secure_link_secret
The `secure_link_secret` directive defines a shared secret used for validating secure links in NGINX.
Description
The secure_link_secret directive is used in NGINX Configuration to specify a secret key that is used for generating and validating secure links. This is particularly useful for protecting sensitive resources by ensuring that links can only be accessed by clients that possess the correct signature, thus limiting the exposure of the target files to unauthorized users.
When a secure link is created, it consists of the original file name and an expiration timestamp, which is cryptographically hashed with the secure_link_secret. This makes it tamper-proof as any alteration of the link will cause the validation to fail. When a user attempts to access a secure link, NGINX verifies this signature against the secure_link_secret, allowing access only if the hash is valid and not expired.
The directive accepts a single argument that specifies the shared secret string. This should be configured in the http, server, or location contexts, and using this directive enables functionalities related to secure links, which may also involve using the secure_link directive to manage the actual link generation and validation process. Proper care must be taken to keep the shared secret confidential to prevent unauthorized access to resources.
Config Example
http {
secure_link_secret "1mVm0gfR1cuNzU3nXqRxVhbSe3";
}
server {
location /protected {
secure_link $arg_hash,$arg_time;
if ($secure_link = "0") {
return 403;
}
# Serve the protected content...
}
}Ensure the shared secret is kept confidential and not exposed to the public or logged in any way.
Changing the secret after links have been issued will render those links invalid, requiring the regeneration of links with the new secret.
Testing secure links during development may require intricate configuration to ensure that the secret is correctly set. Any mismatch will block access.