secure_token
The `secure_token` directive configures the token value for embedding in media manifests or as a cookie for secure content delivery.
Description
The secure_token directive in the Secure Token Module for NGINX is used to generate and manage CDN tokens that allow secure delivery of content streamed from services like Akamai and Amazon CloudFront. When the directive is employed, it establishes the value of the token which is either included in a cookie or as a query string parameter in media streaming protocols such as HLS (m3u8), DASH (mpd), or Smooth Streaming (f4m). This helps protect the content served by ensuring that only users with valid tokens can access it.
The directive's configuration can reference complex parameters that determine when and how tokens are issued based on various conditions, including access control lists (ACL), IP addresses, and time constraints. For instance, tokens can incorporate expiration times to limit access duration. The flexible syntax also allows the use of NGINX variables to generate dynamic tokens tailored to user requests. Such configurations facilitate more intricate access management scenarios, including authentication checks against IP addresses or specific user details.
To use the secure_token directive, administrators must define it in the appropriate context (http, server, or location) of the NGINX configuration file. This creates an infrastructure for delivering secure streaming content while closely monitoring who can access that content through a systematic token generation and validation process.
Config Example
server {
listen 80;
server_name example.com;
location /videos/ {
secure_token "token_value_here";
}
}Ensure that the token value is securely configured to prevent unauthorized access.
Incorrectly set ACLs could inadvertently block legitimate access or allow unauthorized users to bypass token checks.
Overlapping or conflicting secure_token directives in nested contexts may lead to unexpected behavior.