0

I´m using the following serve block to serve some mp4 files using NGINX secure link.

server {
        listen 80;
        listen [::]:80;

        root /var/www/cdn;
        index index.html index.php index.htm index.nginx-debian.html;

        server_name cdn.server.xyz;

        location /v {
            root /var/www/cdn/videos;
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri$remote_addr supersecret";

            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
        }

}

And the following PHP code to generate the hash:

<?php
$expires = time()+7200;  # e.g. 2 hours url expiry would be time()+7200;
$domain = 'http://cdn.server.xyz';
$uri = urldecode('/v/test.mp4'); #uri
$ip = 'XXX.XXX.XXX.XXX'; 
$secure_text = 'supersecret';

function getSecureHash($ip, $uri, $secure_text, $expires){
 $str = $expires.$uri.$ip.' '.$secure_text;
 $tmp = md5( $str, true );
 $tmp1 = base64_encode( $tmp );
 return str_replace( array('+', '/', '='), array('-', '_', ''), $tmp1 );
}
$url = "$domain$uri?md5=".getSecureHash($ip, $uri, $secure_text, $expires)."&expires=$expires";
echo $url;

The problem that I'm stucked is that for any request, I'm having the 403 error.

Here is the nginx error.log (https://pastebin.com/UkfQWttC) Any suggestion that what I'm doing wrong?

Paul Mark
  • 1
  • 1

1 Answers1

0

nginx secure link documentation states that the MD5 hash value should be encoded with base64url.

However, in your code you are using normal Base64 encode, which is different. You can use functions described in Base64.guru to perform base64url encoding in PHP.

The difference between base64 and base64 encoding is that + is replaced with - and / is replaced with _.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Hey, thanks for the suggestion, after changing to generate using base64url I still having the 403 error. – Paul Mark Jul 29 '22 at 19:26