Skip to content

Instantly share code, notes, and snippets.

@svdgraaf
Created September 20, 2010 05:59
Show Gist options
  • Save svdgraaf/587479 to your computer and use it in GitHub Desktop.
Save svdgraaf/587479 to your computer and use it in GitHub Desktop.
nginx + geo ip + secure download
$ ./configure --add-module=/home/svdgraaf/tmp/nginx/ngx_http_bytes_filter_module-57365655ee44 --with-http_geoip_module --add-module=/home/svdgraaf/tmp/nginx/ngx_secure_download
http {
include mime.types;
default_type application/octet-stream;
# location of the GeoIP data file, get it from
# http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
geoip_country /home/svdgraaf/tmp/GeoIP.dat;
log_format main '$remote_addr :: $geoip_country_code :: $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# example url: /g/NL/m1fznq9f7qnd.flv/dc853451170312f7ab4bbfd9cde6f7c1/4c975926
location ~* /g/(..)/.* {
set $req_country $1;
log_format extra '$remote_addr :: $geoip_country_code :: $req_country :: $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log extra;
secure_download on;
secure_download_secret 'xyz';
secure_download_path_mode file;
if ($secure_download = "-1") {
rewrite /expired.html break;
}
if ($secure_download = "-2") {
rewrite /bad_hash.html break;
}
if ($secure_download = "-3") {
return 500;
}
if ($geoip_country_code = $req_country) {
rewrite ^/g/(.+)/(.*)/[0-9a-zA-Z]*/[0-9a-zA-Z]*$ /m/$2 break;
proxy_pass http://media.zie.nl;
}
return 403;
}
}
<?php
// media id
$filename = 'm1fznq9f7qnd.flv';
$dir = '/g/';
// which country should be allowed?
$country = 'NL';
// private key, this is defined in the nginx.conf
$private = 'xyz';
// timestamp to hex, 30 minute access
$timestamp = dechex(time() + 60*30);
// define the secred
$secret = "{$dir}{$country}/{$filename}/{$private}/{$timestamp}";
$hash = md5($secret);
// this is the end url, eg: http://62.69.161.100/g/NL/m1fznq9f7qnd.flv/dc853451170312f7ab4bbfd9cde6f7c1/4c975926
$url = "http://62.69.161.100{$dir}{$country}/{$filename}/{$hash}/{$timestamp}";
echo "<h1>Geo code for {$country}, {$filename}</h1>";
echo "<h2>Secret: {$secret}</h2>";
echo "<a href='{$url}'>{$url}</a>";
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment