[img]http://dl.iteye.com/upload/attachment/0076/2678/292cb570-0e9e-37a8-8c2e-4ada692f18cb.png[/img]
用途,确认一个链接比如下载pdf,在一定有效期内有用
可以加个用户的权限验证,随便用个密钥和路径和时间戳,生成url串,如果不是在指定时间内访问,则可以自定义错误编码402,407等任意
1.nginx编译的时候需要./configure --prefix=/usr/local/nginx --with-http_secure_link_module
2.确定nginx要保护的目录,配置在nginx.conf中
3.用php可以生成可用链接,先用fastcgi把php跑起来
随便建立个文件pdf文件
[code="java"]
# tree
.
├── 50x.html
├── index.html
├── index.php
├── p
│ └── files
│ └── top_secret.pdf
└── test.php
2 directories, 5 files
# pwd
/usr/local/nginx/html
#
[/code]
php代码
[code="java"]
# cat ../html/test.php
<?php
$secret = 'segredo'; // To make the hash more difficult to reproduce.
$path = '/p/files/top_secret.pdf'; // This is the file to send to the user.
$expire = time()+100; // At which point in time the file should expire. time() + x; would be the usual usage.
echo $expire;
echo "</br>";
echo time();
echo "</br>";
$md5 = base64_encode(md5($secret . $path . $expire, true)); // Using binary hashing.
$md5 = strtr($md5, '+/', '-_'); // + and / are considered special characters in URLs, see the wikipedia page linked in references.
$md5 = str_replace('=', '', $md5); // When used in query parameters the base64 padding character is considered special.
echo $md5;
echo "</br>";
echo "http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire";
echo "</br>";
echo "<a href=\"http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire\">http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire</a>"
?>
[/code]
nginx.conf
[code="java"]
# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /p/ {
secure_link $arg_st,$arg_e;
secure_link_md5 segredo$uri$arg_e;
if ($secure_link = "") {
return 402;
}
if ($secure_link = "0") {
return 405;
}
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
set $path_info "/";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1;
set $path_info $2;
}
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param script_name $real_script_name;
fastcgi_param path_info $path_info;
include /usr/local/nginx/conf/fastcgi_params;
}
}
#
[/code]
官方链接
http://wiki.nginx.org/HttpSecureLinkModule
后续还要结合
https://github.com/netdna/ngx_secure_token
用途,确认一个链接比如下载pdf,在一定有效期内有用
可以加个用户的权限验证,随便用个密钥和路径和时间戳,生成url串,如果不是在指定时间内访问,则可以自定义错误编码402,407等任意
1.nginx编译的时候需要./configure --prefix=/usr/local/nginx --with-http_secure_link_module
2.确定nginx要保护的目录,配置在nginx.conf中
3.用php可以生成可用链接,先用fastcgi把php跑起来
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php-cgi -P /var/run/fastcgi-php.pid
随便建立个文件pdf文件
[code="java"]
# tree
.
├── 50x.html
├── index.html
├── index.php
├── p
│ └── files
│ └── top_secret.pdf
└── test.php
2 directories, 5 files
# pwd
/usr/local/nginx/html
#
[/code]
php代码
[code="java"]
# cat ../html/test.php
<?php
$secret = 'segredo'; // To make the hash more difficult to reproduce.
$path = '/p/files/top_secret.pdf'; // This is the file to send to the user.
$expire = time()+100; // At which point in time the file should expire. time() + x; would be the usual usage.
echo $expire;
echo "</br>";
echo time();
echo "</br>";
$md5 = base64_encode(md5($secret . $path . $expire, true)); // Using binary hashing.
$md5 = strtr($md5, '+/', '-_'); // + and / are considered special characters in URLs, see the wikipedia page linked in references.
$md5 = str_replace('=', '', $md5); // When used in query parameters the base64 padding character is considered special.
echo $md5;
echo "</br>";
echo "http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire";
echo "</br>";
echo "<a href=\"http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire\">http://210.56.194.39/p/files/top_secret.pdf?st=$md5&e=$expire</a>"
?>
[/code]
nginx.conf
[code="java"]
# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /p/ {
secure_link $arg_st,$arg_e;
secure_link_md5 segredo$uri$arg_e;
if ($secure_link = "") {
return 402;
}
if ($secure_link = "0") {
return 405;
}
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
set $path_info "/";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1;
set $path_info $2;
}
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param script_name $real_script_name;
fastcgi_param path_info $path_info;
include /usr/local/nginx/conf/fastcgi_params;
}
}
#
[/code]
官方链接
http://wiki.nginx.org/HttpSecureLinkModule
后续还要结合
https://github.com/netdna/ngx_secure_token
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
