Hi, Actually you can use a module developed by Kaltura call secure token module (1). This module can examine your response to see its content-type, if it matches configured parameter, it will automatically inject secure params into hls playlist. Use this module, please note you dont use anything relate to uri in secure link (ie: dont use $uri to calculate secure link)
(1): https://github.com/kaltura/nginx-secure-token-module <https://github.com/kaltura/nginx-secure-token-module> > On Jun 17, 2019, at 3:17 PM, Andrew Andonopoulos <andre8...@hotmail.com> > wrote: > > Hi Francis and thank you for your quick response / support. > > Now is more clear how locations and secure link works. > > I would like to add the secure link in each m3u8 and ts file but can't modify > the files on the fly with the free nginx version, i think nginx plus have > this capability ? (receive fmp4 and deliver manifests on the fly) > https://www.nginx.com/products/nginx/streaming-media/ > <https://www.nginx.com/products/nginx/streaming-media/> > > What you would suggest in case i want to use secure link for all the files? > > > Thanks > Andrew > > > > > > From: nginx <nginx-boun...@nginx.org> on behalf of Francis Daly > <fran...@daoine.org> > Sent: Monday, June 17, 2019 7:40 AM > To: nginx@nginx.org > Subject: Re: Securing URLs with the Secure Link Module in NGINX > > On Sat, Jun 15, 2019 at 06:08:07PM +0000, Andrew Andonopoulos wrote: > > Hi there, > > > In my case the player will request the m3u8 URL: > > > > https://<domain>/hls/justin-timberlake-encrypted/playlist.m3u8?md5=u808mTXsFSpZt7b8wLvlIw&expires=1560706367 > > > > The response from the server will be: > > > > #EXTM3U > > #EXT-X-VERSION:3 > > #EXT-X-STREAM-INF:BANDWIDTH=200000,RESOLUTION=416x234 > > Justin_Timberlake_416_234_200.m3u8 > > #EXT-X-STREAM-INF:BANDWIDTH=300000,RESOLUTION=480x270 > > Justin_Timberlake_480_270_300.m3u8 > > > Can I instruct Nginx to use secure link only for the playlist.m3u8 and not > > for the other m3u8 and ts files? > > Yes. > > I am not sure why you would do that; or what benefit it will give you; > but that's ok. I do not need to understand that part. > > > In nginx, a request in handled in a location. > > So you want one location that will handle playlist.m3u8 requests and > does the secure_link thing; and a separate location that will handle > all of the other /hls/ requests. > > I think you want to proxy_pass all of the requests, so you need proxy_pass > in both locations. > > I think you want lots of common config -- add_header, proxy_hide_header -- > so it is probably simplest to use nested locations to allow inheritance > rather than duplication. > > For example (untested): > > location /hls/ { > > # all of the common config goes here > > proxy_pass http://s3test.s3.amazonaws.com > <http://s3test.s3.amazonaws.com/>; > > location ~ /playlist\.m3u8$ { > secure_link $arg_md5,$arg_expires; > secure_link_md5 "enigma$hls_uri$secure_link_expires"; > > if ($secure_link = "") { return 403; } > if ($secure_link = "0") { return 410; } > proxy_pass http://s3test.s3.amazonaws.com > <http://s3test.s3.amazonaws.com/>; > } > > } > > Adjust to fit the rest of your requirements. > > Good luck with it, > > f > -- > Francis Daly fran...@daoine.org > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > <http://mailman.nginx.org/mailman/listinfo/nginx> > _______________________________________________ > nginx mailing list > nginx@nginx.org <mailto:nginx@nginx.org> > http://mailman.nginx.org/mailman/listinfo/nginx > <http://mailman.nginx.org/mailman/listinfo/nginx>
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
