darkworks · January 12, 2022 05:55
diff --git a/secure_link.php b/secure_link.php
 <?php

 /**
 * @param $baseUrl - non protected part of the URL including hostname, e.g. http://example.com
 * @param $path - protected path to the file, e.g. /downloads/myfile.zip
 * @param $secret - the shared secret with the nginx server. Keep this info secure!!!
 * @param $ttl - the number of seconds until this link expires
 * @param $userIp - ip of the user allowed to download
 * @return string
 */
 function buildSecureLink($baseUrl, $path, $secret, $ttl, $userIp)
 {
    $expires = time() + $ttl;
    $md5 = md5("$expires$path$userIp $secret", true);
    $md5 = base64_encode($md5);
    $md5 = strtr($md5, '+/', '-_');
    $md5 = str_replace('=', '', $md5);

    return $baseUrl . $path . '?md5=' . $md5 . '&expires=' . $expires;
 }

 // example usage
 $secret = 'the_secret_key_configured_in_nginx';
 $baseUrl = 'http://example.com';
 $path = '/path/to/file.zip';
 $ttl = 120; //no of seconds this link is active
 $userIp = '195.99.99.99'; // normally you would read this from something like $_SERVER['REMOTE_ADDR'];

 echo buildSecureLink($baseUrl, $path, $secret, $ttl, $userIp);


  # Nginx config

 	location /securetest {
 		   alias html/mhmsecure/securetest;
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri$remote_addr live21.ir";

            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
        
 		}




 # Nginx full template nginx.conf




 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/

 user nginx;
 worker_processes auto;
 error_log /var/log/nginx/error.log;
 pid /run/nginx.pid;

 # Load dynamic modules. See /usr/share/nginx/README.dynamic.
 include /usr/share/nginx/modules/*.conf;

 events {
    worker_connections 3072;
 }

 http {
    include       mime.types;
    default_type  application/octet-stream;


    limit_conn_zone $binary_remote_addr zone=secure:10m;


    sendfile        on;

    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        server_name  localhost;


        location / {
           # ModSecurityEnabled on;
 	       # ModSecurityConfig modsecurity.conf;
            root   /var/www/example.com/public_html/;   
            index  index.html index.htm;
        }

        location /files_folder {
 	    limit_rate 1000k;   # speed
 	    limit_conn secure 1;

            root /var/www/example.com/public_html;
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri darkworks";
            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
        }

    }
 include /etc/nginx/sites-enabled/*.conf;
 server_names_hash_bucket_size 64;
 }
	<?php

	/**
	* @param $baseUrl - non protected part of the URL including hostname, e.g. http://example.com
	* @param $path - protected path to the file, e.g. /downloads/myfile.zip
	* @param $secret - the shared secret with the nginx server. Keep this info secure!!!
	* @param $ttl - the number of seconds until this link expires
	* @param $userIp - ip of the user allowed to download
	* @return string
	*/
	function buildSecureLink($baseUrl, $path, $secret, $ttl, $userIp)
	{
	$expires = time() + $ttl;
	$md5 = md5("$expires$path$userIp $secret", true);
	$md5 = base64_encode($md5);
	$md5 = strtr($md5, '+/', '-_');
	$md5 = str_replace('=', '', $md5);

	return $baseUrl . $path . '?md5=' . $md5 . '&expires=' . $expires;
	}

	// example usage
	$secret = 'the_secret_key_configured_in_nginx';
	$baseUrl = 'http://example.com';
	$path = '/path/to/file.zip';
	$ttl = 120; //no of seconds this link is active
	$userIp = '195.99.99.99'; // normally you would read this from something like $_SERVER['REMOTE_ADDR'];

	echo buildSecureLink($baseUrl, $path, $secret, $ttl, $userIp);


	# Nginx config

	location /securetest {
	alias html/mhmsecure/securetest;
	secure_link $arg_md5,$arg_expires;
	secure_link_md5 "$secure_link_expires$uri$remote_addr live21.ir";

	if ($secure_link = "") { return 403; }
	if ($secure_link = "0") { return 410; }

	}




	# Nginx full template nginx.conf




	# For more information on configuration, see:
	# * Official English Documentation: http://nginx.org/en/docs/
	# * Official Russian Documentation: http://nginx.org/ru/docs/

	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log;
	pid /run/nginx.pid;

	# Load dynamic modules. See /usr/share/nginx/README.dynamic.
	include /usr/share/nginx/modules/*.conf;

	events {
	worker_connections 3072;
	}

	http {
	include mime.types;
	default_type application/octet-stream;


	limit_conn_zone $binary_remote_addr zone=secure:10m;


	sendfile on;

	keepalive_timeout 65;

	gzip on;

	server {
	listen 80;
	server_name localhost;


	location / {
	# ModSecurityEnabled on;
	# ModSecurityConfig modsecurity.conf;
	root /var/www/example.com/public_html/;
	index index.html index.htm;
	}

	location /files_folder {
	limit_rate 1000k; # speed
	limit_conn secure 1;

	root /var/www/example.com/public_html;
	secure_link $arg_md5,$arg_expires;
	secure_link_md5 "$secure_link_expires$uri darkworks";
	if ($secure_link = "") { return 403; }
	if ($secure_link = "0") { return 410; }
	}

	}
	include /etc/nginx/sites-enabled/*.conf;
	server_names_hash_bucket_size 64;
	}