基于Nginx的Session-sticky技术的软件负载均衡方案原理和实施步骤v1.0-20130929

基于Nginx的Session-sticky技术的软件负载均衡方案原理和实施步骤

[一]、综述

(1)实现原理：用户请求到nginx，基于nginx的nginx-sticky-module模块的session sticky（会话粘滞）实现后端应用服务器的路由选择，再将用户请求提交到后端的tomcat/weblogic/websphere 应用处理并逆向反馈响应。

(2)技术选型：

Nginx+ nginx-sticky-module+J2EE中间件（容器）。

(3)应用场景：

本解决方案是基于浏览器的Cookie机制，通过nginx的反向代理机制，将浏览器与后端应用服务器的访问映射关系，作为前端请求转发到实现某个会话内所有用户的请求都访问当相同的后端服务器。

[二]、安装步骤

创建www用户和组,以及主机需要的目录,日志目录

groupadd www

useradd -g www www

一、依赖的程序

1. gzip module requires zlib library

2. rewrite module requires pcre library

3. ssl support requires openssl library

二、依赖的程序的安装的方法

1、zlib 现在最新的版本是zlib-1.2.5

官网下载地址：https://www.360docs.net/doc/1411700504.html,/zlib-1.2.5.tar.gz

$tar -xvzf zlib-1.2.5.tar.gz

2、 pcre现在的最新版本是pcre-8.02.tar.gz

官网下载地址：ftp://https://www.360docs.net/doc/1411700504.html,/pub/software/programming/pcre/pcre-

8.02.tar.gz

$tar -xvzf pcre-8.02.tar.gz

$cd pcre-8.02

$./configure --prefix=/usr/local/pcre --enable-utf8 --enable-unicode-properties

$ make && make install

3、openssl现在最新版本是openssl-1.0.0a.tar.gz

官网下载地址：https://www.360docs.net/doc/1411700504.html,/source/openssl-1.0.0a.tar.gz

$tar zvxf openssl-1.0.0.tar.gz

$cd openssl-1.0.0

$./config --prefix=/usr/local/ssl-1.0.0 shared zlib-dynamic enable-camellia

$make && make install

4、安装Nginx 1.0.0，这种方法./configure 要带很多参数，大家要注意。

官网下载地址：https://www.360docs.net/doc/1411700504.html,/

$tar zvxf Nginx 1.0.0.tar.gz

$cd Nginx 1.0.0

$./configure --prefix=/usr/local/nginx --with-http_gzip_static_module

--with-http_stub_status_module --with-http_realip_module

--with-zlib=/usr/local/src/zlib --with-pcre=/usr/local/src/pcre

--add-module=/usr/local/src/nginx-sticky-module

特别注意：pcre和zlib不需要安装，nginx会直接采用源代码的方式进行configure配置。

$ make

$ make install

编译和安装成功。

四、会话保持配置

（1）实现原理：

官方下载：https://www.360docs.net/doc/1411700504.html,/p/nginx-sticky-module/

建议版本：nginx-sticky-module-1.1

安装方式：

安装nginx时， ./configure附加--add-module=/usr/local/src/nginx-sticky-module

（2）关键配置参数：

sticky [name=cookieName] [domain=.foo.bar] [path=/] [expires=1h]

[hash=index|md5|sha1];

- name: the name of the cookies used to track the persistant upstream srv default: route

- domain: the domain in which the cookie will be valid

default: nothing. Let the browser handle this.

- path: the path in which the cookie will be valid

default: nothing. Let the browser handle this.

- expires: the validity duration of the cookie

refault: nothing. It's a session cookie.

restriction: must be a duration greater than one second

- hash: the hash mechanism to encode upstream server. It can't be used with hmac.

md5|sha1: well known hash

index: it's not hashed, an in-memory index is used instead it's quicker and the overhead is shorter

Warning: the matching against upstream servers list

is inconsistent. So, at reload, if upstreams servers

has changed, index values are not guaranted to

correspond to the same server as before!

USE IT WITH CAUTION and only if you need to!

default: md5

- hmac: the HMAC hash mechanism to encode upstream server

It's like the hash mechanism but it uses hmac_key

to secure the hashing. It can't be used with hash.

md5|sha1: well known hash

default: none. see hash.

-hmac_key: the key to use with hmac. It's mandatory when hmac is set

default: nothing.

-no_fallback:

（3）配置案例：

location /csip {

proxy_pass http://backend_appservers;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; }

案例一：

upstream backend_appservers{

sticky;

server 10.170.231.187:8080 max_fails=3 fail_timeout=30s;

server 10.172.247.131:8080 max_fails=3 fail_timeout=30s;

}

案例二：

upstream backend_appservers {

sticky name=myLBR;

server 10.1.1.11:7001;

server 10.1.1.11:7003;

server 10.1.1.12:7001;

server 10.1.1.12:7003;

}

四、启动及重启

1、启动：

$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

打开浏览器在地址栏输入127.0.0.1然后会出现一句话 welcome to nginx

2、重启：kill -HUP `cat /usr/local/nginx/logs/nginx.pid`

或者直接关闭

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf -s stop

3、测试配置文件：

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf -t

4、在线重载nginx配置变更

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf -s reload

五、设置成随操作系统自动重启

/etc/rc.d/rc.local

添加如下信息：

# nginx start

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

六、检查nginx的安装目录命令

whereis nginx

[四]、配置案例

user nobody;

worker_processes 6;

worker_cpu_affinity 000000001000 000000010000 000000100000 000001000000 000010000000 000100000000;

worker_rlimit_nofile 51200;

pid sbin/nginx.pid;

error_log logs/error.log error;

events {

use epoll;

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

server_tokens off;

keepalive_timeout 75s;

sendfile off;

tcp_nopush on;

tcp_nodelay on;

client_max_body_size 32m;

# Proxy

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_redirect off;

proxy_pass_header Set-Cookie;

proxy_hide_header X-Powered-By;

proxy_hide_header X-Mod-Pagespeed;

proxy_ignore_client_abort off;

proxy_cache_valid any 10m;

proxy_connect_timeout 75s;

proxy_read_timeout 75s;

proxy_send_timeout 75s;

proxy_buffering on;

proxy_buffers 8 32k;

proxy_buffer_size 32k;

proxy_busy_buffers_size 64k;

proxy_temp_file_write_size 64k;

proxy_cache_path /usr/local/nginx/proxy_temp levels=1:2 keys_zone=cache:10m

inactive=10m max_size=1024M;

# Gzip

gzip_static on;

gzip on;

gzip_vary on;

gzip_min_length 16k;

gzip_comp_level 3;

gzip_buffers 8 32k;

gzip_http_version 1.1;

gzip_proxied expired no-cache no-store private auth;

gzip_types text/plain text/xml text/css application/x-javascript application/xml application/vnd.ms-word application/xml+rss text/javascript application/ms

word application/zip;

gzip_disable "MSIE [1-6]\.";

# Log

log_format main '-[$time_local] <$remote_addr> <$request -$status> <$upstream_addr -$upstream_status>';

access_log logs/access.log main buffer=16k;

open_log_file_cache max=10 inactive=30s min_uses=2 valid=60s;

# LoadBlance

upstream appservers {

sticky name=csipLBR;

server 10.1.1.11:7001;

server 10.1.1.11:7003;

server 10.1.1.12:7001;

server 10.1.1.12:7003;

}

server {

server_name https://www.360docs.net/doc/1411700504.html,;

listen 80;

#charset utf-8;

location /nginxstatus {

stub_status on;

access_log off;

}

location / {

index index.html index.htm;

proxy_pass http://appservers;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

}

# Global.

location = / {

root html;

index index.html index.html;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

error_page 403 404 410 /404.html;

location = /404.html {

root html;

}

}

}

[五]、Linux下nginx常见问题汇总：

1、在包含自 /usr/local/src/nginx-sticky-module/ngx_http_sticky_misc.c：11 的文件中: src/core/ngx_sha1.h:19:17: 错误：sha.h：没有那个文件或目录

In file included from /usr/local/src/nginx-sticky-module/ngx_http_sticky_misc.c:11:

原因：openssl没有预先make && make install到操作系统。

2、/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory

[root@localhost conf]# ldd $(which /usr/local/nginx/sbin/nginx)

发现libpcre.so.1 => not found

可以看出 libpcre.so.1 => not found 并没有找到，进入/lib目录中手动链接下

--32位环境下

[root@localhost /]# cd /lib

[root@localhost lib]# ln -s libpcre.so.0.0.1 libpcre.so.1

--64位环境下

[root@localhost /]# cd /lib64

[root@localhost lib64]# /usr/local/nginx/sbin/nginx -t