对象
local async_producer = producer:new(broker_list, { producer_type = "async" })
--执行发送
local ok, err = async_producer:send("access-log", productId, message)
if not ok then
ngx.log(ngx.ERR, "kafka send err:", err)
return
end
第三部:部署到nginx的配置文件中
access_by_lua_file /usr/local/software/openresty/openresty-1.13.6.1/nginx/conf/lua/kafka_log.lua;
第四步:重新启动nginx
然后大功告成,接下来,就是提交代码,执行部署项目,就可以看到数据正常入库了,我们去数据库看看,有没有数据,我们看到已经正常入库!
459 203.208.60.71 GET 1.1 2020-08-01 19:19:46 北京市 海淀
460 183.136.225.56 GET 1.1 2020-08-01 20:05:07 浙江省 诸暨
461 47.100.64.86 GET 1.1 2020-08-01 20:07:45 浙江省 西湖
462 150.137.27.107 GET 1.1 2020-08-01 20:49:27 夏威夷州 檀香山
464 7.62.153.81 GET 1.1 2020-08-01 20:49:33 俄亥俄州 Columbus
465 47.101.198.15 GET 1.1 2020-08-01 21:18:06 浙江省 西湖
466 47.101.198.126 GET 1.1 2020-08-01 21:26:50 浙江省 西湖
本期分享了通过kafka+lua实时获取网站ip,其实方法很多,下一期,我们一起来分享如何计算这些ip的访问评率,然后动态封禁他们,本期就到这里,本人水平有限,如果有不妥之处,请留言,我会虚心接受意见和建议,谢谢,
大家也可以访问我的网站任小乐技术博客,目前主要会在本人的技术网站发布最新的文章,谢谢!
网友评论