Securing URLs with the Secure Link Module in NGINX
Andrew Andonopoulos
andre8525 at hotmail.com
Fri Jun 7 18:47:54 UTC 2019
Hi Patrick,
This is the nginx config, do you think that i should use another method? like auth?
user www;
worker_processes auto;
pid /var/run/nginx.pid;
worker_rlimit_nofile 1048576;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type text/html;
log_format custom_cache_log '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
sendfile on;
keepalive_timeout 65;
proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=s3_cache:10m max_size=4G inactive=60m use_temp_path=off;
map $uri $hls_uri {
~^(?<base_uri>.*).m3u8$ $base_uri;
~^(?<base_uri>.*).ts$ $base_uri;
default $uri;
}
server {
listen 80;
access_log /var/log/nginx/lotuscdn.com.access.log custom_cache_log;
error_log /var/log/nginx/lotuscdn.com.error.log warn;
location / {
proxy_cache s3_cache;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Authorization '';
proxy_set_header Host 's3test.s3.amazonaws.com';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_hide_header Set-Cookie;
proxy_hide_header x-amz-storage-class;
proxy_ignore_headers Set-Cookie;
proxy_cache_revalidate on;
proxy_intercept_errors on;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_cache_background_update on;
proxy_cache_valid 200 60m;
add_header Cache-Control max-age=31536000;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://s3test.s3.amazonaws.com/;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,X-Auth-Token,Authorization,Accept,Client-Security-Token';
add_header 'Access-Control-Allow-Methods' 'OPTIONS, GET';
secure_link $arg_md5,$arg_expires;
secure_link_md5 "enigma$uri$secure_link_expires";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
Thanks
Andrew
________________________________
From: nginx <nginx-bounces at nginx.org> on behalf of Patrick <201904-nginx at jslf.app>
Sent: Friday, June 7, 2019 12:29 AM
To: nginx at nginx.org
Subject: Re: Securing URLs with the Secure Link Module in NGINX
On 2019-06-06 23:00, Andrew Andonopoulos wrote:
> However i changed it little bit and i used the following (without map) and i was able to get 200 for only the URI, so i presume that the secure link with NGINX is working:
Can you post a redacted version of the config file?
Secure Link should work -- however it's not great because unless the m3u8
playlist is generated on the fly, the media assets will not be protected
by the Secure Link setup.
Patrick
_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190607/c3bc66a3/attachment-0001.html>
More information about the nginx
mailing list