i'm setting up a web server that contains live video streaming embed into the html5 video tag. My workflow is to grab the rtsp video from an ip camera, decode it to a HLS format using ffmpeg and send the video to my server.
Nginx allows access to the video through a url, which I put in my video tag as a source.
Everything works perfectly, the only problem is that anyone can access the URL of the video and put that URL on their website without my permission.
Is there any way to only allow my domain to access, and block for example www.domain2.com to put it into their video tag or other framework thath they use? i'm think Nginx can do the job maybe.
Here are the codes of Nginx and my html in case is needed.
HTML:
<video id="player" class="video-js vjs-default-skin vjs-big-play-centered vjs-fluid" controls preload="none">
<source src="//mydomain.com/live/stream.m3u8" type="application/x-mpegURL" />
Nginx:
location /live {
types {
application/vnd.apple.mpegurl m3u8;
}
limit_conn addr 5;
alias /home/stream;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
}
Many thanks guys!
If you have a fixed IP you could use the allow and deny command in nginx block, you could check how to use it here http://etapien.com/guides/nginx-allow-access-certain-ips/
location /live {
types {
application/vnd.apple.mpegurl m3u8;
}
# .. some config
allow 192.168.1.0/24; #your company subaddress
allow 10.1.1.0/16; #your company IP
deny all;
}
Related
I am learning MPEG-DASH for a week. For testing purpose , I used :
https://github.com/kaltura/nginx-vod-module -> MPEG-DASH server to stream MP4 video.
I have not found that , How to configure MP4 file path inside nginx.conf.
Can some one suggest me on it?
Thanks in Advance.
You can refer this:
https://www.instructables.com/Making-Your-Own-Simple-DASH-MPEG-Server-Windows-10/
https://www.bbsmax.com/A/RnJWw1koJq/
using ffmpeg convert files to different resolution ones
using MP4Dash to dash mp4 files
push mp4 dash files to nginx server
the nginx config maybe like below:
server {
listen ;
server_name www.testvideo.com;
location / {
add_header Access-Control-Allow-Methods “GET,HEAD;
add_header Accept-Ranges "bytes";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Expose-Headers “Content-Lengrh,Content-Range,Date,Server,Transfer-Encoding,origin,range,x-goog-meta-foo1”;
root E:/video/fragment/output;
}
}
config node js
BR,
I am using Nginx Server. I have some images and video in /video directory. I am using these video and images into my site, but I want to show an 403 error, if someone try to access them directly like this examples shows:
http://xysz.com/video/abc.png
I know it's possible in Apache by changing the .htaccess config, but not sure how to do the same in Nginx. How can I achieve this with Nginx?
You can use this,
server {
listen 80;
server_name xysz.com;
root /var/www/xysz.com/html ;
location /assets/ {
valid_referers xysz.com/ xysz.com/video/index.html;
if $invalid_referer {
deny all;
}
}
I have hls working on nginx plus, as per this gist: https://gist.github.com/45sound/0ed2d8f971314facf72c
I assumed I could add a new location like this:
location /dash{
dash;
root /var/www
}
but I get nginx: [emerg] unknown directive "dash" in /etc/nginx/conf.d/default.conf:21 when I restart server.
Ideally I want to serve hls and dash content from same server.
Best,
Vinny
FanFootage.com
Edit: http://nginx-rtmp.blogspot.ie/2013/11/mpeg-dash-live-streaming-in-nginx-rtmp.html is the example i followed, and both "dash" and "dash on" gives the same error.
Nginx Plus supports Apple HLS and Adobe HDS for video-on-demand (VOD) only. There is no mention of a DASH module.
You can always DASH yourself the files for VOD (eg: with the GPAC MP4Box) and just serve the segments and manifests from any location block directly without a module.
The Nginx RTMP module offers support for MPEG-DASH live streaming. It also works with the basic version:
rtmp {
server {
[...]
application dash {
live on;
dash on;
dash_path /tmp/dash;
}
}
}
http {
server {
listen 8080;
[...]
location /dash {
root /tmp;
add_header Cache-Control no-cache;
}
}
}
The NGINX RTMP Module (supports DASH) is available with NGINX Plus. It can be found in the NGINX Plus Extras Package.
I've been searching for a while now but didn't manage to find anything that fits my needs. I don't need hotlinking protection, as much as I'd like to prevent people from directly accessing my files. Let's say:
My website.com requests website.com/assets/custom.js, that'd work,but I'd like visitors which directly visit this file to get a 403 status code or something. I really have no idea if it's possible, and I don't have any logical steps in mind..
Regards !
You can use nginx referer module: http://nginx.org/en/docs/http/ngx_http_referer_module.html.
Something like this:
server {
listen 80;
server_name website.com;
root /var/www/website.com/html ;
location /assets/ {
valid_referers website.com/ website.com/index.html website.com/some_other_good_page.html ;
if ($invalid_referer) {
deny all;
}
}
}
This config guard assets directory. But remember, that not guaranteed and worked only for browser - any body can emulate valid request with curl or telnet. For true safety you need use dynamic generated pages with dynamic generated links.
You do not need to create the variable $invalid_referer as this is set by the nginx module.
If you nginx powered development instances are showing up in Google search results, there is a quick and easy way to prevent search engines from crawling your site. Add the following line to the location block of your virtualhost configuration file for the block that you want to prevent crawling.
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
You can simply deny access to any folder or file just by putting these lines with your folders' name
location ~ /(no_access_folder|folder_2)
{
deny all;
return 403;
}
I have a DV server with MediaTemple and recently had their support enable ngnix webserver. I have been integrating their ProCDN with Super Cache on the WordPress sites on the DV.
I noticed on this domain convoyofhope.eu that the CDN is working properly, but if you view the site on Firefox the fontface isn´t working because of the cross-domain issue. I found this site that seems to solve the problem http://www.red-team-design.com/firefox-doesnt-allow-cross-domain-fonts-by-default
My question is, in the site it says:
Also, if you are using nginx as your webserver you will need to include the code below in your virtual host file:
location ~* \.(eot|otf|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
I am just not sure where I put this on my server. I checked the vhost for convoyofhope.eu but I didn´t see where I would add that to make this work. Thanks for any feedback.
It would generally go in the nginx configuration file that has the server block for that host:
server {
listen 80;
server_name convoyofhope.eu;
...
location ~* \.(eot|otf|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
...
}
On RHEL related distributions, this would be on the file system somewhere under /etc/nginx/. Your particular distribution may vary.
On MediaTemple, in your Plesk control panel, go to Websites & Domains (tab) -> Web Server Settings then scroll down to "Additional nginx directives". Place your location… directive in the text box there.