背景

Kibana可以随便选择时间段,在数据量比较大的时间,如果选择的时间段超大(如3个月),则可能导致ES直接FullGC,进而导致ES集群崩溃。

安装

OpenResty停止

  1. /usr/local/openresty/nginx/sbin/nginx -p `pwd` -s stop

OpenResty启动

  1. /usr/local/openresty/nginx/sbin/nginx -p `pwd`/ -c conf/nginx.conf

配置

Lua拦截请求,符合目标直接返回403.

nginx配置

  1. worker_processes 1;
  2. error_log logs/error.log;
  3. events {
  4. worker_connections 1024;
  5. }
  6. http {
  7. upstream kibana {
  8. server bigdata-dev10:5601;
  9. }
  10. init_by_lua 'cjson = require "cjson"';
  11. server {
  12. listen 8080;
  13. location / {
  14. try_files /_not_exists_ @kibana;
  15. }
  16. location @kibana {
  17. proxy_pass http://kibana;
  18. }
  19. location /elasticsearch/_msearch {
  20. rewrite_by_lua_file '/opt/nginx/conf/es.lua';
  21. proxy_pass http://kibana;
  22. }
  23. }
  24. }

Nginx Lua模块拦截过滤

es.lua

  1. function split(szFullString, szSeparator)
  2. local nFindStartIndex = 1
  3. local nSplitIndex = 1
  4. local nSplitArray = {}
  5. while true do
  6. local nFindLastIndex = string.find(szFullString, szSeparator, nFindStartIndex)
  7. if not nFindLastIndex then
  8. nSplitArray[nSplitIndex] = string.sub(szFullString, nFindStartIndex, string.len(szFullString))
  9. break
  10. end
  11. nSplitArray[nSplitIndex] = string.sub(szFullString, nFindStartIndex, nFindLastIndex - 1)
  12. nFindStartIndex = nFindLastIndex + string.len(szSeparator)
  13. nSplitIndex = nSplitIndex + 1
  14. end
  15. return nSplitArray
  16. end
  17. function overRange(must)
  18. if (not next(must)) then
  19. return false
  20. end
  21. for i, v in ipairs(must) do
  22. if (type(v) == "table") then
  23. for j, v2 in pairs(v) do
  24. if (j == "range" and type(v2) == "table") then
  25. local isTime = false
  26. local minTime, maxTime
  27. for k, v3 in pairs(v2) do
  28. if (type(v3) == "table") then
  29. for op, v4 in pairs(v3) do
  30. if (type(v4) == "number" and #tostring(v4) == 13) then
  31. isTime = true
  32. if (op == "gt" or op == "gte") then
  33. minTime = v4
  34. elseif (op == "lt" or op == "lte") then
  35. maxTime = v4
  36. else
  37. end
  38. end
  39. end
  40. end
  41. end
  42. if (isTime) then
  43. local theRange = (maxTime - minTime)
  44. if (theRange > 86400000) then
  45. return true
  46. end
  47. end
  48. end
  49. end
  50. end
  51. end
  52. return false
  53. end
  54. ngx.req.read_body()
  55. local body = ngx.req.get_body_data()
  56. if body then
  57. local arr = split(body, '\n')
  58. if (arr) then
  59. for i, v in ipairs(arr) do
  60. if (v ~= "") then
  61. local dst = cjson.decode(v)
  62. if (type(dst) == "table" and type(dst.query) == "table" and type(dst.query.bool) == 'table') then
  63. if (overRange(dst.query.bool.must) or overRange(dst.query.bool.must_not)) then
  64. ngx.exit(403)
  65. end
  66. end
  67. end
  68. end
  69. end
  70. end
文档更新时间: 2019-06-04 21:06