location /hls {
alias /tmp/hls;
}
location /download {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key";
#accesskey_signature "password$remote_addr";
accesskey_signature "password121.1.206.18/1";
alias /tmp/hls;
}
其中:
accesskey 为模块开关;
accesskey_hashmethod 为加密方式MD5或者SHA-1;
accesskey_arg 为url中的关键字参数;
accesskey_signature 为加密值,此处为mypass和访问IP构成的字符串。我在这是设置为指定的IP地址,为了只让该一个IP地址可以播放该流既可以
/download 为你下载的目录 【已开启防盗链】
/hls 为m3u8存放文件的地方 【未开启防盗链】
可以看出该两个模块公用一个文件夹 /tmp/hls;
通过 curl 测试
【1】获取该MD5加密值:
root@iZ231gvwxe7Z:/home/www# echo -n password121.1.206.18|md5sum
c7e2d8f498920f1a86e4c95d4a58a27e -
md5加密值为:c7e2d8f498920f1a86e4c95d4a58a27e
echo -n 表示不输出换行符 ,md5sum 加密方法
【2】没带可以的测试结果:403 Forbidden
www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/download/S0000_8.m3u8 HTTP/1.1 403 Forbidden Server: nginx/1.8.1 Date: Fri, 21 Oct 2016 07:46:07 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.8.1</center> </body> </html>
【2】携带正确的key的测试结果:可以获取到hls文件下面的m3u8文件
root@iZ231gvwxe7Z:/home/www# curl -i http://访问的IP地址(这里是直播节点IP地址)/download/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 07:26:39 GMT
Content-Type: application/vnd.apple.mpegurl
Content-Length: 255
Last-Modified: Fri, 21 Oct 2016 07:26:34 GMT
Connection: keep-alive
ETag: "5809c32a-ff"
Accept-Ranges: bytes
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA-SEQUENCE:368
#EXT-X-TARGETDURATION:5
#EXTINF:5.013,
S0000_8-368.ts
#EXTINF:5.013,
S0000_8-369.ts
#EXTINF:5.014,
S0000_8-370.ts
#EXTINF:5.013,
S0000_8-371.ts
#EXTINF:5.013,
S0000_8-372.ts
#EXTINF:5.014,
S0000_8-373.ts
【3】携带错误的key的测试结果:403 Forbidden
www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/download/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a271234 HTTP/1.1 403 Forbidden Server: nginx/1.8.1 Date: Fri, 21 Oct 2016 07:46:07 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.8.1</center> </body> </html>
key 值是根据用户的IP有关的,这样就可以避免被盗链了。
原文:http://www.cnblogs.com/tinywan/p/5984804.html