nginx實現session共享詳解

一、redissession共享

在nginx實現session共享的過程中，redis常用於在不同伺服器之間共享session。如果我們使用nginx+php-fpm模式，可以使用phpredis擴展和redis共享session數據。

location / {
    proxy_pass http://phpfpm;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # 開啟session共享
    access_by_lua_block {
        local session_id = ngx.var.cookie_PHPSESSID or ngx.md5(ngx.var.remote_addr .. ngx.var.http_user_agent .. ngx.var.time)
        ngx.var.session_id = session_id
        local redis = require "resty.redis"
        local red = redis:new()
        local ok, err = red:connect("127.0.0.1", 6379)
        if not ok then
            ngx.log(ngx.ERR, "redis connect failed: ", err)
            return
        end
        local res, err = red:get("session:".. session_id)
        if res == ngx.null then
            ngx.log(ngx.ERR, "session not exist")
            return
        end
        ngx.log(ngx.ERR, "session data: ", res)
        ngx.req.set_header("Cookie", "PHPSESSID=".. session_id)
    }
    
}

二、nginxserver配置

在nginxserver配置中，可以設置session的超時時間，並且可以配置多個upstream伺服器，確保數據可靠性和高可用性。

http {
    upstream server_pool {
        server 127.0.0.1:8080;
        server 127.0.0.1:8081;
    }

    # nginxsession
    server {
        listen 80;
        server_name test.com;
        root /var/www;
        index index.php index.html index.htm;

        location / {
            proxy_pass http://server_pool;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # 設置session超時時間
            proxy_connect_timeout 1800;
            proxy_send_timeout 1800;
            proxy_read_timeout 1800;
            send_timeout 1800;
            client_max_body_size 50m;
        }
    }
}

三、nginx配置user值

通過設置nginx的user值，確保nginx可以讀取session目錄文件，否則將無法讀取session數據。

user nginx; # nginx所屬用戶
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    # session目錄
    session_path /var/lib/php/session/;
    server {
        listen 80;
        server_name test.com;
        root /var/www;
        index index.php index.html index.htm;

        location / {
            try_files $uri $uri/ /index.php$request_uri;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php-fpm/www.sock;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/inc/process.php";
        }
    }
}

四、nginx配置server

在nginx的配置文件中，必須檢查session文件目錄的許可權，確保nginx可以正常讀寫session數據。

user nginx; # nginx所屬用戶
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    # session目錄
    session_path /var/lib/php/session/;
    server {
        listen 80;
        server_name test.com;
        root /var/www;
        index index.php index.html index.htm;

        # 檢查session目錄許可權
        location = /check-permissions {
            internal;
            add_header Content-Type text/plain;
            # 只有有許可權的用戶才能訪問session目錄
            return 200 "Writable";
            # return 403 "Not writable";
        }

        location / {
            try_files $uri $uri/ /index.php$request_uri;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php-fpm/www.sock;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/inc/process.php";
        }
    }
}

五、nginxrestart失敗

如果nginx restart失敗，可能是由於nginx沒有正確讀取session目錄的許可權或者redis服務未啟動。解決方法是檢查nginx的user值和session文件許可權是否正確，並確保redis服務已啟動。

chown nginx /var/lib/php/session/
service nginx restart
service redis restart