en:stalker:nginx_secure

Nginx secure links

1. Check if nginx has module –with-http_secure_link_module if not - reconfigure nginx with enabled secure links module . See nginx official documentation for details.

nginx version: nginx/1.6.2
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --with-http_secure_link_module

2. In admin interface:

spoiler

3. Configure nginx on server:

nginx.conf

events {
    worker_connections  1024;
}
 
http {
server {
    listen       80;
    server_name  localhost;
 
    location / {
        proxy_pass http://localhost:88/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
 
    location ~* \.(htm|html|jpeg|jpg|gif|png|css|js)$ {
        root /var/www;
        expires 30d;
    }
location ~ ^/test/ {
  root   /var/www;
 # This must match the URI part related to the MD5 hash and expiration time.
  secure_link $arg_st,$arg_e; # this must match the URI part related
 
  # This is how the MD5 hash is built from a secret token, a URI and an expiration time.
 secure_link_md5 supersecret$uri$arg_e; # 'secret' is the secret token
 
#  # If the hash is incorrect then $secure_link is a null string.
  if ($secure_link = "") {
    return 403;
  }
 
  ## The current local time is greater than the specified expiration time.
  if ($secure_link = "0") {
    return 403;
  }
 
  ## If everything is ok $secure_link is 1. This needs to be here otherwise you'll get a 404.
  rewrite ^/test/(.*)$ /test/$1 break;
 
}
}
}

4. How it will look on STB:

output from STB:

Opening:
sol ffmpeg
URL http://192.168.1.72:80/test/Ducks.mkv?st=92OMUK4UxngBROaOH2matA&e=1411132052
Found solution "ffmpeg" num 16
Mediatype detected
len 16683, start 0 end 16683
atype 0 vtype 0
CODEC_ID_H264
Event 2
STVID_SEQUENCE_INFO_EVT w 1280 h 720
STVID Change AR 2
FrameRate 29970 dem 29970
STVID_SEQUENCE_INFO_EVT w 1280 h 720
Event 7
Changed FrameRate 29970 dem 29970
Event 4
Event 1
Opening:
sol ffmpeg
URL http://192.168.1.72:80/test/Ducks.mkv?st=W1bQJd-yvZrQzPFdNaqctw&e=1411132071
Found solution "ffmpeg" num 16
Mediatype detected