Shulou(Shulou.com)06/02 Report--

This article mainly introduces Nginx how to build file anti-theft chain server, the article is very detailed, has a certain reference value, interested friends must read it!

Nginx itself provides secure_link to complete the hotlink protection function, which can add a timestamp and check code to the server file link, so as to protect the server file from arbitrary download and misuse.

Time sequence diagram

Nginx configuration

How to install Nginx will not be discussed here, just remember to turn on ngx_http_secure_link_module during installation.

. / configure-- with-http_secure_link_module # added when compiling nginx

Installation completion Test:

Nginx-V

If the following indicates that the configuration is successful:

Configure arguments:-with-http_secure_link_module-prefix=/usr/local/nginx-with-http_stub_status_module

Instance configuration

Server {listen 80; server_name download.52itstyle.com; charset utf-8; location / {# two parameters are configured here, one is md5, the other is expires secure_link $arg_md5,$arg_expires; # md5, the hash format is secret+url+expires,expires, the timestamp unit is sjingurl, and the request address secure_link_md5 52itstyle$uri$arg_e # here our md5 is the hash we calculated according to secure_link_md5. Secure_link will compare whether the hash calculated by it is consistent with our md5 parameter if ($secure_link = "") {# resource does not exist or hash pair failed return 402;} if ($secure_link = "0") {# invalidation timeout return 405 } # rename the file name add_header Content-Disposition "attachment;filename=$arg_f"; alias / data/site/down.52itstyle.com/;} error_page 500502 503 504 / 50x.htl; error_page 402405 / 40x.htl; location = / 50x.html {root html;} location = / 40x.html {root html;}}

Detailed explanation of parameters

Secure_link

Syntax: secure_link expression

Default value: none

Configuration segment: http, server, location

Expression consists of a check value and an expiration time, where the check value is compared with the MD5 hash value of the specified parameter in secure_link_md5.

If the two values are inconsistent, the value of the $secure_link variable is empty; if the two values are the same, the expiration check is performed; if it expires, the value of the $secure_link variable is 0; if it does not expire, it is 1.

If the link is timed, the expiration time is set with a timestamp, declared after the MD5 hash value, separated by a comma. If the expiration time is not set, the link is permanent.

Secure_link_md5

Syntax: secure_link_md5 expression

Default value: none

Configuration segment: http, server, location

Expression specifies the parameter that calculates the md5 hash value, which will be checked against the MD5 value passed in url. Expression generally contains uri (for example, demo.com/s/link uri is / s/link) and encryption key secret. If the link is aged, expression needs to contain $secure_link_expires,expression and can also add client information, such as accessing IP, browser version information, etc.

Java backend configuration

Case, for reference only:

Import org.apache.commons.codec.binary.Base64;import org.apache.commons.codec.digest.DigestUtils;/** * generate encrypted connection * / public class SecureLink {private static String site = "https://down.52itstyle.com/"; private static String secret =" 52itstyle "; public static String createLink (String path,String fileName) {String time = String.valueOf ((System.currentTimeMillis () / 1000) + 300) / / 5-minute valid String md5= Base64.encodeBase64URLSafeString (DigestUtils.md5 (secret + path + time)); String url = site + path + "? md5=" + md5 + "& expires=" + time + "& f =" + fileName; return url } public static void main (String [] args) {/ / https://down.52itstyle.com/2018101025689452.pdf?md5=FnDYyFzCooI9q8sh2Ffkxg&expires=1539847995&f= distributed second kill architecture .pdf System.out.println (createLink ("2018101025689452.pdf", "distributed second kill architecture .pdf"));}} above is all the content of the article "how to build file anti-theft chain server in Nginx". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.