Nginx

Compile The Nginx Sticky Session Module in CentOS

by Santosh Prasad

When managing a few backend servers, it’s occasionally helpful that one customer (program) is constantly served by the same backend server (for session persistance for instance).

Utilizing a persistance by IP (with the ip_hash upstream module) is perhaps not a smart thought in light of the fact that there could be circumstances where a variety of programs are accompanying a similar IP address (behind proxies)and the load balancing system system won’t be reasonable.

Using a cookie to track the upstream server makes each browser unique.

When the sticky module can’t apply, it switchs back to the classic Round Robin Upstream or returns a “Bad Gateway (depending on the no_fallback flag).

Sticky module can’t apply when cookies are not supported by the browser.

Re-Compile Nginx

Include sticky module you will need to re-compile Nginx from source. Modify your compile of Nginx by adding the following directive.

# yum -y install wget tar git gcc make pcre pcre-devel zlib zlib-devel openssl openssl-devel GeoIP GeoIP-devel#
# cd /tmp
# git clone https://github.com/gnosek/nginx-upstream-fair.git
# git clone https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng.git
# git clone https://github.com/yaoweibin/nginx_upstream_check_module.git
# wget http://nginx.org/download/nginx-1.13.5.tar.gz

Untar and Compile Nginx

# tar -xvzf nginx-1.13.5.tar.gz
# cd nginx-1.13.5

# ./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --with-http_geoip_module --add-module=/tmp/nginx-sticky-module-ng --add-module=/tmp/nginx_upstream_check_module

# make
# make install

# openssl dhparam -out /etc/nginx/dhparams.pem 2048

Now run below command to make required directory and permissions.

# mkdir /etc/nginx/conf.d 
# mkdir -p /var/lib/nginx/tmp/client_body 
# chown -R nginx.nginx /var/lib/nginx/ 
# chmod -R 770 /var/lib/nginx/

Create init Script

We need to setup the file /etc/init.d/nginx to run when system starts:

This file should be made executable so that we can use it via ‘service nginx:

# chmod +x /etc/init.d/nginx

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /etc/nginx/nginx.conf
# pidfile:     /var/run/nginx.pid
# user:        nginx

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/etc/nginx/nginx.conf"

lockfile=/var/run/nginx.lock

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

Set the service to start whenever the system boots:

# chkconfig --add nginx
# chkconfig --level 345 nginx on

# service nginx restart

Check Compiled Modules

# nginx -V
nginx version: nginx/1.13.5
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --with-http_geoip_module --add-module=/tmp/nginx-sticky-module-ng --add-module=/tmp/nginx_upstream_check_module

Usage

upstream {
  sticky;
  server 192.168.0.5:9000;
  server 192.168.0.6:9001;
  server 192.168.0.7:9002;
}

  sticky [name=route] [domain=.foo.bar] [path=/] [expires=1h] 
       [hash=index|md5|sha1] [no_fallback] [secure] [httponly];

Thanks:)

Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.

You may also like

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

View all posts

1 Comment

  • Its not working, throws the following error during make:
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:176:15: error: ‘SHA_DIGEST_LENGTH’ undeclared (first use in this function); did you mean ‘MD5_DIGEST_LENGTH’?
    u_char hash[SHA_DIGEST_LENGTH];
    ^~~~~~~~~~~~~~~~~
    MD5_DIGEST_LENGTH
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:176:15: note: each undeclared identifier is reported only once for each function it appears in
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:176:10: error: unused variable ‘hash’ [-Werror=unused-variable]
    u_char hash[SHA_DIGEST_LENGTH];
    ^~~~
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c: In function ‘ngx_http_sticky_misc_hmac_sha1’:
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:242:15: error: ‘SHA_DIGEST_LENGTH’ undeclared (first use in this function); did you mean ‘MD5_DIGEST_LENGTH’?
    u_char hash[SHA_DIGEST_LENGTH];
    ^~~~~~~~~~~~~~~~~
    MD5_DIGEST_LENGTH
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:243:12: error: ‘SHA_CBLOCK’ undeclared (first use in this function); did you mean ‘MD5_CBLOCK’?
    u_char k[SHA_CBLOCK];
    ^~~~~~~~~~
    MD5_CBLOCK
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:243:10: error: unused variable ‘k’ [-Werror=unused-variable]
    u_char k[SHA_CBLOCK];
    ^
    ./../nginx-sticky-module-ng/ngx_http_sticky_misc.c:242:10: error: unused variable ‘hash’ [-Werror=unused-variable]
    u_char hash[SHA_DIGEST_LENGTH];
    ^~~~

    Reply

Leave a Comment