Nginx会话保持之nginx-sticky-module模块

https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/overview

[root@nginx ~]# mkdir -p /server/tools
[root@nginx ~]# cd /server/tools
[root@nginx tools]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module

[root@nginx tools]# wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip

[root@nginx tools]# unzip -D nginx-goodies-nginx-sticky-module-ng-08a395c66e42.zip 
[root@nginx tools]# mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-sticky-module-ng

[root@nginx tools]# cp -rf /usr/local/nginx/ /server/backup/

[root@nginx tools]# cd nginx-1.8.0
[root@nginx nginx-1.8.0]# ./configure --prefix=/usr/local/nginx  --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/server/tools/nginx-sticky-module-ng
[root@nginx nginx-1.8.0]# make
[root@nginx nginx-1.8.0]# make install

[root@nginx tools]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/server/tools/nginx-sticky-module-ng

[root@nginx tools]# service nginx restart

upstream www_web_com {
#   ip_hash;
   sticky expires=1h domain=web.com path=/;
   server 10.0.0.16:8080;
   server 10.0.0.17:8080;
}

upstream {
  sticky;
  server 127.0.0.1:9000;
  server 127.0.0.1:9001;
  server 127.0.0.1:9002;
}

sticky [name=route] [domain=.foo.bar] [path=/] [expires=1h] 
       [hash=index|md5|sha1] [no_fallback] [secure] [httponly];

[name=route]       设置用来记录会话的 cookie 名称
[domain=.foo.bar]    设置 cookie 作用的域名
[path=/]          设置 cookie 作用的 URL 路径，默认根目录
[expires=1h]        设置 cookie 的生存期，默认不设置，浏览器关闭即失效，需要是大于 1 秒的值
[hash=index|md5|sha1]   设置 cookie 中服务器的标识是用明文还是使用 md5 值，默认使用 md5
[no_fallback]       设置该项，当 sticky 的后端机器挂了以后，nginx 返回 502 (Bad Gateway or Proxy Error)，而不转发到其他服务器，不建议设置
[secure]          设置启用安全的 cookie，需要 HTTPS 支持
[httponly]         允许 cookie 不通过 JS 泄漏，没用过

name: the name of the cookies used to track the persistant upstream srv; default: route
domain: the domain in which the cookie will be valid default: nothing. Let the browser handle this.
path: the path in which the cookie will be valid default: /
expires: the validity duration of the cookie default: nothing. It's a session cookie. restriction: must be a duration greater than one second
hash: the hash mechanism to encode upstream server. It cant' be used with hmac. default: md5
md5|sha1: well known hash
index: it's not hashed, an in-memory index is used instead, it's quicker and the overhead is shorter Warning: the matching against upstream servers list is inconsistent. So, at reload, if upstreams servers has changed, index values are not guaranted to correspond to the same server as before! USE IT WITH CAUTION and only if you need to!
hmac: the HMAC hash mechanism to encode upstream server It's like the hash mechanism but it uses hmac_key to secure the hashing. It can't be used with hash. md5|sha1: well known hash default: none. see hash.
hmac_key: the key to use with hmac. It's mandatory when hmac is set default: nothing.
no_fallback: when this flag is set, nginx will return a 502 (Bad Gateway or Proxy Error) if a request comes with a cookie and the corresponding backend is unavailable.
secure enable secure cookies; transferred only via https
httponly enable cookies not to be leaked via js 

session_sticky [cookie=name] [domain=your_domain] [path=your_path] [maxage=time][mode=insert|rewrite|prefix] 
         [option=indirect] [maxidle=time] [maxlife=time] [fallback=on|off] [hash=plain|md5]

mode 设置 cookie 的模式:
  insert: 在回复中本模块通过 Set-Cookie 头直接插入相应名称的 cookie。prefix: 不会生成新的 cookie，但会在响应的 cookie 值前面加上特定的前缀，当浏览器带着这个有特定标识的 cookie 再次请求时，模块在传给后端服务前先删除加入的前缀，后端服务拿到的还是原来的 cookie 值，这些动作对后端透明。如：”Cookie: NAME=SRV~VALUE”。rewrite: 使用服务端标识覆盖后端设置的用于 session sticky 的 cookie。如果后端服务在响应头中没有设置该 cookie，则认为该请求不需要进行 session sticky，使用这种模式，后端服务可以控制哪些请求需要 sesstion sticky，哪些请求不需要。option 设置用于 session sticky 的 cookie 的选项，可设置成 indirect 或 direct。indirect 不会将 session sticky 的 cookie 传送给后端服务，该 cookie 对后端应用完全透明。direct 则与 indirect 相反。maxidle 设置 session cookie 的最长空闲的超时时间
maxlife 设置 session cookie 的最长生存期
maxage 是 cookie 的生存期。不设置时，浏览器或 App 关闭后就失效。下次启动时，又会随机分配后端服务器。所以如果希望该客户端的请求长期落在同一台后端服务器上，可以设置 maxage。hash 不论是明文还是 hash 值，都有固定的数目。因为 hash 是 server 的标识，所以有多少个 server，就有等同数量的 hash 值。