Help cofiguring module

[kurokood]

Hello im having a hard time working this module out. Could someone share some of their configuration so i can get some idea how can i make this module work for me?

kaltura vod module is already working for me all i want to achieve right now is to tokenize the source video file so others won't leach on the source video file.

i already added nginxsecure module, nginx akamai token validate module and nginx vod module. I just dont know where to start.

If there's any tutorial on how to do this would be a great help as the documentation isn't clear for me.

here's the sample website that im working on. as you can see the video is already working but the source video url is not encrypted.

[erankor]

Have you looked at the sample configurations https://github.com/kaltura/nginx-secure-token-module/#sample-configurations? If you are not planning to use a real CDN, you do something like https://github.com/kaltura/nginx-secure-token-module/#encrypted-hls-with-token-security-on-the-encryption-key.

For example -

    secure_token_akamai $token {
        key 1234;
        acl "$secure_token_baseuri_comma*";
    }

    server {

        location /hls/ {
            vod hls;

            secure_token $token;
            secure_token_types application/vnd.apple.mpegurl;
            secure_token_expires_time 100d;
            secure_token_query_token_expires_time 1h;

            akamai_token_validate $arg___hdnea__;
            akamai_token_validate_key 1234;
        }
    }

[kurokood]

Hello Erankor Thanks for your time.

Yes i have looked at that sample configurations for days now and i can't seem to figure out how to make it work. i applied it to nginx.conf but it doesn't work for me, i know there's something that i'm missing here.

Here's what it looks like inside my nginx.conf file:

user www-data; worker_processes auto; worker_rlimit_nofile 8192; pid /run/nginx.pid;

events { worker_connections 4096; }

http {

server {
    server_name goodee.org www.goodee.org;
    # vod mode
    vod_mode mapped;

    # vod caches
    vod_metadata_cache metadata_cache 512m;
    vod_response_cache response_cache 128m;
    vod_mapping_cache mapping_cache 5m;

    # gzip manifests
    gzip on;
    gzip_types application/vnd.apple.mpegurl;

    # file handle caching
    open_file_cache          max=1000 inactive=5m;
    open_file_cache_valid    2m;
    open_file_cache_min_uses 1;
    open_file_cache_errors   on;

    location ^~ /video/ {
        alias /etc/nginx/json/;
        vod hls;

        add_header Access-Control-Allow-Headers '*';
        add_header Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range';
        add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
        add_header Access-Control-Allow-Origin '*';
        expires 100d;
    }

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/goodee.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/goodee.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = www.goodee.org) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = goodee.org) {
    return 301 https://$host$request_uri;
} # managed by Certbot

    listen 80;
    server_name goodee.org www.goodee.org;
return 404; # managed by Certbot

}}

sample video destination is at /etc/nginx/vod/ m3u8 files is at /etc/nginx/json/

I hope you can help me i'm working this out for days now and i don't know what to do next.

[erankor]

Can you explain what doesn't work exactly? the config doesn't load? there's an error in nginx error log? the are no tokens in the manifest? ...

[kurokood]

I need guide on what to do first, i don't have idea where to start. I can't fully understand the sample configurations. But the test video is already working i just need to encrypt it.

I can fully understand how directives work, i just can't figure out where or what block should i put the codes like in the sample configurations.

[erankor]

the secure_token_akamai block must be under http, the rest can be placed in the location where you have vod hls. I suggest you try it out, and use the nginx error log, if things don't work.

[kurokood]

Last question. where should i put the secure token module URI encryption block? this one

location ~ ^/hls/p/\d+/(sp/\d+/)?serveFlavor/entryId/([^/]+)/(.*) {
    vod hls;
    vod_secret_key "password$2";

    secure_token_encrypt_uri on;
    secure_token_encrypt_uri_key 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f;
    secure_token_encrypt_uri_iv 00000000000000000000000000000000;
    secure_token_encrypt_uri_part $3;
    secure_token_types application/vnd.apple.mpegurl;

    add_header Last-Modified "Sun, 19 Nov 2000 08:52:00 GMT";
    expires 100d;
}

[erankor]

Encryption is a separate feature, the discussion until now was about tokenization... with tokenization the URLs are signed using a configured secret, and have a configured expiration time. Encryption can be used to hide the parameters that are passed on the URL, it's a more esoteric feature, and it's not required in most use cases.