Using Sticky route for session affinity in nginx proxing requests to Jira, does not work.

Dilip Kumar Mavireddi September 27, 2017

 

Background :

We have nginx setup to loadbalance requests to Jira and we had a successful implementation using Sticky learn. However considering the sticky route method as mentioned in Atlassian documentation we were unable to achieve success.

Problem :

When Sticky route is being used we are being redirected to the login page every time we try to login.

Details :

Nginx conf :

 

map $cookie_jsessionid $route_cookie {
~.+\.(?P<route>\w+)$ $route;}

map $request_uri $route_uri {
~jsessionid=.+\.(?P<route>\w+)$ $route;}

 upstream jiracluster {

zone jiracluster 64k;
server hostname1:port route=node1;
server hostname2:port route=node2;
#sticky learn create=$upstream_cookie_JSESSIONID
# lookup=$cookie_JSESSIONID
# zone=client_sessions1:1m
# timeout=1h;
sticky route $route_cookie $route_uri;

Please note: the commented Sticky learn method works perfectly! We are trying to study the behavior of Sticky route.

Does atlassian recommend only Sticky Route ? or is Sticky learn also fine to use as it supports session affinity.

 

Please let me know if any further information will be helpful to better understanding the issue. 

 

 

 

1 answer

0 votes
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 28, 2017

In regards to using Jira data center, you need to use a load balancer that supports sticky sessions.  If you don't then the browser requests to that load balancer could be randomly routed to different nodes for each request, which in turn could cause all sorts of unexpected behavior with Jira.

To avoid this potentially negative experience for the end user, the Data center documentation does explicitly state that your load balancer needs to support sticky sessions.  That way when a user logs in, they are typically bound to the node they are first routed to until either they log out, timeout their login, or that node actually goes down.

I am interested to see your complete nginx config.  It looks like you might have only posted a portion of this.   I would expect your config to look more like the example posted in  How to set up NGINX Plus as the load balancer for a JIRA Data Center cluster

Dilip Kumar Mavireddi October 23, 2017

Hi Andrew,

Sorry for the delay.

This is what is working for us at the moment. When we tried to replace sticky learn with sticky route..  we get simply re-directed back to login page again.

So to switch between Sticky route and Sticky learn we simply replace it with the contents between the related lines.

Please advise if I am missing something on the Sticky Route as shown below that is kicking me out.

=========STICKY ROUTE================

map $cookie_jsessionid $route_cookie {
~.+\.(?P<route>\w+)$ $route;}

map $request_uri $route_uri {
~jsessionid=.+\.(?P<route>\w+)$ $route;}

 upstream jiracluster {

zone jiracluster 64k;
server hostname1:port route=node1;
server hostname2:port route=node2;
#sticky learn create=$upstream_cookie_JSESSIONID
# lookup=$cookie_JSESSIONID
# zone=client_sessions1:1m
# timeout=1h;
sticky route $route_cookie $route_uri;

===========STICKY ROUTE================

 

 

 

Full Config :

---------------------------------------------------------------------

 

user  nginx;
worker_processes  auto;

error_log  /../error.log notice;
pid        /../nginx.pid;


events {
    worker_connections  1024;
}
#####

http {
    include       /../mime.types;
    default_type  application/octet-stream;
    proxy_read_timeout 3600s;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    log_format timings '"$time_local" client=$remote_addr '
                     'method=$request_method request="$request" '
                     'request_length=$request_length '
                     'status=$status bytes_sent=$bytes_sent '
                     'body_bytes_sent=$body_bytes_sent '
                     'referer=$http_referer '
                     'user_agent="$http_user_agent" '
                     'upstream_addr=$upstream_addr '
                     'upstream_status=$upstream_status '
                     'request_time=$request_time '
                     'upstream_response_time=$upstream_response_time '
                     'upstream_connect_time=$upstream_connect_time '
                     'upstream_header_time=$upstream_header_time'
                     'pipelined=$pipe';


    access_log  /../access.log  timings;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  65;

    gzip  on;

    include /../*.conf;

=============STICKY LEARN================
    upstream jirac {
       zone jirac 64k;
       server node1:p22 route=jira-01;
       server node2:p22 route=jira-02;
       sticky learn create=$upstream_cookie_JSESSIONID
                 lookup=$cookie_JSESSIONID
                 zone=client_sessions:1m
                 timeout=1h;
    }

==========STICKY LEARN====================

    server {
      listen               p33 ssl;
      root /usr/share/nginx/html;
      server_name          jira...com;
      client_max_body_size 250M;
      ssl                  on;
      ssl_certificate      /...crt;
      ssl_certificate_key  /..key;

 ssl_ciphers 'ECD......;
      ssl_prefer_server_ciphers on;
      location / {
                health_check mandatory ;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_pass https://jirac;


    }

}

-----------------------------------------------------------------------

Ivan Tapia December 26, 2019

@Dilip Kumar Mavireddi ,

 

I have try the suggested configuration from Atlassian described in https://confluence.atlassian.com/jirakb/how-to-set-up-nginx-plus-as-the-load-balancer-for-a-jira-data-center-cluster-640516559.html  having the same result than you, after read multiple times NGiNX documentation https://docs.nginx.com/nginx/deployment-guides/load-balance-third-party/apache-tomcat/ I found that I was missing add jvmRoute as part of the Engine section along with the appropriate connector configuration on server.xml file. I hope this also work for you if you still interested in try route method.

 

--- Next sections has been taken from NGiNX documentation as an example ----

2. Add the following lines to the configuration files for your backend Tomcat servers to append an identifier based on the jvmRoute attribute (here, set to either a or b) to the end of the JSESSIONID cookie value:

# On host 10.100.100.11
<Engine name="Catalina" defaultHoast="www.example.com" jvmRoute="a">
# On host 10.100.100.12
<Engine name="Catalina" defaultHoast="www.example.com" jvmRoute="b">
Like # people like this

Suggest an answer

Log in or Sign up to answer