How to properly configure nginx config to secure

U

Universal322021-06-11 08:03:43

Nginx

Universal32, 2021-06-11 08:03:43

How to properly configure nginx config to secure_link?

Guys, help, I can not figure out how to do it myself.

There are 2 servers, one hosts a site with videos for downloading, the second stores all statics (videos, pictures, previews).
The task is to serve video through nginx_secure_link, and block direct access to mp4 files.
Those. the video should only be served by a link like https://tut-server-name.com/1/1.mp4?md5=U6nobMYI7u... (this link is generated by the php file), and the file should be downloaded, not played in browser.

The folder structure on the second server is
as follows: nginx root /var/www/stream/
video /var/www/stream/1/1.mp4
video /var/www/stream/2/2.mp4
etc.

Direct access to *.mp4 files, but it would be impossible to open directlyhttps://tut-server-name.com/1/1.mp4 , and leave direct access to *.jpg files

An example of setting secure_link:

location /securetest {
       alias html/mhmsecure/securetest;
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri$remote_addr live21.ir";

            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
        
    }

The full section with https now looks like this:

# Settings for a TLS enabled server.

    server {
        server_name tut-server-name.com;
        index index.php;
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /var/www/stream;

        ssl_certificate "/etc/nimble/cert.pem";
        ssl_certificate_key "/etc/nimble/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass 127.0.0.1:9000;

        location /stream {
            root /var/www;
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri$remote_addr enigma";

            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
        }

        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
        include fastcgi_params;
        }

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
}
}

But now the config is wrong and throws an error. Please help me write the correct one. Thank you very much in advance.

nginx: [emerg] location "/stream" is outside location "\.php$" in /etc/nginx/nginx.conf:70
nginx: configuration file /etc/nginx/nginx.conf test failed