Nginx健康检测及Session保持

       Nginx拥有负载均衡和反向代理功能,但默认本身是不具备后端服务器健康检测的功能的,这样的后果是后端服务宕机后,nginx仍将请求发送给它,造成不良的用户体验。但我们可以借助第三方功能模块来实现健康检测、Session保持等功能,使nginx更加完美。

1、nginx_upstream_check_module

淘宝技术团队开发的nginx模快nginx_upstream_check_module,此模块用来实现后端服务器的健康检查功能。

下载地址:https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master

2、nginx-sticky-module nginx-sticky-module

Nginx 的一个扩展模块,实现了通过 Cookie 的会话保持功能。

下载地址:http://nginx-sticky-module.googlecode.com/svn/trunk/ 【需要翻墙】

其他下载地址:https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/1e96371de59f.zip

3、nginx-upstream-fair

”公平的“Nginx 负载均衡模块,增强了Nginx 提供的round-robin 负载均衡算法,可以跟踪后端服务器的负载来分发请求。

下载地址:git://github.com/gnosek/nginx-upstream-fair.git

接下来我们就开始给nginx增加功能。 首先下载3个扩展模块

cd /usr/local/src
wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master 
git clone git://github.com/gnosek/nginx-upstream-fair.git
wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/1e96371de59f.zip

unzip 1e96371de59f.zip
unzip master
cd nginx_upstream_check_module-master
[root@server07 nginx_upstream_check_module-master]# ll
total 236
-rw-r--r-- 1 root root      0 Jul  1 10:32 CHANGES
-rw-r--r-- 1 root root   5483 Jul  1 10:32 check_1.2.1.patch
-rw-r--r-- 1 root root   7130 Jul  1 10:32 check_1.2.2+.patch
-rw-r--r-- 1 root root   7094 Jul  1 10:32 check_1.2.6+.patch
-rw-r--r-- 1 root root   6791 Jul  1 10:32 check_1.5.12+.patch
-rw-r--r-- 1 root root   8295 Jul  1 10:32 check_1.7.2+.patch
-rw-r--r-- 1 root root   8346 Jul  1 10:32 check_1.7.5+.patch
-rw-r--r-- 1 root root   8509 Jul  1 10:32 check_1.9.2+.patch
-rw-r--r-- 1 root root   6943 Jul  1 10:32 check.patch
-rw-r--r-- 1 root root    749 Jul  1 10:32 config
drwxr-xr-x 2 root root   4096 Jul  1 10:32 doc
-rw-r--r-- 1 root root   1709 Jul  1 10:32 nginx-sticky-module.patch
drwxr-xr-x 2 root root   4096 Jul  1 10:32 nginx-tests
-rw-r--r-- 1 root root 111650 Jul  1 10:32 ngx_http_upstream_check_module.c
-rw-r--r-- 1 root root    529 Jul  1 10:32 ngx_http_upstream_check_module.h
-rw-r--r-- 1 root root   2848 Jul  1 10:32 ngx_http_upstream_jvm_route_module.patch
-rw-r--r-- 1 root root  11509 Jul  1 10:32 README
drwxr-xr-x 6 root root   4096 Jul  1 10:32 test
-rw-r--r-- 1 root root   3342 Jul  1 10:32 upstream_fair.patch
drwxr-xr-x 2 root root   4096 Jul  1 10:32 util

首先查看README

Installation
    Download the latest version of the release tarball of this module from
    github (<http://github.com/yaoweibin/nginx_upstream_check_module>)

    Grab the nginx source code from nginx.org (<http://nginx.org/>), for
    example, the version 1.0.14 (see nginx compatibility), and then build
    the source with this module:
        $ wget 'http://nginx.org/download/nginx-1.0.14.tar.gz'
        $ tar -xzvf nginx-1.0.14.tar.gz
        $ cd nginx-1.0.14/
        $ patch -p1 < /path/to/nginx_http_upstream_check_module/check.patch
        $ ./configure --add-module=/path/to/nginx_http_upstream_check_module
        $ make
        $ make install
If you want to add the support for upstream fair module, you can do it
    like this:
        $ git clone git://github.com/gnosek/nginx-upstream-fair.git
        $ cd nginx-upstream-fair
        $ patch -p2 < /path/to/nginx_http_upstream_check_module/upstream_fair.patch
        $ cd /path/to/nginx-1.0.14
        $ ./configure --add-module=/path/to/nginx_http_upstream_check_module --add-module=/path/to/nginx-upstream-fair-module
        $ make
        $ make install
 If you want to add the support for nginx sticky module, you can do it
    like this:
        $ svn checkout http://nginx-sticky-module.googlecode.com/svn/trunk/ nginx-sticky-module
        $ cd nginx-sticky-module
        $ patch -p0 < /path/to/nginx_http_upstream_check_module/nginx-sticky-module.patch
        $ cd /path/to/nginx-1.0.14
        $ ./configure --add-module=/path/to/nginx_http_upstream_check_module --add-module=/path/to/nginx-sticky-module
        $ make
        $ make install

4、基本上RAEDME已经告诉的很清楚了,所以这里我们准备一起将3个模块都安装上。

cd /usr/local/src/nginx-1.8.0
patch -p1 < /usr/local/src/nginx_upstream_check_module-master/check_1.7.5+.patch 
 ##由于我是1.8版的Nginx所以装heck_1.7.5+.patch ,你可以根据自己的版本选择。
patch -p0 < /usr/local/src/nginx_upstream_check_module-master/nginx-sticky-module.patch 
#图1 这里需要输入ngx_http_sticky_module.c的绝对路径
patch -p2 < /usr/local/src/nginx_upstream_check_module-master/upstream_fair.patch 
 #图2 这里需要输入ngx_http_upstream_fair_module.c的绝对路径

./configure --sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=/usr/local/src/pcre-8.37 \
--with-zlib=/usr/local/src/zlib-1.2.8 \
--with-openssl=/usr/local/src/openssl-1.0.1c \
--add-module=/usr/local/src/nginx_upstream_check_module-master \
--add-module=/usr/local/src/nginx-upstream-fair \
--add-module=/usr/local/src/nginx-goodies-nginx-sticky-module-ng-1e96371de59f

图1

sticky

图2

fair

5、安装完成后,通过配置实现健康检查,并测试。 这里重点展示健康检查配置,其他可以忽略。

worker_processes  1;

error_log  logs/error.log;
pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
        upstream test.com {
            server 100.44.154.150:8080;    ##默认是轮询算法
            server 100.44.157.233:8080;
            check interval=5000 rise=2 fall=5 timeout=1000 type=http; 
##以类型为http的方式检测  interval=5000 rise=2 fall=5 timeout=1000  每5秒检测一次,5次超时就认为失败,2次确认就认为恢复
           check_http_send "GET /docs/RUNNING.txt HTTP/1.0\r\n\r\n"; ##检测的后端服务器页面 /docs/RUNNING.txt
}
    server {
        listen       80;
        server_name  test.com;
        location / {
                proxy_pass http://test.com;
        }
        location /status {
                check_status;
           }
        location = /50x.html {
            root   html;
        }
    }

}

6、登陆 http://test.com/status 查看服务器健康状态  

check1

关闭一台服务器后的状态

check2

7、接下来我们使用nginx-sticky-module 模块实现session保持。

  upstream test.com {
            sticky name=testid;  ##session name可以是任意字符
            server 100.44.154.150:8080;    ##默认是轮询算法
            server 100.44.157.233:8080;
            check interval=5000 rise=2 fall=5 timeout=1000 type=http; 
           check_http_send "GET /docs/RUNNING.txt HTTP/1.0\r\n\r\n";
}
8、测试,我们可以在两个服务器上各放置一个html页面,分别标记server01 server02 ,如果是轮询的话,页面刷新会在server01 server02来回切换,但如果是sticky的话 会固定到其中一台服务器上,下图为session名称

session

 

9、扩展知识

nginx的几种负载均衡算法:

1、轮询 默认

2、weight 权重

3、ip_hash
每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题。

4、fair(第三方)
按后端服务器的响应时间来分配请求,响应时间短的优先分配

5、url_hash(第三方)

按访问url的hash结果来分配请求,使每个url定向到同一个后端服务器,后端服务器为缓存时比较有效。

6、sticky (第三方) 使用cookie 进行sesson保持

The “sticky” command can take several arguments to control its behaviour:

  sticky [name=route] [domain=.foo.bar] [path=/] [expires=1h] [hash=index|md5|sha1] [no_fallback];
Configuration
Description
Parameters
Default Value
name
the name of the cookie used to track the persistant upstream srv
can be any string
“route”
domain
the domain in which the cookie will be valid
can be any string
nothing. Let the browser handle this.
path
the path in which the cookie will      be valid
can be any path
nothing. Let the browser handle this.
expires
the validity duration of the cookie
must be a duration greater than one second
nothing. It’s a session cookie
hash
the hash mechanism to encode upstream server. It cant’ be used      with hmac
md5|sha1
md5
hmac
The HMAC hash mechanism to encode upstream server. It’s like      the hash mechanism but it uses hmac_key to secure the hashing.      It can’t be used with hash.
md5|sha1
none
hmac_key
The key to use with hmac. It’s mandatory when hmac is set.
can be any string
none
no_fallback
When this flag is set, nginx will return a 502 (Bad Gateway orProxy Error) if a request comes      with a cookie and the corresponding backend is unavailable.
no arguments
none

 

发表评论