hls_key_url
The `hls_key_url` directive specifies the URL where the encryption key for HLS streams can be retrieved.
Description
The hls_key_url directive in the NGINX RTMP module allows for the specification of an external URL from which the encryption key for HLS (HTTP Live Streaming) content can be fetched. This is particularly useful when streaming encrypted content, as it separates the key management from the actual media files, enhancing security by allowing the key to be dynamically fetched.
When a client requests a segmented HLS stream, it will also require access to the encryption key specified by the hls_key_url. The server responds with the necessary playlist files (.m3u8) which instructs the client how to manage the streaming segments, including where to retrieve the key from. The key can be securely fetched using HTTPS or any supported HTTP protocol, ensuring that the key transfer is protected during streaming.
It is important to configure this directive accurately to ensure clients do not encounter any issues accessing the key, as a failure to retrieve the key will lead to playback errors. The directive takes a single argument which should be a valid URL pointing to the key file, usually set in the HLS application block of the NGINX configuration.
Config Example
application myapp {
live on;
hls on;
hls_key_url https://example.com/keys/key.bin;
}Ensure the key URL is accessible; unreachable URLs will cause playback failures for clients.
Using unsecured HTTP may expose the key during transmission; prefer HTTPS for security.
The key URL should return the key in the correct format expected by HLS clients.