Securing URLs with the Secure Link Module in NGINX
Francis Daly
francis at daoine.org
Mon Jun 17 07:40:04 UTC 2019
On Sat, Jun 15, 2019 at 06:08:07PM +0000, Andrew Andonopoulos wrote:
Hi there,
> In my case the player will request the m3u8 URL:
>
> https://<domain>/hls/justin-timberlake-encrypted/playlist.m3u8?md5=u808mTXsFSpZt7b8wLvlIw&expires=1560706367
>
> The response from the server will be:
>
> #EXTM3U
> #EXT-X-VERSION:3
> #EXT-X-STREAM-INF:BANDWIDTH=200000,RESOLUTION=416x234
> Justin_Timberlake_416_234_200.m3u8
> #EXT-X-STREAM-INF:BANDWIDTH=300000,RESOLUTION=480x270
> Justin_Timberlake_480_270_300.m3u8
> Can I instruct Nginx to use secure link only for the playlist.m3u8 and not for the other m3u8 and ts files?
Yes.
I am not sure why you would do that; or what benefit it will give you;
but that's ok. I do not need to understand that part.
In nginx, a request in handled in a location.
So you want one location that will handle playlist.m3u8 requests and
does the secure_link thing; and a separate location that will handle
all of the other /hls/ requests.
I think you want to proxy_pass all of the requests, so you need proxy_pass
in both locations.
I think you want lots of common config -- add_header, proxy_hide_header --
so it is probably simplest to use nested locations to allow inheritance
rather than duplication.
For example (untested):
location /hls/ {
# all of the common config goes here
proxy_pass http://s3test.s3.amazonaws.com;
location ~ /playlist\.m3u8$ {
secure_link $arg_md5,$arg_expires;
secure_link_md5 "enigma$hls_uri$secure_link_expires";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
proxy_pass http://s3test.s3.amazonaws.com;
}
}
Adjust to fit the rest of your requirements.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list