用途,确认一个链接比如下载pdf,在一定有效期内有用
可以加个用户的权限验证,随便用个密钥和路径和时间戳,生成url串,如果不是在指定时间内访问,则可以自定义错误编码402,407等任意
1.nginx编译的时候需要./configure --prefix=/usr/local/nginx --with-http_secure_link_module
2.确定nginx要保护的目录,配置在nginx.conf中
3.用php可以生成可用链接,先用fastcgi把php跑起来
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php-cgi -P /var/run/fastcgi-php.pid
随便建立个文件pdf文件
[root@haoning html]# tree . ├── 50x.html ├── index.html ├── index.php ├── p │ └── files │ └── top_secret.pdf └── test.php 2 directories, 5 files [root@haoning html]# pwd /usr/local/nginx/html [root@haoning html]#
php代码
[root@haoning sbin]# cat ../html/test.php <?php $secret = 'segredo'; // To make the hash more difficult to reproduce. $path = '/p/files/top_secret.pdf'; // This is the file to send to the user. $expire = time()+100; // At which point in time the file should expire. time() + x; would be the usual usage. echo $expire; echo "</br>"; echo time(); echo "</br>"; $md5 = base64_encode(md5($secret . $path . $expire, true)); // Using binary hashing. $md5 = strtr($md5, '+/', '-_'); // + and / are considered special characters in URLs, see the wikipedia page linked in references. $md5 = str_replace('=', '', $md5); // When used in query parameters the base64 padding character is considered special. echo $md5; echo "</br>"; echo "http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire"; echo "</br>"; echo "<a href=\"http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire\">http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire</a>" ?>
nginx.conf
[root@haoning conf]# cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location /p/ { secure_link $arg_st,$arg_e; secure_link_md5 segredo$uri$arg_e; if ($secure_link = "") { return 402; } if ($secure_link = "0") { return 405; } } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; set $path_info "/"; set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1; set $path_info $2; } } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param script_name $real_script_name; fastcgi_param path_info $path_info; include /usr/local/nginx/conf/fastcgi_params; } } [root@haoning conf]#
官方链接
http://wiki.nginx.org/HttpSecureLinkModule
后续还要结合
https://github.com/netdna/ngx_secure_token