cubicdaiya edited this page May 31, 2013 · 2 revisions

ngx_access_token

ngx_access_token is a porting of mod_access_token for nginx. It provides token-based secure downloading mechanism.

Install

Install ngx_access_token

ngx_access_token requires openssl for generating a signature.

cd {$nginx_src_dir}
./configure --with-openssl=${openssl_src_dir} --add-module=${ngx_access_token_src_dir}
make
sudo make install

Quick Start

Add following configuration to some context(http,server,location) in nginx.conf and start Nginx.

access_token_access_key public_key;
access_token_secret     secret_key;
access_token_check      on;

For controlling access control with ngx_access_token, the url requires following parameters.

$ curl -l "http://example.com/index.html?AccessKey=public_key&Expires=${expire}&Signature=${signature}"

A signature is calculated with 'access_token_access_key' and 'access_token_secret_key' and 'Expires'. When a signauture is invalid, ngx_access_token returns 403.

Directives

access_token_access_key

Syntax access_token_access_key $access_key
Default
Context http,server,location

This directive sets a public key for ngx_access_token.

access_token_secret

Syntax access_token_secret $secret_key
Default
Context http,server,location

This directive sets a secret key for ngx_access_token.

access_token_check

Syntax access_token_check on OR off
Default off
Context http,server,location

This directive sets whether ngx_access_token is enabled.

Signature Calculation

There is a signature calculation program with python in util. The file name is sigen.py.

$ python sigen.py -p public_key -s secret_key -m GET -u "/index.html" -t 12389576301 
stENM2xj47V//1jbbH/fnkWjhHo=
$ python sigen.py -s secret_key -r "GET/index.html12389576301public_key"
stENM2xj47V//1jbbH/fnkWjhHo=
$

A signature by ngx_access_token is calculated with the following expression.('+' is a string joining)

$text      = ${HTTP_METHOD} + ${URI} + ${EXPIRES} + ${PUBLIC_KEY}
$signagure = base64(hmac_sha1($text, ${SECRET_KEY})
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.