Nginx-accesskey权限模块使用——简单的m3u8防盗链

Posted Tinywan

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx-accesskey权限模块使用——简单的m3u8防盗链相关的知识,希望对你有一定的参考价值。

配置文件:http://www.cnblogs.com/tinywan/p/5983694.html

通过加密后的文件:

正确地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
参数错误地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213
没带参数:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8

【1】正确地址:  curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e

www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:12:39 GMT
Content-Type: application/vnd.apple.mpegurl
Content-Length: 367
Last-Modified: Fri, 21 Oct 2016 09:12:34 GMT
Connection: keep-alive
ETag: "5809dc02-16f"
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA-SEQUENCE:300
#EXT-X-TARGETDURATION:7
#EXT-X-KEY:METHOD=AES-128,URI="https://myserver.com/keys/S0000_8-300.key",IV=0x0000000000000000000000000000012C
#EXTINF:7.000,
S0000_8-300.ts
#EXTINF:7.000,
S0000_8-301.ts
#EXTINF:7.000,

【2】参数错误地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213

www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213
HTTP/1.1 403 Forbidden
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:14:30 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.1</center>
</body>
</html>

【3】没有携带参数访问:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8

www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8
HTTP/1.1 403 Forbidden
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:15:15 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.1</center>
</body>
</html>
www@iZ23a7607jaZ:/home/tinywan$ 

【4】Nginx config配置文件:

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  \'[$time_local][$remote_addr][$http_x_forwarded_for] $status "$request" "$http_referer" "$http_user_agent"\';

    access_log  logs/access.log  main;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 443 ssl;
        server_name example.com;

        #ssl_certificate /var/ssl/example.com.cert;
        #ssl_certificate_key /var/ssl/example.com.key;

        location /keys {
            root /tmp;
        }
    }
    server {
        set  $wwwroot  /home/www/node/html;

        listen       80;
        server_name  127.0.0.1;
        index        index.html;
        root         $wwwroot;
        access_log   logs/node.access.log  main;

        location /rtmp/stat {
            rtmp_stat all;
            rtmp_stat_stylesheet rtmpstat.xsl;
        }

        location /rtmpstat.xsl {
        }

        location /rtmp/control {
            rtmp_control all;
        }

        location ~* /hls/.*\\.m3u8$ {
            types {
                application/vnd.apple.mpegurl m3u8;
            }
            root /tmp;
            add_header Cache-Control no-cache;
            add_header Access-Control-Allow-Origin *;
                 accesskey             on;
                accesskey_hashmethod  md5;
                accesskey_arg         "key";
                #accesskey_signature   "password$remote_addr";
                accesskey_signature   "password120.26.206.180";

        }

        location ~* /hls/.*\\.ts$ {
            types {
                video/mp2t ts;
            }
            root /tmp;
            expires    1m;
            add_header Cache-Control public;
            add_header Access-Control-Allow-Origin *;
        }

        #error_page  404              /404.html;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location /hls {
                accesskey             on;
                accesskey_hashmethod  md5;
                accesskey_arg         "key";
                accesskey_signature   "password$remote_addr";
                #accesskey_signature   "password115.29.201.161";

                alias /tmp/hls;
        }

        location /control {
                rtmp_control all;
        }

    }

}

rtmp {
    server {
        listen 1935;
        ping 30s;
        notify_method get;
        drop_idle_publisher 3s;

        application live {
            live on;
            #pull rtmp://121.40.133.183/live/206 name=206;
            #exec /home/www/bin/rtmpHLS.sh $name;
            exec /home/www/bin/autoRecord.sh $name;
            exec_kill_signal term;
            #exec_play /home/www/bin/execPlay.sh $name;
            #on_play http://sewise.amai8.com/authcheck/play;
            #录像模块
            recorder rec1 {
                       record all manual;
                       record_unique on;
                       record_notify on;
                       record_max_size 512M;
                       #record_interval 30s;
                       record_path /data/recorded_flvs;
                       record_suffix all.flv;

                       #录像停止后,先判断是否能上传,允许后则将录像上传到OSS/
                       exec_record_done /home/www/bin/rtmpRecorded.sh $name $path $filename $basename $dirname;
           }

       }
        hls on;
        hls_path /tmp/hls;
        #hls_sync 100ms;

        hls_keys on;
        #hls_key_path /tmp/keys;
        hls_key_url https://myserver.com/keys/;
        hls_fragments_per_key 10;

    }
}

 


以上是关于Nginx-accesskey权限模块使用——简单的m3u8防盗链的主要内容,如果未能解决你的问题,请参考以下文章

使用第三方模块ngx_http_accesskey_module实现Nginx防盗链

Pikachu-Over Permission模块

vue_cli下开发一个简单的模块权限系统之建立登录页面并且实现在浏览器输入地址出现内容

vue_cli下开发一个简单的模块权限系统之实现登录

权限管理模块设计

权限管理模块设计