Skip navigation

Nginx secure links

1. Make sure nginx is installed with the module. --with-http_secure_link_module 

nginx -V

 If the module is missing, reconfigure nginx with the secure link module enabled. See more here.

nginx version: nginx/1.6.2
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --with-http_secure_link_module

2. In the administrative panel, specify nginx for the Temporary URL option.

Nginx secure links

3. The /etc/nginx/nginx.conf file should contain the following settings:

events {
    worker_connections  1024;
}
 
http {
server {
    listen       80;
    server_name  localhost;
 
    location / {
        proxy_pass http://localhost:88/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
 
    location ~* \.(htm|html|jpeg|jpg|gif|png|css|js)$ {
        root /var/www;
        expires 30d;
    }
location ~ ^/test/ {
  root   /var/www;
 # This must match the URI part related to the MD5 hash and expiration time.
  secure_link $arg_st,$arg_e; # this must match the URI part related
 
  # This is how the MD5 hash is built from a secret token, a URI and an expiration time.
 secure_link_md5 supersecret$uri$arg_e; # 'secret' is the secret token
 
#  # If the hash is incorrect then $secure_link is a null string.
  if ($secure_link = "") {
    return 403;
  }
 
  ## The current local time is greater than the specified expiration time.
  if ($secure_link = "0") {
    return 403;
  }
 
  ## If everything is ok $secure_link is 1. This needs to be here otherwise you'll get a 404.
  rewrite ^/test/(.*)$ /test/$1 break;
 
}
}
}

4. From the STB the following information is obtained:

Opening:
sol ffmpeg
URL http://192.168.1.72:80/test/Ducks.mkv?st=92OMUK4UxngBROaOH2matA&e=1411132052
Found solution "ffmpeg" num 16
Mediatype detected
len 16683, start 0 end 16683
atype 0 vtype 0
CODEC_ID_H264
Event 2
STVID_SEQUENCE_INFO_EVT w 1280 h 720
STVID Change AR 2
FrameRate 29970 dem 29970
STVID_SEQUENCE_INFO_EVT w 1280 h 720
Event 7
Changed FrameRate 29970 dem 29970
Event 4
Event 1
Opening:
sol ffmpeg
URL http://192.168.1.72:80/test/Ducks.mkv?st=W1bQJd-yvZrQzPFdNaqctw&e=1411132071
Found solution "ffmpeg" num 16
Mediatype detected

See nginx official documentation for details.

Need Help

Cindy is an expert on the Ministra TV platform and the author of this article.

Was this article helpful?

Yes No

Sorry to hear that.
How can we improve this article?

Send
We use cookies in order to optimise our website, provide you with the best possible user experience and help us promote our products. Please read our Cookie Policy to find out how we use cookies and how you can control cookies.
By using this website or closing this message, you acknowledge our Privacy Policy and agree to our use of cookies as described in our Cookie Policy.