nginx添加sticky模块-cookie保持会话

cookie不同于session,一个存于客户端,一个存于服务端。

环境nginx 1.8.0

centos6.X

sticky:1.2.5   wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/master.tar.gz

cookie负载均衡相比iphash来比其中一个特点比较明显:内网nat用户的均衡。而iphash无法做到。

yum install openssl openssl-devel

先停止nginx服务。在给nginx添加模块。

将同版本的nginx包从新解压一份出来。当然同事也讲下载的sticky模块也解压并从命名成nginx-sticky-module

tar -zxf master.tar.gz

mv nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d nginx-sticky-module

killall nginx

(如果想查看sticky的版本,可以在changelog.txt里查看和改动)

添加模块:

我原来nginx的安装路径是:/usr/local/nginx  (添加模块时,之前的配置和模块也需要加上)因为这些都需要写到nginx这个二进制文件中。

查看之前安装了什么模块使用 /usr/local/nginx/sbin/nginx -V (大写的V哦。和我名字一样)

将之前的待上进行编译

./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky-module

因为我之前就2个模块。

然后我们make就好。   make install就不需要了,那是重新安装。

我们编译完成之后,在当前目录下会有一个objs,里面有nginx文件,就是我们make生成的二进制文件,然后将这个文件拷贝到/usr/local/nginx/sbin  (之前的nginx最好备份一下,以免发生错误好恢复)

至此 nginx 添加模块成功。 我们直接在nginx配置文件中引用就好。如下图

nginx添加sticky模块-cookie保持会话

当然你也可以设置sticky的一些参数,比如sticky的缓存时间,作用于之类的。这里详细查看可以查询sticky解压包里的readme如下

========================================我粘贴出来========================================(英语大侠有福了)

balancing system won't be fair.

Using a cookie to track the upstream server makes each browser unique.

When the sticky module can't apply, it switchs back to the classic Round Robin Upstream or returns a "Bad Gateway" (depending on the no_fallback flag).

Sticky module can't apply when cookies are not supported by the browser

> Sticky module is based on a "best effort" algorithm. Its aim is not to handle # Nginx Sticky Module

# Nginx Sticky Module

modified and extended version; see Changelog.txt

# Description

A nginx module to add a sticky cookie to be always forwarded to the same upstream server.

When dealing with several backend servers, it's sometimes useful that one client (browser) is always served by the same backend server (for session persistance for example).

Using a persistance by IP (with the ip_hash upstream module) is maybe not a good idea because there could be situations where a lot of different browsers are coming with the same IP address (behind proxies)and the load balancing system won't be fair.

Using a cookie to track the upstream server makes each browser unique.

When the sticky module can't apply, it switchs back to the classic Round Robin Upstream or returns a "Bad Gateway" (depending on the no_fallback flag).

Sticky module can't apply when cookies are not supported by the browser

> Sticky module is based on a "best effort" algorithm. Its aim is not to handle > security somehow. It's been made to ensure that normal users are always > redirected to the same  backend server: that's all!

# Installation

You'll need to re-compile Nginx from source to include this module. Modify your compile of Nginx by adding the following directive (modified to suit your path of course):

./configure ... --add-module=/absolute/path/to/nginx-sticky-module-ng     make     make install

# Usage

upstream {       sticky;       server 127.0.0.1:9000;       server 127.0.0.1:9001;       server 127.0.0.1:9002;     }

sticky [name=route] [domain=.foo.bar] [path=/] [expires=1h]            [hash=index|md5|sha1] [no_fallback] [secure] [httponly];

- name:    the name of the cookies used to track the persistant upstream srv;   default: route

- domain:  the domain in which the cookie will be valid   default: nothing. Let the browser handle this.

- path:    the path in which the cookie will be valid   default: /

- expires: the validity duration of the cookie   default: nothing. It's a session cookie.   restriction: must be a duration greater than one second

- hash:    the hash mechanism to encode upstream server. It cant' be used with hmac.   default: md5

- md5|sha1: well known hash     - index:    it's not hashed, an in-memory index is used instead, it's quicker and the overhead is shorter     Warning: the matching against upstream servers list     is inconsistent. So, at reload, if upstreams servers     has changed, index values are not guaranted to     correspond to the same server as before!     USE IT WITH CAUTION and only if you need to!

- hmac:    the HMAC hash mechanism to encode upstream server     It's like the hash mechanism but it uses hmac_key     to secure the hashing. It can't be used with hash.     md5|sha1: well known hash     default: none. see hash.

- hmac_key: the key to use with hmac. It's mandatory when hmac is set            default: nothing.

- no_fallback: when this flag is set, nginx will return a 502 (Bad Gateway or               Proxy Error) if a request comes with a cookie and the               corresponding backend is unavailable.

- secure    enable secure cookies; transferred only via https - httponly  enable cookies not to be leaked via js # Detail Mechanism

- see docs/sticky.{vsd,pdf}

# Issues and Warnings:

- when using different upstream-configs with stickyness that use the same domain but   refer to different location - configs it might be wise to set a different path / route -   option on each of this upstream-configs like described here:   https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/issue/7/leaving-cookie-path-empty-in-module

- sticky module does not work with the "backup" option of the "server" configuration item. - sticky module might work with the nginx_http_upstream_check_module (up from version 1.2.3) - sticky module may require to configure nginx with SSL support (when using "secure" option)

# Contributing

- please send/suggest patches as diffs - tickets and issues here: https://bitbucket.org/nginx-goodies/nginx-sticky-session-ng

# Downloads

# TODO

see Todo.md

# Authors & Credits

- Jerome Loyet, initial module - Markus Linnala, httponly/secure-cookies-patch - Peter Bowey, Nginx 1.5.8 API-Change - Michael Chernyak for Max-Age-Patch - anybody who suggested a patch, created an issue on bitbucket or helped improving this module

# Copyright & License

This module is licenced under the BSD license.

Copyright (C) 2010 Jerome Loyet (jerome at loyet dot net)     Copyright (C) 2014 Markus Manzke (goodman at nginx-goodies dot com)

Redistribution and use in source and binary forms, with or without     modification, are permitted provided that the following conditions     are met:

1. Redistributions of source code must retain the above copyright     notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright     notice, this list of conditions and the following disclaimer in the     documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE     IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE     ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE     FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL     DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS     OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT     LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF     SUCH DAMAGE.

上一篇:Nginx会话保持之nginx-sticky-module模块


下一篇:系统相关的信息模块: import sys