nginx as reverse proxy with "mod secdownload" feature - possible?

Sven 'Darkman' Michels sven at darkman.de
Thu Oct 21 13:41:53 MSD 2010


Hi Reinis,

thanks for your reply.

Am 19.10.2010 17:10, schrieb Reinis Rozitis:
> I havent followed what is the current status with the TTL (time to live)
> secure downloads ( there is some blog post
> http://www.masterzen.fr/2009/07/18/nginx-secure-link-module-with-ttl/ )
> but we use http://wiki.nginx.org/HttpSecureLinkModule

we definitivly need the expiring urls, so the ttl module points to the
right direction.


> The secure link configuration is put on the caching servers (while of
> course you can duplicate it also on the backend in case you want to
> support also direct requests) which then fetch the object (if it doesnt
> exist in cache (local tree)) from backend via normal url (and do
> proxy_store locally) - the url normalising (striping out the hash parts)
> allows to store the same object just once).

We currently use lighttpd on the servers, which work ok so far. We just
want to add caches we can put infront of the lighty setup to serve the
content from different places.


> But to implement the download-once feature you could use php (or any
> other dynamic backend) and do it via  X-Accel-Redirect (
> http://wiki.nginx.org/XSendfile ) - like transparently parse all the
> file downloading requests (through either try_files or rewrite) and let
> php decide if the file is available or not and nginx just does the
> transfer.

This would not help (at least i think so) because we do not want to sync
any content to the caches. We just want them to fetch the stuff from the
main servers if they haven't stored it locally in their proxy cache, and
deliver it from the cache if they already have it.

So from all my readings, i think(! and might be wrong), the easiest and
maybe best way for now would be having a small perl module doing the
secdownload stuff (just a few lines of code, so no big deal) and rewrite
the request to a normalized url which can be found on the backend.

So, is such a setup poosible? like -> request to nginx -> perl module does
some check and rewrite of the request -> request passed to proxy module
-> fetches content from local cache if avail or from backend server.

If yes, some pointers/samples would be nice.

Thanks and regards,
Sven



More information about the nginx mailing list