Hi Hung, I presume i need to re-compile nginx. I never installed a module before so i think i need to follow these steps:
1) get the module in the server, in the folder /tmp/ 2) compile nginx with this command: ./configure --add-module=/tmp/nginx-secure-token-module (this will be the module folder? so i just point it to the folder in tmp? Thanks Andrew ________________________________ From: nginx <nginx-boun...@nginx.org> on behalf of Hung Nguyen <hun...@opensource.com.vn> Sent: Monday, June 17, 2019 12:01 PM To: nginx@nginx.org Subject: Re: Securing URLs with the Secure Link Module in NGINX Hi, Actually you can use a module developed by Kaltura call secure token module (1). This module can examine your response to see its content-type, if it matches configured parameter, it will automatically inject secure params into hls playlist. Use this module, please note you dont use anything relate to uri in secure link (ie: dont use $uri to calculate secure link) (1): https://github.com/kaltura/nginx-secure-token-module On Jun 17, 2019, at 3:17 PM, Andrew Andonopoulos <andre8...@hotmail.com<mailto:andre8...@hotmail.com>> wrote: Hi Francis and thank you for your quick response / support. Now is more clear how locations and secure link works. I would like to add the secure link in each m3u8 and ts file but can't modify the files on the fly with the free nginx version, i think nginx plus have this capability ? (receive fmp4 and deliver manifests on the fly) https://www.nginx.com/products/nginx/streaming-media/ What you would suggest in case i want to use secure link for all the files? Thanks Andrew ________________________________ From: nginx <nginx-boun...@nginx.org<mailto:nginx-boun...@nginx.org>> on behalf of Francis Daly <fran...@daoine.org<mailto:fran...@daoine.org>> Sent: Monday, June 17, 2019 7:40 AM To: nginx@nginx.org<mailto:nginx@nginx.org> Subject: Re: Securing URLs with the Secure Link Module in NGINX On Sat, Jun 15, 2019 at 06:08:07PM +0000, Andrew Andonopoulos wrote: Hi there, > In my case the player will request the m3u8 URL: > > https://<domain>/hls/justin-timberlake-encrypted/playlist.m3u8?md5=u808mTXsFSpZt7b8wLvlIw&expires=1560706367 > > The response from the server will be: > > #EXTM3U > #EXT-X-VERSION:3 > #EXT-X-STREAM-INF:BANDWIDTH=200000,RESOLUTION=416x234 > Justin_Timberlake_416_234_200.m3u8 > #EXT-X-STREAM-INF:BANDWIDTH=300000,RESOLUTION=480x270 > Justin_Timberlake_480_270_300.m3u8 > Can I instruct Nginx to use secure link only for the playlist.m3u8 and not > for the other m3u8 and ts files? Yes. I am not sure why you would do that; or what benefit it will give you; but that's ok. I do not need to understand that part. In nginx, a request in handled in a location. So you want one location that will handle playlist.m3u8 requests and does the secure_link thing; and a separate location that will handle all of the other /hls/ requests. I think you want to proxy_pass all of the requests, so you need proxy_pass in both locations. I think you want lots of common config -- add_header, proxy_hide_header -- so it is probably simplest to use nested locations to allow inheritance rather than duplication. For example (untested): location /hls/ { # all of the common config goes here proxy_pass http://s3test.s3.amazonaws.com<http://s3test.s3.amazonaws.com/>; location ~ /playlist\.m3u8$ { secure_link $arg_md5,$arg_expires; secure_link_md5 "enigma$hls_uri$secure_link_expires"; if ($secure_link = "") { return 403; } if ($secure_link = "0") { return 410; } proxy_pass http://s3test.s3.amazonaws.com<http://s3test.s3.amazonaws.com/>; } } Adjust to fit the rest of your requirements. Good luck with it, f -- Francis Daly fran...@daoine.org<mailto:fran...@daoine.org> _______________________________________________ nginx mailing list nginx@nginx.org<mailto:nginx@nginx.org> http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org<mailto:nginx@nginx.org> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
