[nginx] Variable $request_id.

Alexey Ivanov savetherbtz at gmail.com
Wed Apr 27 02:14:12 UTC 2016 

Same here, in our environment we:
* get current request id from a header
* validate it against our guidelines
* if not already present or does not pass validation:
  * re-generate using `RAND_bytes()`
* propagate it to the upstream
* echo it back to the downstream
* log it to the access.log

It would be nice if new nginx code can be used more or less drop-in replacement for our homegrown lua-stuff.

We currently use following pseudo-code to validate/generate/propagate/echo-back request_ids:

```
set_by_lua $request_id '
    local success, req_id = pcall(request_id.get_hex_or_generate, ngx.var.http_x_dropbox_request_id)
    if not success then
        return "-"
    end
    return req_id
';
more_set_headers "X-Dropbox-Request-Id: $request_id";
proxy_set_header  X-Dropbox-Request-Id  $request_id ;
```

```
--[[
    Helper function that verifies request_id or generates new one in case
    validation fails.

    @req_id: current request id
--]]
function request_id.get_hex_or_generate(req_id)
    ...
end
```


> On Apr 26, 2016, at 9:51 AM, ToSHiC <toshic.toshic at gmail.com> wrote:
> 
> Hello,
> 
> We are using such variable for more than a year, and I suggest to add ability to extract request_id from header. It's very usefull for systems with frontend and backend installed on different servers.
> 
> On Tue, Apr 26, 2016 at 7:38 PM, Vladimir Homutov <vl at nginx.com> wrote:
> details:   http://hg.nginx.org/nginx/rev/59f8f2dd8b31
> branches:
> changeset: 6531:59f8f2dd8b31
> user:      Vladimir Homutov <vl at nginx.com>
> date:      Tue Apr 26 19:31:46 2016 +0300
> description:
> Variable $request_id.
> 
> The variable contains text representation based on random data, usable as
> a unique request identifier.
> 
> diffstat:
> 
>  src/http/ngx_http_variables.c |  47 +++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 47 insertions(+), 0 deletions(-)
> 
> diffs (71 lines):
> 
> diff -r 1d0e03db9f8e -r 59f8f2dd8b31 src/http/ngx_http_variables.c
> --- a/src/http/ngx_http_variables.c     Fri Dec 18 19:05:27 2015 +0300
> +++ b/src/http/ngx_http_variables.c     Tue Apr 26 19:31:46 2016 +0300
> @@ -98,6 +98,8 @@ static ngx_int_t ngx_http_variable_reque
>      ngx_http_variable_value_t *v, uintptr_t data);
>  static ngx_int_t ngx_http_variable_request_time(ngx_http_request_t *r,
>      ngx_http_variable_value_t *v, uintptr_t data);
> +static ngx_int_t ngx_http_variable_request_id(ngx_http_request_t *r,
> +    ngx_http_variable_value_t *v, uintptr_t data);
>  static ngx_int_t ngx_http_variable_status(ngx_http_request_t *r,
>      ngx_http_variable_value_t *v, uintptr_t data);
> 
> @@ -274,6 +276,10 @@ static ngx_http_variable_t  ngx_http_cor
>      { ngx_string("request_time"), NULL, ngx_http_variable_request_time,
>        0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
> 
> +    { ngx_string("request_id"), NULL,
> +      ngx_http_variable_request_id,
> +      0, 0, 0 },
> +
>      { ngx_string("status"), NULL,
>        ngx_http_variable_status, 0,
>        NGX_HTTP_VAR_NOCACHEABLE, 0 },
> @@ -2068,6 +2074,47 @@ ngx_http_variable_request_time(ngx_http_
> 
> 
>  static ngx_int_t
> +ngx_http_variable_request_id(ngx_http_request_t *r,
> +    ngx_http_variable_value_t *v, uintptr_t data)
> +{
> +    u_char  *id;
> +
> +#if (NGX_OPENSSL)
> +    u_char   random_bytes[16];
> +#endif
> +
> +    id = ngx_pnalloc(r->pool, 32);
> +    if (id == NULL) {
> +        return NGX_ERROR;
> +    }
> +
> +    v->valid = 1;
> +    v->no_cacheable = 0;
> +    v->not_found = 0;
> +
> +    v->len = 32;
> +    v->data = id;
> +
> +#if (NGX_OPENSSL)
> +
> +    if (RAND_bytes(random_bytes, 16) == 1) {
> +        ngx_hex_dump(id, random_bytes, 16);
> +        return NGX_OK;
> +    }
> +
> +    ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0, "RAND_bytes() failed");
> +
> +#endif
> +
> +    ngx_sprintf(id, "%08xD%08xD%08xD%08xD",
> +                (uint32_t) ngx_random(), (uint32_t) ngx_random(),
> +                (uint32_t) ngx_random(), (uint32_t) ngx_random());
> +
> +    return NGX_OK;
> +}
> +
> +
> +static ngx_int_t
>  ngx_http_variable_connection(ngx_http_request_t *r,
>      ngx_http_variable_value_t *v, uintptr_t data)
>  {
> 
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> 
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20160426/9d76146d/attachment.bin>

More information about the nginx-devel mailing list