`
haoningabc
  • 浏览: 1449144 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

nginx HttpSecureLinkModule 过期token验证模块

nginx 
阅读更多

用途,确认一个链接比如下载pdf,在一定有效期内有用
可以加个用户的权限验证,随便用个密钥和路径和时间戳,生成url串,如果不是在指定时间内访问,则可以自定义错误编码402,407等任意
1.nginx编译的时候需要./configure --prefix=/usr/local/nginx --with-http_secure_link_module
2.确定nginx要保护的目录,配置在nginx.conf中
3.用php可以生成可用链接,先用fastcgi把php跑起来 
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php-cgi -P /var/run/fastcgi-php.pid

随便建立个文件pdf文件 
[root@haoning html]# tree
.
├── 50x.html
├── index.html
├── index.php
├── p
│   └── files
│       └── top_secret.pdf
└── test.php

2 directories, 5 files
[root@haoning html]# pwd
/usr/local/nginx/html
[root@haoning html]#


php代码 
[root@haoning sbin]# cat ../html/test.php 
<?php
$secret = 'segredo'; // To make the hash more difficult to reproduce.
$path   = '/p/files/top_secret.pdf'; // This is the file to send to the user.
$expire = time()+100; // At which point in time the file should expire. time() + x; would be the usual usage.
echo $expire;
echo "</br>";
echo time(); 
echo "</br>";
$md5 = base64_encode(md5($secret . $path . $expire, true)); // Using binary hashing.
$md5 = strtr($md5, '+/', '-_'); // + and / are considered special characters in URLs, see the wikipedia page linked in references.
$md5 = str_replace('=', '', $md5); // When used in query parameters the base64 padding character is considered special.
echo $md5;
echo "</br>";
echo "http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire";
echo "</br>";
echo "<a href=\"http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire\">http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire</a>"
?>

nginx.conf 
[root@haoning conf]# cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
		location /p/ {
				secure_link $arg_st,$arg_e;
				secure_link_md5 segredo$uri$arg_e;
				if ($secure_link = "") {
						return 402;
				}
				if ($secure_link = "0") {
						return 405;
				}
		}
		location ~ \.php$ {   
            fastcgi_pass 127.0.0.1:9000;  
            fastcgi_index index.php;  
            set $path_info "/";  
            set $real_script_name $fastcgi_script_name;  
            if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1;  
                set $path_info $2;  
            }   
        }   
	fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;  
        fastcgi_param script_name $real_script_name;  
        fastcgi_param path_info $path_info;  
        include /usr/local/nginx/conf/fastcgi_params; 
    }
}
[root@haoning conf]#


官方链接
http://wiki.nginx.org/HttpSecureLinkModule

后续还要结合
https://github.com/netdna/ngx_secure_token
  • 大小: 41.2 KB
分享到:
| nginx 上传进度条
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics