Nginx-accesskey权限模块使用——简单的m3u8防盗链
Posted Tinywan
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx-accesskey权限模块使用——简单的m3u8防盗链相关的知识,希望对你有一定的参考价值。
配置文件:http://www.cnblogs.com/tinywan/p/5983694.html
通过加密后的文件:
正确地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
参数错误地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213
没带参数:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8
【1】正确地址: curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:12:39 GMT
Content-Type: application/vnd.apple.mpegurl
Content-Length: 367
Last-Modified: Fri, 21 Oct 2016 09:12:34 GMT
Connection: keep-alive
ETag: "5809dc02-16f"
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA-SEQUENCE:300
#EXT-X-TARGETDURATION:7
#EXT-X-KEY:METHOD=AES-128,URI="https://myserver.com/keys/S0000_8-300.key",IV=0x0000000000000000000000000000012C
#EXTINF:7.000,
S0000_8-300.ts
#EXTINF:7.000,
S0000_8-301.ts
#EXTINF:7.000,
【2】参数错误地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213
www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213 HTTP/1.1 403 Forbidden Server: nginx/1.8.1 Date: Fri, 21 Oct 2016 09:14:30 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.8.1</center> </body> </html>
【3】没有携带参数访问:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8
www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8 HTTP/1.1 403 Forbidden Server: nginx/1.8.1 Date: Fri, 21 Oct 2016 09:15:15 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.8.1</center> </body> </html> www@iZ23a7607jaZ:/home/tinywan$
【4】Nginx config配置文件:
http {
include mime.types;
default_type application/octet-stream;
log_format main \'[$time_local][$remote_addr][$http_x_forwarded_for] $status "$request" "$http_referer" "$http_user_agent"\';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name example.com;
#ssl_certificate /var/ssl/example.com.cert;
#ssl_certificate_key /var/ssl/example.com.key;
location /keys {
root /tmp;
}
}
server {
set $wwwroot /home/www/node/html;
listen 80;
server_name 127.0.0.1;
index index.html;
root $wwwroot;
access_log logs/node.access.log main;
location /rtmp/stat {
rtmp_stat all;
rtmp_stat_stylesheet rtmpstat.xsl;
}
location /rtmpstat.xsl {
}
location /rtmp/control {
rtmp_control all;
}
location ~* /hls/.*\\.m3u8$ {
types {
application/vnd.apple.mpegurl m3u8;
}
root /tmp;
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key";
#accesskey_signature "password$remote_addr";
accesskey_signature "password120.26.206.180";
}
location ~* /hls/.*\\.ts$ {
types {
video/mp2t ts;
}
root /tmp;
expires 1m;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /hls {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key";
accesskey_signature "password$remote_addr";
#accesskey_signature "password115.29.201.161";
alias /tmp/hls;
}
location /control {
rtmp_control all;
}
}
}
rtmp {
server {
listen 1935;
ping 30s;
notify_method get;
drop_idle_publisher 3s;
application live {
live on;
#pull rtmp://121.40.133.183/live/206 name=206;
#exec /home/www/bin/rtmpHLS.sh $name;
exec /home/www/bin/autoRecord.sh $name;
exec_kill_signal term;
#exec_play /home/www/bin/execPlay.sh $name;
#on_play http://sewise.amai8.com/authcheck/play;
#录像模块
recorder rec1 {
record all manual;
record_unique on;
record_notify on;
record_max_size 512M;
#record_interval 30s;
record_path /data/recorded_flvs;
record_suffix all.flv;
#录像停止后,先判断是否能上传,允许后则将录像上传到OSS/
exec_record_done /home/www/bin/rtmpRecorded.sh $name $path $filename $basename $dirname;
}
}
hls on;
hls_path /tmp/hls;
#hls_sync 100ms;
hls_keys on;
#hls_key_path /tmp/keys;
hls_key_url https://myserver.com/keys/;
hls_fragments_per_key 10;
}
}
以上是关于Nginx-accesskey权限模块使用——简单的m3u8防盗链的主要内容,如果未能解决你的问题,请参考以下文章
使用第三方模块ngx_http_accesskey_module实现Nginx防盗链