Nginx Session Retention Nginx-sticky-module Module

Last Update:2018-07-19 Source: Internet

Author: User

Tags md5 openssl sha1

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

When you use load balancing, you will experience session retention problems, which are commonly used in the following ways:
1.IP Hash, assigning requests to different servers based on the IP of the client
2.cookie, the server sends a cookie to the client, and a request with a specific cookie is assigned to its publisher
Note: Cookies require browser support and sometimes reveal data

1.Sticky Working principle:
Sticky is a nginx module that is a nginx load-balancing solution based on cookies, by distributing and identifying cookies so that the same client's request falls on the same server with the default identification name route
(a) The client initiates the access request for the first time, nginx the request to the back-end server by polling, after receiving the discovery request header without a cookie.
(b) The backend server finishes processing the request and returns the response data to the Nginx.
(c) At this time Nginx generates a cookie with route and returns it to the client. The value of the route corresponds to the back-end server, which may be plaintext, or it may be hash values such as MD5, SHA1, etc.
(d) The client receives the request and saves the cookie with route.
(e) When the client sends the request next time, it is route,nginx to the corresponding back-end server based on the route value in the received cookie.

2. Recompile nginx add Nginx-sticky-module module
Query the module-related documentation on the bitbucket.org
Https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/overview Query The current nginx compilation parameters can use the following command:

/usr/local/nginx/sbin/nginx-v

[Root@nginx ~]# mkdir-p/server/tools
[Root@nginx ~]# cd/server/tools
[  Root@nginx tools]#/usr/local/nginx/sbin/nginx-v
nginx version:nginx/1.8.0 built by
gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
Built with OpenSSL 1.0.1e-fips Feb 2013
TLS SNI support enabled
configure arguments:--prefix=/usr/local/nginx --user=nginx--group=nginx--with-http_stub_status_module--with-http_ssl_module

download Package for this module () Nginx-sticky-module Module packages on other platforms are not easily downloaded from foreign sources, find the package above GitHub

[Root@nginx tools]# wget Https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip

Decompression

[Root@nginx tools]# unzip-d nginx-goodies-nginx-sticky-module-ng-08a395c66e42.zip 
[Root@nginx tools]# MV Nginx-goodies-nginx-sticky-module-ng-08a395c66e42 Nginx-sticky-module-ng

Nginx Directory prior to backup (Note: Nginx log may be large)

[Root@nginx tools]# cp-rf/usr/local/nginx//server/backup/

go to the previously compiled Nginx directory and recompile the installation Note: Overwrite the installation

[Root@nginx tools]# cd nginx-1.8.0
[Root@nginx nginx-1.8.0]#./configure--prefix=/usr/local/nginx  Nginx--group=nginx--with-http_stub_status_module--with-http_ssl_module--add-module=/server/tools/ Nginx-sticky-module-ng
[Root@nginx nginx-1.8.0]# make
[Root@nginx nginx-1.8.0]# make install

after installation, view nginx compilation parameters again

[Root@nginx tools]#/usr/local/nginx/sbin/nginx-v
nginx version:nginx/1.8.0 built by
gcc 4.4.7 20120313 (Red H At 4.4.7-4) (GCC) 
built with OpenSSL 1.0.1e-fips Feb 2013 TLS SNI support
enabled
configure arguments:- -prefix=/usr/local/nginx--user=nginx--group=nginx--with-http_stub_status_module--with-http_ssl_module-- Add-module=/server/tools/nginx-sticky-module-ng

you need to reboot nginx to use the sticky module

[Root@nginx tools]# Service Nginx Restart

edit configuration file, instance:

Upstream www_web_com {
   #ip_hash;
   Sticky expires=1h domain=web.com path=/;
   Server 10.0.0.16:8080;
   Server 10.0.0.17:8080;
}

the specific configuration according to the company's related business configuration can then open the Web site for testing, using the sticky case, no matter how the refresh is the following results when you do not use the Nginx sticky module, the brush changes several times (sometimes brush once, sometimes several times)

Note: Each back-end real server will have a unique route value, so no matter your real server front-end has a few installed sticky nginx agent, he will not change.

3.sticky Module Use location: Upstream tag

upstream {
  sticky;
  Server 127.0.0.1:9000;
  Server 127.0.0.1:9001;
  Server 127.0.0.1:9002;
}

parameters, parsing

Sticky [Name=route] [Domain=.foo.bar] [path=/] [expires=1h] 
    [HASH=INDEX|MD5|SHA1] [no_fallback] [secure] [ HttpOnly];

[Name=route] Set the name of the cookie that is used to record the session
[Domain=.foo.bar] set the domain name for the cookie effect
[path=/]  set the URL path for the cookie action, default root Record
[expires=1h] To set the lifetime of the cookie, default is not set, browser shutdown is invalid, need to be greater than 1 seconds
[HASH=INDEX|MD5|SHA1]   Set the identity of the server in the cookie by using clear text or MD5 value, by default use MD5
[No_fallback] To set the entry, Nginx return 502 (Bad Gateway or Proxy Error) after the sticky back-end machine is hung , without forwarding to other servers, it is not recommended to set the
[secure]  setting to enable secure cookies and to require HTTPS support
[HttpOnly]  to allow cookies to leak through JS, no use

4. Other parameters: syntax:
The following excerpt from: http://blog.csdn.net/yu870646595/article/details/52056340

Session_sticky [Cookie=name] [Domain=your_domain] [Path=your_path] [Maxage=time][mode=insert|rewrite|prefix]

[Option=indirect] [Maxidle=time] [Maxlife=time] [Fallback=on|off] [HASH=PLAIN|MD5]

Mode sets the pattern of the cookie:
Insert: In the reply, the module inserts a cookie of the corresponding name directly through the Set-cookie header.
Prefix: A new cookie is not generated, but a specific prefix is prefixed to the cookie value of the response, and when the browser requests again with this particular identity cookie, the module deletes the prefix before it is passed to the backend service. The back-end service Gets the original cookie value, which is transparent to the back end. such as: "Cookie:name=srv~value".
Rewrite: The cookie used to overwrite the backend settings with the server-side identity for session sticky. If the back-end service does not have the cookie set in the response header, it is assumed that the request does not require a session sticky, and that the backend service can control which requests need to be sesstion sticky and which requests are not required.
option sets the options for the cookie for session sticky, which can be set to indirect or direct. Indirect does not pass the session sticky cookie to the back-end service, which is completely transparent to the backend application. Direct is the opposite of indirect.
Maxidle Sets the maximum idle timeout time for the session cookie
Maxlife set the maximum lifetime of the session cookie
MaxAge is the lifetime of the cookie. When not set, the browser or app shuts down and becomes invalid. The next time you start, you will randomly assign a backend server. So if you want the client's request to fall on the same back-end server for a long time, you can set up maxage. The
hash has a fixed number, whether it is plaintext or a hash value. Because the hash is the identity of the server, there is an equivalent number of hash values for how many servers there are.

5. Other needs for attention
(a) requests from the same client may fall on different back-end servers
If the client initiates multiple requests at the same time. Since none of these requests have a cookie, the server randomly selects the back-end server and returns a different cookie. When the last request in these requests returns, the client's cookie is stabilized and the value is the last cookie returned.
(b) Cookies do not necessarily take effect
Because cookies are originally issued by the server, cookies do not take effect if the client disables cookies.
(c) Clients may not bring cookies
When an Android client sends a request, it typically does not bring all the cookies, and it needs to specify which cookies will be brought on. If you want to do load balancing with sticky, add cookies to Android development.
(d) The cookie name should not be the same as the cookie used by the business. Sticky The default cookie name is route and can be changed to any value.
(e) The first request sent by the client is not a cookie. The cookies issued by the server will not take effect until the client requests it next time.
(f) Nginx sticky modules cannot be used concurrently with Ip_hash

Focus on getting video

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More