<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Hi Francis,</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Thanks for the clarification, so all requests will be like this:</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<i>http://<domain>/hls/<content folder name>/<content filename> </i></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
can i include in the map the domain <span style="font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255);"><a href="http://example.com" id="LPlnk127730" style="">http://example.com</a>, the folder /hls/ and ignore all the rest? </span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
any guidance/help with the map will be very helpfull because i am not very familiar with regex</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<div style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255)">
<br>
</div>
<div style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255)">
map $uri $hls_uri {<br>
</div>
<div style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255)">
~^(?<base_uri>.*).m3u8$ $base_uri;<br>
</div>
<div style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255)">
~^(?<base_uri>.*).ts$ $base_uri;<br>
</div>
<div style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255)">
default $uri;<br>
</div>
<div style="margin: 0px; font-family: Calibri, Helvetica, sans-serif; background-color: rgb(255, 255, 255)">
}</div>
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Thanks</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Andrew</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> nginx <nginx-bounces@nginx.org> on behalf of Francis Daly <francis@daoine.org><br>
<b>Sent:</b> Friday, June 7, 2019 10:34 PM<br>
<b>To:</b> nginx@nginx.org<br>
<b>Subject:</b> Re: Securing URLs with the Secure Link Module in NGINX</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText">On Fri, Jun 07, 2019 at 09:51:49PM +0000, Andrew Andonopoulos wrote:<br>
<br>
Hi there,<br>
<br>
thanks for the fuller details. I think it makes it clear what is<br>
happening.<br>
<br>
> and this command to generate the md5:<br>
> <br>
> echo -n 'enigma/hls/justin-timberlake/playlist1560033000' | openssl md5 -binary | openssl base64 | tr '+/' '-_' | tr -d '='<br>
> DWHdyTKR5vTqw10wNtnlIg<br>
> <br>
> <br>
> The request for the main manifest was ok:<br>
> <br>
> Request URL: http://<domain>/hls/justin-timberlake/playlist.m3u8?md5=DWHdyTKR5vTqw10wNtnlIg&expires=1560033000<br>
> Request Method: GET<br>
> Status Code: 200 OK<br>
> <br>
> <br>
> But the content of the manifest doesn't have the md5<br>
<br>
The content of the manifest file must be, in this case, "the relative<br>
urls for the individual pieces".<br>
<br>
> #EXTM3U<br>
> #EXT-X-VERSION:3<br>
> #EXT-X-STREAM-INF:BANDWIDTH=200000,RESOLUTION=416x234<br>
> Justin_Timberlake_416_234_200.m3u8<br>
> #EXT-X-STREAM-INF:BANDWIDTH=300000,RESOLUTION=480x270<br>
> Justin_Timberlake_480_270_300.m3u8<br>
<br>
Justin_Timberlake_416_234_200.m3u8 is probably the filename; but you<br>
have configured your nginx such that Justin_Timberlake_416_234_200.m3u8<br>
is not a valid url for that file.<br>
<br>
The url with your current nginx configuration is something more like<br>
<br>
Justin_Timberlake_416_234_200.m3u8?md5=CvlIb8kRVaCrpjqyJERUtQ&expires=1560033000<br>
<br>
(from: $ echo -n 'enigma/hls/justin-timberlake/Justin_Timberlake_416_234_2001560033000' | openssl md5 -binary | openssl base64 | tr '+/' '-_' | tr -d '='<br>
CvlIb8kRVaCrpjqyJERUtQ<br>
)<br>
<br>
so *that* is the string that must appear in the playlist.m3u8 file.<br>
<br>
And the file Justin_Timberlake_480_270_300.m3u8 will have a different<br>
"md5" part of the url, because your nginx config ignores the .m3u8 but<br>
uses everything before it when checking the md5sum.<br>
<br>
Whatever creates the playlist.m3u8 file that ends up being served by your<br>
nginx, will need to be modified to create the correct urls for the files,<br>
if they are to be served by your nginx.<br>
<br>
<br>
You could, if you chose, change your nginx config (the map) to ignore the<br>
final digits-and-underscores as well as the .m3u8 part; if you did that,<br>
then the query-string part of all of these entries in the manifest would<br>
be the same (and you would only need to calculate it once).<br>
<br>
> As well as the other m3u8 manifest, so only the playlist have the md5 and expire:<br>
<br>
You must decide how you want your files to be accessed, and then configure<br>
things appropriately.<br>
<br>
If you want every .m3u8 and .ts file below /hls/ to only be accessed via<br>
the secure_link, then you must make sure that you advertise the correct<br>
secure_link urls for those files.<br>
<br>
If you want only the playlist.m3u8 files to be accessed via the<br>
secure_link, while the other .m38u and .ts files are not restricted and<br>
expiring, then you must configure your nginx to do the secure_link check<br>
on playlist.m3u8 and not on the others.<br>
<br>
> Request URL: <a href="http://86.180.184.242/hls/justin-timberlake/Justin_Timberlake_640_360_600.m3u8">
http://86.180.184.242/hls/justin-timberlake/Justin_Timberlake_640_360_600.m3u8</a><br>
> Request Method: GET<br>
> Status Code: 403 Forbidden<br>
<br>
That is what you configured your nginx to do, so it looks like it is<br>
worked as implemented -- but presumably not as desired.<br>
<br>
Good luck with it,<br>
<br>
f<br>
-- <br>
Francis Daly francis@daoine.org<br>
_______________________________________________<br>
nginx mailing list<br>
nginx@nginx.org<br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div>
</span></font></div>
</div>
</body>
</html>