Nginx third-party module ngx_http_accesskey_module to implement the download file anti-theft chain 1, the specific installation tutorial: HTTP://WWW.CNBLOGS.COM/TINYWAN/P/5983694.HTML/2, Nginx configuration file
Location/hls { Alias/tmp/hls; }
location/download { accesskey on ; Accesskey_hashmethod MD5; Accesskey_arg "key"; #accesskey_signature "password$remote_addr"; accesskey_signature "PASSWORD121.1.206.18/1"; Alias/tmp/hls; }
which
AccessKey is a module switch;
Accesskey_hashmethod for encryption MD5 or SHA-1;
Accesskey_arg is the keyword parameter in the URL;
Accesskey_signature is the encrypted value, which is a string of mypass and access IP. I am in this is set to the specified IP address, in order to let only that one IP address can play the stream can either
/download for you download the directory "has turned on the anti-theft chain"
/hls "No anti-theft chain" in place for m3u8 to store files
It can be seen that the two modules of the common one folder/tmp/hls;
3. Test permissions
Pass Curl Test
"1" gets the MD5 encryption value:
[email protected]:/home/www# echo-n Password121.1.206.18
c7e2d8f498920f1a86e4c95d4a58a27e -
MD5 encryption value is: c7e2d8f498920f1a86e4c95d4a58a27e
Echo-n does not output line breaks, md5sum encryption method
"2" did not bring the test results: 403 Forbidden
[email protected]:/home/tinywan$ curl-i/HTTP IP address (here is the live node IP address)/download/s0000_8.m3u8http/1.1 403 Forbiddenserver:nginx/1.8.1date:fri, Oct 07:46:07 gmtcontent-type:text/htmlcontent-length:168connection: Keep-alive<HTML><Head><title>403 Forbidden</title></Head><Bodybgcolor= "White"><Center><H1>403 Forbidden</H1></Center><HR><Center>nginx/1.8.1</Center></Body></HTML>
"2" carry the test result of the correct key: can get to the m3u8 file under the HLs file
[Email protected]:/home/www# curl-i http//IP address (here is the live node IP address)/download/s0000_8.m3u8?key= c7e2d8f498920f1a86e4c95d4a58a27ehttp/1.1 Okserver:nginx/1.8.1date:fri, Oct 07:26:39 GMTContent-Type: Application/vnd.apple.mpegurlcontent-length:255last-modified:fri, Oct 07:26:34 Gmtconnection:keep-aliveetag : "5809c32a-ff" accept-ranges:bytes#extm3u#ext-x-version:3#ext-x-media-sequence:368#ext-x-targetduration:5# extinf:5.013,s0000_8-368.ts#extinf:5.013,s0000_8-369.ts#extinf:5.014,s0000_8-370.ts#extinf:5.013,s0000_8-371. Ts#extinf:5.013,s0000_8-372.ts#extinf:5.014,s0000_8-373.ts
Test result for "3" carrying the wrong key: 403 Forbidden
[Email protected]:/home/tinywan$ curl-i http//IP address (here is the live node IP address)/download/s0000_8.m3u8?key= C7e2d8f498920f1a86e4c95d4a58a271234http/1.1 403 Forbiddenserver:nginx/1.8.1date:fri, OCT 2016 07:46:07 Gmtcontent-type:text/htmlcontent-length:168connection:keep-alive<HTML><Head><title>403 Forbidden</title></Head><Bodybgcolor= "White"><Center><H1>403 Forbidden</H1></Center><HR><Center>nginx/1.8.1</Center></Body></HTML>
The key value is based on the user's IP, so you can avoid being hotlinking.
Nginx-accesskey Usage Records