Hello I've tried every possible way I can think of to make secure links work with expires. I've tried different versions of nginx, I've tried on Ubuntu, tried on Centos, tried generating the hash using openssl, tried using Python. I've followed every tutorial I can find. So I must be doing something really wrong.
I am trying to use the nginx secure link module http://nginx.org/en/docs/http/ngx_http_secure_link_module.html I want to make secure links using expires. No matter what I try, I cannot get it to work when I try to uses the expire time. It works fine when I do a simple secure link based purely on the link, without also the expire time or the ip address. Can anyone suggest what I am doing wrong? Or can anyone point me to instructions that show every detail of how to do it and have been recently tested? thanks! The command to generate the key: ubuntu@ip-172-31-34-191:/var/www$ echo -n '2147483647/html/index.html secret' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = FsRb_uu5NsagF0hA_Z-OQg The command that fails: ubuntu@ip-172-31-34-191:/var/www$ curl http://127.0.0.1/html/index.html?md5=FsRb_uu5NsagF0hA_Z-OQgexpires=2147483647 <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.14.2</center> </body> </html> Here's the relevant part of the nginx conf file: ubuntu@ip-172-31-34-191:/var/www$ sudo cat /etc/nginx/sites-enabled/theapp_nginx.conf ...SNIP location /html/ { secure_link $arg_md5,$arg_expires; secure_link_md5 "$secure_link_expires$uri secret"; if ($secure_link = "") { return 403; } if ($secure_link = "0") { return 410; } try_files $uri $uri/ =404; } ...SNIP Here's the nginx version info: ubuntu@ip-172-31-34-191:/var/www$ nginx -V nginx version: nginx/1.14.2 built with OpenSSL 1.1.0g 2 Nov 2017 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-x0ix7n/nginx-1.14.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-ndk --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/nchan --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-lua --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/rtmp --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-subs-filter ubuntu@ip-172-31-34-191:/var/www$
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
