目录
前言
一、部署环境
二、部署nginx反向代理服务器
三、部署tomcat服务器1
四、部署tomcat服务器2
五、客户端测试(Session ID不断变动)
六、配置Session ID会话保持
七、客户端测试(Session ID保持)
前言
此次实验是Tomcat后端服务器如何做Session ID会话保持
一、部署环境
关闭所有设备的防火墙和核心防护
[root@localhost ~]#systemctl stop firewalld
[root@localhost ~]#setenforce 0安装设备对应的服务软件,如nginx反向代理服务器安装nginx软件,Tomcat服务器1和2需安装tomcat软件
#nginx反向代理服务器
[root@localhost ~]#yum install epel-release.noarch -y
[root@localhost ~]#yum install -y nginx
[root@localhost ~]#systemctl start nginx#Tomcat服务器1和2需安装tomcat软件
#安装jdk工具,事先准备好oraclejdk二进制包 [root@localhost ~]#cd /opt [root@localhost opt]#rz -E rz waiting to receive. [root@localhost opt]#ls jdk-8u291-linux-x64.tar.gz [root@localhost opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/ [root@localhost opt]#cd /usr/local [root@localhost local]#ls bin etc games include jdk1.8.0_291 lib lib64 libexec sbin share src [root@localhost local]#ln -s jdk1.8.0_291/ jdk [root@localhost local]#vim /etc/profile.d/jdk.sh export JAVA_HOME=/usr/local/jdk export PATH=$JAVA_HOME/bin:$PATH export JRE_HOME=$JAVA_HOME/jre export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/ [root@localhost local]#. /etc/profile.d/jdk.sh [root@localhost local]#java -version java version "1.8.0_291" Java(TM) SE Runtime Environment (build 1.8.0_291-b10) Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode) #安装tomcat,事先准备好tomcat二进制安装包 [root@localhost local]#cd /opt [root@localhost opt]#rz -E rz waiting to receive. [root@localhost opt]#tar xf apache-tomcat-9.0.16.tar.gz [root@localhost opt]#cp -r /opt/apache-tomcat-9.0.16 /usr/local/tomcat [root@localhost opt]#useradd -M -s /sbin/nologin tomcat [root@localhost opt]#chown -R tomcat:tomcat /usr/local/tomcat/ [root@localhost opt]#cat > /usr/lib/systemd/system/tomcat.service <<EOF [Unit] Description=Tomcat After=syslog.target network.target [Service] Type=forking ExecStart=/usr/local/tomcat/bin/startup.sh ExecStop=/usr/local/tomcat/bin/shutdown.sh RestartSec=3 PrivateTmp=true User=tomcat Group=tomcat [Install] WantedBy=multi-user.target EOF [root@localhost opt]#systemctl daemon-reload [root@localhost opt]#systemctl start tomcat.service
二、部署nginx反向代理服务器
[root@localhost ~]#vim /etc/nginx/nginx.conf
upstream tomcat {
server 172.16.12.11:8080;
server 172.16.12.12:8080;
}
location ~* \.jsp$ {
proxy_pass http://tomcat;
}
[root@localhost ~]#nginx -t
[root@localhost ~]#systemctl restart nginx
三、部署tomcat服务器1
[root@localhost ~]#cd /usr/local/tomcat/webapps/ROOT/
[root@localhost ROOT]#mv index.jsp index.jsp.bak
[root@localhost ROOT]#cat > index.jsp << EOF
<%@ page import="java.util.*" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>tomcat test</title>
</head>
<body>
<div>On <%=request.getServerName() %></div>
<div><%=request.getLocalAddr() + ":" + request.getLocalPort() %></div>
<div>SessionID = <span style="color:blue"><%=session.getId() %></span></div>
<%=new Date()%>
</body>
</html>
EOF
[root@localhost ROOT]#systemctl restart tomcat.service
四、部署tomcat服务器2
[root@localhost opt]#cd /usr/local/tomcat/webapps/ROOT/
[root@localhost ROOT]#mv index.jsp index.jsp.bak
[root@localhost ROOT]#cat > index.jsp << EOF
<%@ page import="java.util.*" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>tomcat test</title>
</head>
<body>
<div>On <%=request.getServerName() %></div>
<div><%=request.getLocalAddr() + ":" + request.getLocalPort() %></div>
<div>SessionID = <span style="color:blue"><%=session.getId() %></span></div>
<%=new Date()%>
</body>
</html>
EOF
[root@localhost ROOT]#systemctl restart tomcat.service
五、客户端测试(Session ID不断变动)
客户端访问:http://nginx反向代理服务器IP地址/index.jsp
在实际环境中,不允许用户的Session ID不断变化
- 当客户端第一次访问nginx反向代理服务器,nginx反向代理服务器会通过轮询的算法,调度到Tomcat服务器1上处理,由于是第一次访问,客户度的Cookie缓存会记录,不会有Session ID,Tomcat服务器1会生成新的Session ID传输给客户端,客户端会将这个新的Session ID记录下来
- 当客户端第二次访问的时候,Nginx反向代理服务器又可能通过轮询的算法,将服务请求调度到Tomcat服务器2上处理,Tomcat服务器2是没有客户端传输来的Session ID1的,Tomcat2服务器认为客户端要生成新的Session ID,于是Tomcat2服务器将新的Session ID2传输给客户端,客户端会更新Session ID,将刚刚的Session ID1更改为Session ID2;
- 当客户端第三次访问的时候,客户端带着Session ID2去Nginx代理服务器,Nginx反向代理服务器将客户端请求又调度到Tomcat服务器1上,Tomcat服务器1并没有Session ID2,于是又将新生成的Session ID3传输给客户端,这样会有很不好的客户端体验,所以我们可以根据修改Tomcat配置文件来进行会话保持
六、配置Session ID会话保持
Tomcat会话保持官方说明:https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.htmltomcat服务器1配置:
[root@node2 ROOT]#vim /usr/local/tomcat/conf/server.xml
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="8">
<Manager className="org.apache.catalina.ha.session.DeltaManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"/>
<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564"
frequency="500"
dropTime="3000"/>
<Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="172.16.12.11"
port="4000"
autoBind="100"
selectorTimeout="5000"
maxThreads="6"/>
<Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
</Sender>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
</Channel>
<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=""/>
<Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
<Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
[root@localhost ROOT]#vim /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml
<distributable/>
[root@localhost ROOT]#systemctl restart tomcat.service
[root@localhost ROOT]#systemctl status tomcat.service
tomcat服务器2配置:
[root@localhost ROOT]#scp /usr/local/tomcat/conf/server.xml 172.16.12.12:/opt
[root@localhost ROOT]#scp /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml 172.16.12.12:/opt
[root@localhost ROOT]#cd /opt
[root@localhost opt]#cp server.xml /usr/local/tomcat/conf/server.xml
cp:是否覆盖"/usr/local/tomcat/conf/server.xml"? y
[root@localhost opt]#cp web.xml /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml
cp:是否覆盖"/usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml"? y
[root@localhost opt]#vim /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml
修改IP地址(tomcat服务器2的IP)
[root@localhost opt]#systemctl restart tomcat.service
[root@localhost opt]#systemctl status tomcat.service
七、客户端测试(Session ID保持)
客户端访问:http://nginx反向代理服务器IP地址/index.jsp
![[RCTF2015]EasySQL ---不会编程的崽](https://img-blog.csdnimg.cn/direct/df946ded84044c45940d636f63074ba6.png)
