cookie不同於session,一個存於客戶端,一個存於服務端。
環境nginx 1.8.0
centos6.X
sticky:1.2.5 wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/master.tar.gz
cookie負載均衡相比iphash來比其中一個特點比較明顯:內網nat用戶的均衡。而iphash無法做到。
yum install openssl openssl-devel
先停止nginx服務。在給nginx添加模塊。
將同版本的nginx包從新解壓一份出來。當然同事也講下載的sticky模塊也解壓並從命名成nginx-sticky-module
tar -zxf master.tar.gz
mv nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d nginx-sticky-module
killall nginx
(如果想查看sticky的版本,可以在changelog.txt里查看和改動)
添加模塊:
我原來nginx的安裝路徑是:/usr/local/nginx (添加模塊時,之前的配置和模塊也需要加上)因為這些都需要寫到nginx這個二進制文件中。
查看之前安裝了什么模塊使用 /usr/local/nginx/sbin/nginx -V (大寫的V哦。和我名字一樣)
將之前的待上進行編譯
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky-module
因為我之前就2個模塊。
然后我們make就好。 make install就不需要了,那是重新安裝。
我們編譯完成之后,在當前目錄下會有一個objs,里面有nginx文件,就是我們make生成的二進制文件,然后將這個文件拷貝到/usr/local/nginx/sbin (之前的nginx最好備份一下,以免發生錯誤好恢復)
至此 nginx 添加模塊成功。 我們直接在nginx配置文件中引用就好。如下圖
當然你也可以設置sticky的一些參數,比如sticky的緩存時間,作用於之類的。這里詳細查看可以查詢sticky解壓包里的readme如下
========================================我粘貼出來========================================(英語大俠有福了)
balancing system won't be fair.
Using a cookie to track the upstream server makes each browser unique.
When the sticky module can't apply, it switchs back to the classic Round Robin Upstream or returns a "Bad Gateway" (depending on the no_fallback flag).
Sticky module can't apply when cookies are not supported by the browser
> Sticky module is based on a "best effort" algorithm. Its aim is not to handle # Nginx Sticky Module
# Nginx Sticky Module
modified and extended version; see Changelog.txt
# Description
A nginx module to add a sticky cookie to be always forwarded to the same upstream server.
When dealing with several backend servers, it's sometimes useful that one client (browser) is always served by the same backend server (for session persistance for example).
Using a persistance by IP (with the ip_hash upstream module) is maybe not a good idea because there could be situations where a lot of different browsers are coming with the same IP address (behind proxies)and the load balancing system won't be fair.
Using a cookie to track the upstream server makes each browser unique.
When the sticky module can't apply, it switchs back to the classic Round Robin Upstream or returns a "Bad Gateway" (depending on the no_fallback flag).
Sticky module can't apply when cookies are not supported by the browser
> Sticky module is based on a "best effort" algorithm. Its aim is not to handle > security somehow. It's been made to ensure that normal users are always > redirected to the same backend server: that's all!
# Installation
You'll need to re-compile Nginx from source to include this module. Modify your compile of Nginx by adding the following directive (modified to suit your path of course):
./configure ... --add-module=/absolute/path/to/nginx-sticky-module-ng make make install
# Usage
upstream { sticky; server 127.0.0.1:9000; server 127.0.0.1:9001; server 127.0.0.1:9002; }
sticky [name=route] [domain=.foo.bar] [path=/] [expires=1h] [hash=index|md5|sha1] [no_fallback] [secure] [httponly];
- name: the name of the cookies used to track the persistant upstream srv; default: route
- domain: the domain in which the cookie will be valid default: nothing. Let the browser handle this.
- path: the path in which the cookie will be valid default: /
- expires: the validity duration of the cookie default: nothing. It's a session cookie. restriction: must be a duration greater than one second
- hash: the hash mechanism to encode upstream server. It cant' be used with hmac. default: md5
- md5|sha1: well known hash - index: it's not hashed, an in-memory index is used instead, it's quicker and the overhead is shorter Warning: the matching against upstream servers list is inconsistent. So, at reload, if upstreams servers has changed, index values are not guaranted to correspond to the same server as before! USE IT WITH CAUTION and only if you need to!
- hmac: the HMAC hash mechanism to encode upstream server It's like the hash mechanism but it uses hmac_key to secure the hashing. It can't be used with hash. md5|sha1: well known hash default: none. see hash.
- hmac_key: the key to use with hmac. It's mandatory when hmac is set default: nothing.
- no_fallback: when this flag is set, nginx will return a 502 (Bad Gateway or Proxy Error) if a request comes with a cookie and the corresponding backend is unavailable.
- secure enable secure cookies; transferred only via https - httponly enable cookies not to be leaked via js # Detail Mechanism
- see docs/sticky.{vsd,pdf}
# Issues and Warnings:
- when using different upstream-configs with stickyness that use the same domain but refer to different location - configs it might be wise to set a different path / route - option on each of this upstream-configs like described here: https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/issue/7/leaving-cookie-path-empty-in-module
- sticky module does not work with the "backup" option of the "server" configuration item. - sticky module might work with the nginx_http_upstream_check_module (up from version 1.2.3) - sticky module may require to configure nginx with SSL support (when using "secure" option)
# Contributing
- please send/suggest patches as diffs - tickets and issues here: https://bitbucket.org/nginx-goodies/nginx-sticky-session-ng
# Downloads
# TODO
see Todo.md
# Authors & Credits
- Jerome Loyet, initial module - Markus Linnala, httponly/secure-cookies-patch - Peter Bowey, Nginx 1.5.8 API-Change - Michael Chernyak for Max-Age-Patch - anybody who suggested a patch, created an issue on bitbucket or helped improving this module
# Copyright & License
This module is licenced under the BSD license.
Copyright (C) 2010 Jerome Loyet (jerome at loyet dot net) Copyright (C) 2014 Markus Manzke (goodman at nginx-goodies dot com)
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.