nginx + geo ip + secure download
http { | |
include mime.types; | |
default_type application/octet-stream; | |
# location of the GeoIP data file, get it from | |
# http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz | |
geoip_country /home/svdgraaf/tmp/GeoIP.dat; | |
log_format main '$remote_addr :: $geoip_country_code :: $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log logs/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
keepalive_timeout 65; | |
#gzip on; | |
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; | |
server { | |
listen 80; | |
server_name localhost; | |
#charset koi8-r; | |
#access_log logs/host.access.log main; | |
# example url: /g/NL/m1fznq9f7qnd.flv/dc853451170312f7ab4bbfd9cde6f7c1/4c975926 | |
location ~* /g/(..)/.* { | |
set $req_country $1; | |
log_format extra '$remote_addr :: $geoip_country_code :: $req_country :: $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log logs/access.log extra; | |
secure_download on; | |
secure_download_secret 'xyz'; | |
secure_download_path_mode file; | |
if ($secure_download = "-1") { | |
rewrite /expired.html break; | |
} | |
if ($secure_download = "-2") { | |
rewrite /bad_hash.html break; | |
} | |
if ($secure_download = "-3") { | |
return 500; | |
} | |
if ($geoip_country_code = $req_country) { | |
rewrite ^/g/(.+)/(.*)/[0-9a-zA-Z]*/[0-9a-zA-Z]*$ /m/$2 break; | |
proxy_pass http://media.zie.nl; | |
} | |
return 403; | |
} | |
} |
<?php | |
// media id | |
$filename = 'm1fznq9f7qnd.flv'; | |
$dir = '/g/'; | |
// which country should be allowed? | |
$country = 'NL'; | |
// private key, this is defined in the nginx.conf | |
$private = 'xyz'; | |
// timestamp to hex, 30 minute access | |
$timestamp = dechex(time() + 60*30); | |
// define the secred | |
$secret = "{$dir}{$country}/{$filename}/{$private}/{$timestamp}"; | |
$hash = md5($secret); | |
// this is the end url, eg: http://62.69.161.100/g/NL/m1fznq9f7qnd.flv/dc853451170312f7ab4bbfd9cde6f7c1/4c975926 | |
$url = "http://62.69.161.100{$dir}{$country}/{$filename}/{$hash}/{$timestamp}"; | |
echo "<h1>Geo code for {$country}, {$filename}</h1>"; | |
echo "<h2>Secret: {$secret}</h2>"; | |
echo "<a href='{$url}'>{$url}</a>"; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment