Migrating from Lighttpd : mod_secdownload show-stopper ?

thoseg nginx-forum at nginx.us
Tue Feb 22 13:03:00 MSK 2011


Thanks for all your replies. Spasibo :)

I have some (strong) requirements like to not modify the application
code or to do as few changes in the platform's
configuration/architecture as possible. Thus I'm using Igor's example
that seemed to me the best choice for migration from Lighttpd to Nginx.
I'm trying to make the following configuration works :

Secured link :
http://secure.domain.com/get/24b9cb61c9c2c9070038aceaaf7bae5a/4d63842e/2/H264-384x288/04/85/3120485.h264

*******************************************************
Configuration :

server {
    server_name  secure.domain.com;
    root /var/www;

    location /get/ {
        location ~ ^/get/([\w\-=]+)/(\w+)(/.+)$ {

                root /mnt/medias;

                secure_link $1,$2;                
                secure_link_md5 $3.$2.$mysalt

                if ($secure_link = "") { # no valid
                        return 403;
                }

                if ($secure_link = "0") { # expired
                        return 410;
                }
        }

        return 404;

        error_page 403 /forbidden.html;
        error_page 404 /not_found.html;
        error_page 410 =403 /link_expired.html;
    }
}

*******************************************************

After trying to access the link I always got this into my error.log :

2011/02/22 10:50:32 [error] 26143#0: *1 open() "/var/www/forbidden.html"
failed (2: No such file or directory), client: 192.168.156.11, server:
secure.domain.com, request: "GET
/get/24b9cb61c9c2c9070038aceaaf7bae5a/4d63842e/2/H264-384x288/04/85/3120485.h264
HTTP/1.1", host: "secure.domain.com"


As far as I understand I got a "403" everytime I'm trying to validate
the URL. That means $secure_link is empty and I don't know why... Of
course, I'm not using an "epoch Unix time" in the link so I modified it
to be able to send a date in this format but I keep having the same
error into my log.

It will be (really) better if can keep my actual link format with the
expiration time given in hex not in epoch but If there is no other
solution, I will change the application's code.

Thanks for your answers.
Regards,

Thomas S

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,173863,177431#msg-177431




More information about the nginx mailing list