[nginx] Variable $request_id.
SplitIce
mat999 at gmail.com
Wed Apr 27 05:23:51 UTC 2016
Hi,
We have been using something like this for ~2 years.
For ours we used a random number to start and the Process ID & Process
start time to try and increase uniqueness between reloads (ours is a 128bit
ID). Then applying an increment, with future requests having a higher id.
Perhaps that would be better than just 128bit of random data?
On Wed, Apr 27, 2016 at 12:14 PM, Alexey Ivanov <savetherbtz at gmail.com>
wrote:
> Same here, in our environment we:
> * get current request id from a header
> * validate it against our guidelines
> * if not already present or does not pass validation:
> * re-generate using `RAND_bytes()`
> * propagate it to the upstream
> * echo it back to the downstream
> * log it to the access.log
>
> It would be nice if new nginx code can be used more or less drop-in
> replacement for our homegrown lua-stuff.
>
> We currently use following pseudo-code to
> validate/generate/propagate/echo-back request_ids:
>
> ```
> set_by_lua $request_id '
> local success, req_id = pcall(request_id.get_hex_or_generate,
> ngx.var.http_x_dropbox_request_id)
> if not success then
> return "-"
> end
> return req_id
> ';
> more_set_headers "X-Dropbox-Request-Id: $request_id";
> proxy_set_header X-Dropbox-Request-Id $request_id ;
> ```
>
> ```
> --[[
> Helper function that verifies request_id or generates new one in case
> validation fails.
>
> @req_id: current request id
> --]]
> function request_id.get_hex_or_generate(req_id)
> ...
> end
> ```
>
>
> > On Apr 26, 2016, at 9:51 AM, ToSHiC <toshic.toshic at gmail.com> wrote:
> >
> > Hello,
> >
> > We are using such variable for more than a year, and I suggest to add
> ability to extract request_id from header. It's very usefull for systems
> with frontend and backend installed on different servers.
> >
> > On Tue, Apr 26, 2016 at 7:38 PM, Vladimir Homutov <vl at nginx.com> wrote:
> > details: http://hg.nginx.org/nginx/rev/59f8f2dd8b31
> > branches:
> > changeset: 6531:59f8f2dd8b31
> > user: Vladimir Homutov <vl at nginx.com>
> > date: Tue Apr 26 19:31:46 2016 +0300
> > description:
> > Variable $request_id.
> >
> > The variable contains text representation based on random data, usable as
> > a unique request identifier.
> >
> > diffstat:
> >
> > src/http/ngx_http_variables.c | 47
> +++++++++++++++++++++++++++++++++++++++++++
> > 1 files changed, 47 insertions(+), 0 deletions(-)
> >
> > diffs (71 lines):
> >
> > diff -r 1d0e03db9f8e -r 59f8f2dd8b31 src/http/ngx_http_variables.c
> > --- a/src/http/ngx_http_variables.c Fri Dec 18 19:05:27 2015 +0300
> > +++ b/src/http/ngx_http_variables.c Tue Apr 26 19:31:46 2016 +0300
> > @@ -98,6 +98,8 @@ static ngx_int_t ngx_http_variable_reque
> > ngx_http_variable_value_t *v, uintptr_t data);
> > static ngx_int_t ngx_http_variable_request_time(ngx_http_request_t *r,
> > ngx_http_variable_value_t *v, uintptr_t data);
> > +static ngx_int_t ngx_http_variable_request_id(ngx_http_request_t *r,
> > + ngx_http_variable_value_t *v, uintptr_t data);
> > static ngx_int_t ngx_http_variable_status(ngx_http_request_t *r,
> > ngx_http_variable_value_t *v, uintptr_t data);
> >
> > @@ -274,6 +276,10 @@ static ngx_http_variable_t ngx_http_cor
> > { ngx_string("request_time"), NULL, ngx_http_variable_request_time,
> > 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
> >
> > + { ngx_string("request_id"), NULL,
> > + ngx_http_variable_request_id,
> > + 0, 0, 0 },
> > +
> > { ngx_string("status"), NULL,
> > ngx_http_variable_status, 0,
> > NGX_HTTP_VAR_NOCACHEABLE, 0 },
> > @@ -2068,6 +2074,47 @@ ngx_http_variable_request_time(ngx_http_
> >
> >
> > static ngx_int_t
> > +ngx_http_variable_request_id(ngx_http_request_t *r,
> > + ngx_http_variable_value_t *v, uintptr_t data)
> > +{
> > + u_char *id;
> > +
> > +#if (NGX_OPENSSL)
> > + u_char random_bytes[16];
> > +#endif
> > +
> > + id = ngx_pnalloc(r->pool, 32);
> > + if (id == NULL) {
> > + return NGX_ERROR;
> > + }
> > +
> > + v->valid = 1;
> > + v->no_cacheable = 0;
> > + v->not_found = 0;
> > +
> > + v->len = 32;
> > + v->data = id;
> > +
> > +#if (NGX_OPENSSL)
> > +
> > + if (RAND_bytes(random_bytes, 16) == 1) {
> > + ngx_hex_dump(id, random_bytes, 16);
> > + return NGX_OK;
> > + }
> > +
> > + ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0, "RAND_bytes()
> failed");
> > +
> > +#endif
> > +
> > + ngx_sprintf(id, "%08xD%08xD%08xD%08xD",
> > + (uint32_t) ngx_random(), (uint32_t) ngx_random(),
> > + (uint32_t) ngx_random(), (uint32_t) ngx_random());
> > +
> > + return NGX_OK;
> > +}
> > +
> > +
> > +static ngx_int_t
> > ngx_http_variable_connection(ngx_http_request_t *r,
> > ngx_http_variable_value_t *v, uintptr_t data)
> > {
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20160427/f3aa7586/attachment.html>
More information about the nginx-devel
mailing list