<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
also i don't have Akamai CDN behind nginx. Can i use this module without using other CDN ?</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Thanks</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Andrew</div>
<div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Andrew Andonopoulos <andre8525@hotmail.com><br>
<b>Sent:</b> Monday, June 17, 2019 12:25 PM<br>
<b>To:</b> nginx@nginx.org<br>
<b>Subject:</b> Re: Securing URLs with the Secure Link Module in NGINX</font>
<div> </div>
</div>
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Hi Hung,</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I presume i need to re-compile nginx. I never installed a module before so i think i need to follow these steps:</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
1) get the module in the server, in the folder /tmp/</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
2) compile nginx with this command: ./configure --add-module=/tmp/nginx-secure-token-module (this will be the module folder? so i just point it to the folder in tmp?</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Thanks</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Andrew</div>
<div>
<div id="x_appendonsend"></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> nginx <nginx-bounces@nginx.org> on behalf of Hung Nguyen <hungnv@opensource.com.vn><br>
<b>Sent:</b> Monday, June 17, 2019 12:01 PM<br>
<b>To:</b> nginx@nginx.org<br>
<b>Subject:</b> Re: Securing URLs with the Secure Link Module in NGINX</font>
<div> </div>
</div>
<div class="" style="word-wrap:break-word; line-break:after-white-space">Hi,
<div class=""><br class="">
</div>
<div class="">Actually you can use a module developed by Kaltura call secure token module (1). This module can examine your response to see its content-type, if it matches configured parameter, it will automatically inject secure params into hls playlist. Use
this module, please note you dont use anything relate to uri in secure link (ie: dont use $uri to calculate secure link)</div>
<div class=""><br class="">
</div>
<div class="">(1): <a href="https://github.com/kaltura/nginx-secure-token-module" class="">https://github.com/kaltura/nginx-secure-token-module</a></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Jun 17, 2019, at 3:17 PM, Andrew Andonopoulos <<a href="mailto:andre8525@hotmail.com" class="">andre8525@hotmail.com</a>> wrote:</div>
<br class="x_x_Apple-interchange-newline">
<div class="">
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
Hi Francis and thank you for your quick response / support.</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
<br class="">
</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
Now is more clear how locations and secure link works. </div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
<br class="">
</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
I would like to add the secure link in each m3u8 and ts file but can't modify the files on the fly with the free nginx version, i think nginx plus have this capability ? (receive fmp4 and deliver manifests on the fly)</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
<a href="https://www.nginx.com/products/nginx/streaming-media/" id="LPNoLP892346" class="">https://www.nginx.com/products/nginx/streaming-media/</a><br class="">
</div>
<br class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
What you would suggest in case i want to use secure link for all the files?</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
<br class="">
</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
<br class="">
</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
Thanks</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
Andrew</div>
<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Helvetica,sans-serif; font-size:12pt">
<br class="">
</div>
<div class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div id="x_x_appendonsend" class=""></div>
<div class="" style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt"><br class="">
</div>
<div class="" style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt"><br class="">
</div>
<div class="" style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt"><br class="">
</div>
<div class="" style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt"><br class="">
</div>
<hr tabindex="-1" class="" style="display:inline-block; width:1189.71875px">
<div id="x_x_divRplyFwdMsg" dir="ltr" class=""><font face="Calibri, sans-serif" class="" style="font-size:11pt"><b class="">From:</b><span class="x_x_Apple-converted-space"> </span>nginx <<a href="mailto:nginx-bounces@nginx.org" class="">nginx-bounces@nginx.org</a>>
on behalf of Francis Daly <<a href="mailto:francis@daoine.org" class="">francis@daoine.org</a>><br class="">
<b class="">Sent:</b><span class="x_x_Apple-converted-space"> </span>Monday, June 17, 2019 7:40 AM<br class="">
<b class="">To:</b><span class="x_x_Apple-converted-space"> </span><a href="mailto:nginx@nginx.org" class="">nginx@nginx.org</a><br class="">
<b class="">Subject:</b><span class="x_x_Apple-converted-space"> </span>Re: Securing URLs with the Secure Link Module in NGINX</font>
<div class=""> </div>
</div>
<div class="x_x_BodyFragment"><font size="2" class=""><span class="" style="font-size:11pt">
<div class="x_x_PlainText">On Sat, Jun 15, 2019 at 06:08:07PM +0000, Andrew Andonopoulos wrote:<br class="">
<br class="">
Hi there,<br class="">
<br class="">
> In my case the player will request the m3u8 URL:<br class="">
><span class="x_x_Apple-converted-space"> </span><br class="">
> https://<domain>/hls/justin-timberlake-encrypted/playlist.m3u8?md5=u808mTXsFSpZt7b8wLvlIw&expires=1560706367<br class="">
><span class="x_x_Apple-converted-space"> </span><br class="">
> The response from the server will be:<br class="">
><span class="x_x_Apple-converted-space"> </span><br class="">
> #EXTM3U<br class="">
> #EXT-X-VERSION:3<br class="">
> #EXT-X-STREAM-INF:BANDWIDTH=200000,RESOLUTION=416x234<br class="">
> Justin_Timberlake_416_234_200.m3u8<br class="">
> #EXT-X-STREAM-INF:BANDWIDTH=300000,RESOLUTION=480x270<br class="">
> Justin_Timberlake_480_270_300.m3u8<br class="">
<br class="">
> Can I instruct Nginx to use secure link only for the playlist.m3u8 and not for the other m3u8 and ts files?<br class="">
<br class="">
Yes.<br class="">
<br class="">
I am not sure why you would do that; or what benefit it will give you;<br class="">
but that's ok. I do not need to understand that part.<br class="">
<br class="">
<br class="">
In nginx, a request in handled in a location.<br class="">
<br class="">
So you want one location that will handle playlist.m3u8 requests and<br class="">
does the secure_link thing; and a separate location that will handle<br class="">
all of the other /hls/ requests.<br class="">
<br class="">
I think you want to proxy_pass all of the requests, so you need proxy_pass<br class="">
in both locations.<br class="">
<br class="">
I think you want lots of common config -- add_header, proxy_hide_header --<br class="">
so it is probably simplest to use nested locations to allow inheritance<br class="">
rather than duplication.<br class="">
<br class="">
For example (untested):<br class="">
<br class="">
location /hls/ {<br class="">
<br class="">
# all of the common config goes here<br class="">
<br class="">
proxy_pass<span class="x_x_Apple-converted-space"> </span><a href="http://s3test.s3.amazonaws.com/" class="">http://s3test.s3.amazonaws.com</a>;<br class="">
<br class="">
location ~ /playlist\.m3u8$ {<br class="">
secure_link $arg_md5,$arg_expires;<br class="">
secure_link_md5 "enigma$hls_uri$secure_link_expires";<br class="">
<br class="">
if ($secure_link = "") { return 403; }<br class="">
if ($secure_link = "0") { return 410; }<br class="">
proxy_pass<span class="x_x_Apple-converted-space"> </span><a href="http://s3test.s3.amazonaws.com/" class="">http://s3test.s3.amazonaws.com</a>;<br class="">
}<br class="">
<br class="">
}<br class="">
<br class="">
Adjust to fit the rest of your requirements.<br class="">
<br class="">
Good luck with it,<br class="">
<br class="">
f<br class="">
--<span class="x_x_Apple-converted-space"> </span><br class="">
Francis Daly <a href="mailto:francis@daoine.org" class="">francis@daoine.org</a><br class="">
_______________________________________________<br class="">
nginx mailing list<br class="">
<a href="mailto:nginx@nginx.org" class="">nginx@nginx.org</a><br class="">
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" class="">http://mailman.nginx.org/mailman/listinfo/nginx</a><br class="">
</div>
</span></font></div>
</div>
<span class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important">_______________________________________________</span><br class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<span class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important">nginx
mailing list</span><br class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<a href="mailto:nginx@nginx.org" class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">nginx@nginx.org</a><br class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" class="" style="font-family:SourceCodePro-Regular; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">http://mailman.nginx.org/mailman/listinfo/nginx</a></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</div>
</div>
</body>
</html>