<div dir="ltr"><div><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">Hello I've tried every possible way I can think of to make secure links work with expires.  I've tried different versions of nginx, I've tried on Ubuntu, tried on Centos, tried generating the hash using openssl, tried using Python.  I've followed every tutorial I can find.  So I must be doing something really wrong.</span></div><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><div><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br></span></div>I am trying to use the nginx secure link module<span class="gmail-Apple-converted-space"> </span></span><a href="http://nginx.org/en/docs/http/ngx_http_secure_link_module.html" style="font-family:Monaco;font-size:12px">http://nginx.org/en/docs/http/ngx_http_secure_link_module.html</a><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span class="gmail-Apple-converted-space"> </span></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">I want to make secure links using expires.</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">No matter what I try, I cannot get it to work when I try to uses the expire time.</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">It works fine when I do a simple secure link based purely on the link, without also the expire time or the ip address.</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">Can anyone suggest what I am doing wrong?  Or can anyone point me to instructions that show every detail of how to do it and have been recently tested?</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">thanks!</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">The command to generate the key:</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ubuntu@ip-172-31-34-191:/var/www$ echo -n '2147483647/html/index.html secret' |     openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   FsRb_uu5NsagF0hA_Z-OQg</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">The command that fails:</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ubuntu@ip-172-31-34-191:/var/www$ curl<span class="gmail-Apple-converted-space"> </span></span><a href="http://127.0.0.1/html/index.html?md5=FsRb_uu5NsagF0hA_Z-OQgexpires=2147483647" style="font-family:Monaco;font-size:12px">http://127.0.0.1/html/index.html?md5=FsRb_uu5NsagF0hA_Z-OQgexpires=2147483647</a><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   <html></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   <head><title>403 Forbidden</title></head></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   <body bgcolor="white"></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   <center><h1>403 Forbidden</h1></center></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   <hr><center>nginx/1.14.2</center></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   </body></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   </html></span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">Here's the relevant part of the nginx conf file:</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ubuntu@ip-172-31-34-191:/var/www$ sudo cat  /etc/nginx/sites-enabled/theapp_nginx.conf</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ...SNIP</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   location /html/ {</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">       secure_link $arg_md5,$arg_expires;</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">       secure_link_md5 "$secure_link_expires$uri secret";</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">       if ($secure_link = "") {</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">           return 403;</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">       }</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">       if ($secure_link = "0") {</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">           return 410;</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">       }</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">                   try_files $uri $uri/ =404;</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   }</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ...SNIP</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">Here's the nginx version info:</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ubuntu@ip-172-31-34-191:/var/www$ nginx -V</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   nginx version: nginx/1.14.2</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   built with OpenSSL 1.1.0g  2 Nov 2017</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   TLS SNI support enabled</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-x0ix7n/nginx-1.14.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-ndk --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/nchan --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-lua --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/rtmp --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-subs-filter</span><br style="color:rgb(0,0,0);font-family:Monaco;font-size:12px"><span style="color:rgb(0,0,0);font-family:Monaco;font-size:12px">   ubuntu@ip-172-31-34-191:/var/www$</span><br></div>