https://nginx.org/en/docs/http/ngx_http_hls_module.html
but ts is not about encryption, but about encoding and optimization of transmission and m3u8 + ts videos are no more difficult to download than simple .mp4
Everything that you send to the user for viewing a priori cannot be protected from downloading or writing. If you think differently, then ask netflix for which video streaming is the main business, and whose videos are pirated anyway.

You can look at VK, they have done the same, hls with encryption. Only sense 0, the client will receive the keys to any one and decrypt it to any one, ffmpeg calmly chews this. Unless it saves from completely stupid and lazy

Yopt, maybe the fact is already starting to lead ... It's IMPOSSIBLE
to protect the video from piracy In principle. Find a solution to such a case - a virtual machine in VB, a browser on it, an honest client in the browser (with all registrations, with payment for content and all that) watches a video. OUTSIDE of the virtual machine, a screen recorder runs in the host axis, which writes the specified area to a file. Yes, this method has drawbacks - low quality, you still need to buy it once - but if the screen is sold, then it will recoup the costs :) There is a second option - it clearly suggests itself, if the video is popular and sold - write your client, who will stupid to write to a file. He will pretend to be someone, and he will write to the file instead of playing.

That is, of course, you can use some kind of protection - maybe it will work against kiddies.