nginx播放视频（auth_request鉴权）

NaughtyBo

已于 2025-02-15 23:49:03 修改

阅读量581

点赞数 5

分类专栏：视频&流媒体文章标签： nginx

于 2025-02-14 22:34:40 首次发布

本文链接：https://blog.youkuaiyun.com/qq_16992475/article/details/145642833

版权

视频&流媒体专栏收录该内容

18 篇文章

订阅专栏

学习链接

Nginx通过auth_request结合Springboot实现静态文件下载鉴权

nginx搭建直播推流服务&推流拉流鉴权

nginx搭建流媒体服务器（rtmp、flv、hls）

阿里云服务器搭建Nginx+rtmp推流服务器

步骤

1、安装nginx

yum install gcc-c++ -y  #nginx编译依赖 gcc 环境
yum install pcre pcre-devel -y  #nginx的http模块使用pcre来解析正则表达式
yum install zlib zlib-devel -y  #nginx使用zlib对http包的内容进行gzip
openssl version #nginx可能需要支持HTTPS，最好在系统中安装好openssl
yum install openssl openssl-devel -y #若提示未安装，执行命令安装

这里nginx的版本是nginx-1.24.0

./configure  --with-http_ssl_module  --with-stream  --with-stream_ssl_module  --with-http_auth_request_module
make
make install
# 默认安装在/usr/local/nginx

2、配置nginx


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$arg_token'
                      '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        
        # 鉴权服务地址
        location = /auth {
            internal;  # 仅允许内部请求
            proxy_pass http://192.168.134.5:8080/auth;  # 鉴权服务地址
            proxy_pass_request_body off;  # 不传递请求体
            proxy_set_header Content-Length "";  # 清空 Content-Length
            proxy_set_header X-Original-URI $request_uri;  # 传递原始请求路径
            proxy_set_header x-token $token;  # 传递 Token 参数, 这里使用$arg_token拿不到值，所以只能用自定义变量了
            proxy_set_header X-Original-Method $request_method;  # 传递请求方法
        }
        
        # 视频点播路径
        location /videos/ {
        
            # 将请求参数设置给指定变量
            set $token $arg_token;
        
            alias /usr/local/nginx/vod/;

            # 启用鉴权
            auth_request /auth;  # 发送鉴权请求
            auth_request_set $auth_status $upstream_status;  # 保存鉴权结果

            # 如果鉴权失败，返回 401 或 403
            error_page 401 = @error401;
            error_page 403 = @error403;
            
            # 记录鉴权失败的请求，便于排查问题。
            error_log /user/local/nginx/log/auth_error.log;
        }
        
        # 自定义错误页面
        location @error401 {
            return 401 "Unauthorized";
        }

        location @error403 {
            return 403 "Forbidden";
        }

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

3、后端代码

@Slf4j
@RestController
public class VodAuthController {

    @Autowired
    private HttpServletResponse response;

    @Autowired
    private HttpServletRequest request;

    @RequestMapping("/auth")
    public void auth() {
        System.out.println("auth...");

        Enumeration<String> headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = headerNames.nextElement();
            System.out.println(headerName + " - " + request.getHeader(headerName));
        }

        String token= request.getHeader("x-token");

        if ("123".equals(token)) {
            log.info("鉴权通过！！！");
            response.setStatus(200);
        } else {
            log.info("鉴权失败！！！");
            response.setStatus(403);
        }

    }
}

4、dplayer播放mp4视频html代码

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/dplayer/dist/DPlayer.min.css">
    <script src="https://cdn.jsdelivr.net/npm/dplayer/dist/DPlayer.min.js"></script>
</head>
<body>
    <div id="dplayer" style="width: 800px;height: 500px;"></div>
    
</body>
<script>
    const dp = new DPlayer({
        container: document.getElementById('dplayer'),
        video: {
            url: 'http://192.168.134.3/videos/netty03.mp4?token=123'
        },
    });
</script>
</html>

5、测试

在这里插入图片描述
此时后台输出

...
auth...
x-original-uri - /videos/netty03.mp4?token=123
x-token - 123
x-original-method - GET
host - 192.168.134.5:8080
connection - close
pragma - no-cache
cache-control - no-cache
user-agent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
accept-encoding - identity;q=1, *;q=0
accept - */*
referer - http://127.0.0.1:5500/
accept-language - en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
range - bytes=165478400-
 INFO 320 --- [io-8080-exec-10] com.zzhua.demo5.VodAuthController        : 鉴权通过！！！
 ...