我正在尝试使用nginx安全链接模块http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
我想建立安全链接。
无论我尝试什么,当我尝试使用到期时间时都无法正常工作。
当我仅基于链接建立简单的安全链接而没有到期时间或ip地址时,效果很好。
有人可以建议我做错了吗?
谢谢!
生成密钥的命令:
ubuntu@ip-172-31-34-191:/var/www$ echo -n '2147483647/html/index.html secret' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =
FsRb_uu5NsagF0hA_Z-OQg
失败的命令:
ubuntu@ip-172-31-34-191:/var/www$ curl http://127.0.0.1/html/index.html?md5=FsRb_uu5NsagF0hA_Z-OQgexpires=2147483647
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
这是Nginx conf文件的相关部分:
ubuntu@ip-172-31-34-191:/var/www$ sudo cat /etc/nginx/sites-enabled/theapp_nginx.conf
...SNIP
location /html/ {
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$uri secret";
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 410;
}
try_files $uri $uri/ =404;
}
...SNIP
以下是nginx版本信息:
ubuntu@ip-172-31-34-191:/var/www$ nginx -V
nginx version: nginx/1.14.2
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-x0ix7n/nginx-1.14.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-ndk --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/nchan --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-lua --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/rtmp --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-x0ix7n/nginx-1.14.2/debian/modules/http-subs-filter
ubuntu@ip-172-31-34-191:/var/www$