If you’ve ever wanted to stream MP4s securely over the internet while preventing hotlinking and stealing of your content, hopefully this helps.
1. Install Ubuntu
Download and install Ubuntu from here
2. Install LAMPP settings
Quick and dirty, just install MySQL Server:
sudo apt-get install mysql-server
Then install PHPMyAdmin – make sure to choose Apache2 when it asks for the server
sudo apt-get install phpmyadmin
3. Install H264 Module
By now you should be able to go to your server (http://localhost/phpmyadmin) and login with PHP. This is the very very first key part to get this all working.
We need to install the APache eXtenSion tool, to build and install the module for the Apache server.
sudo apt-get install apache2-threaded-dev
Then download the latest H264 Streaming Module for Apache and untar it.
cd ~ wget http://h264.code-shop.com/download/apache_mod_h264_streaming-2.2.7.tar.gz tar -zxvf apache_mod_h264_streaming-2.2.7.tar.gz
Next we need to make and install it
cd ~/mod_h264_streaming-2.2.7 ./configure --with-apxs=`which apxs2` make sudo make install
Edit the Apache config (i.e.: /etc/apache/httpd.conf) to enable the new module
LoadModule h264_streaming_module /usr/lib/apache2/modules/mod_h264_streaming.so AddHandler h264-streaming.extensions .mp4
Restart apache and the module will be enabled. Now you have the ability to seek and do HTTP Pseudo Streaming. But the next issue is how to keep people from stealing your content. For that we move to the next step.
4. Install Mod-Auth-Token
What is mod_auth_token? mod_auth_token allows you to generate URIs for a determined time window. Exactly the same as mod_securedownload on lighttpd. Basically it makes a link that is only available for a short period of time and then it no longer works. Typically limited to 60 seconds.
Download and make/install the module as so – I’d recommend you copy and paste most of it:
cd ~ wget "http://mod-auth-token.googlecode.com/files/mod_auth_token-1.0.5.tar.gz" tar xvzf mod_auth_token-1.0.5.tar.gz cd mod_auth_token-1.0.5/ sudo rm missing sudo ln -s /usr/share/automake-1.11/missing missing sudo rm config.guess sudo ln -s /usr/share/automake-1.11/config.guess config.guess sudo rm config.sub sudo ln -s /usr/share/automake-1.11/config.sub config.sub sudo rm COPYING sudo ln -s /usr/share/automake-1.11/COPYING COPYING sudo rm install-sh sudo ln -s /usr/share/automake-1.11/install-sh install-sh sudo ./configure sudo make sudo make check sudo make install sudo service apache2 restart
5. Configure Apache
Edit your site specific config in Apache for the site you want to use this on (i.e.: sites-enabled/default.conf). Add the following to the config file.
# Disable direct access to the folder <Directory /var/www/downloads> AllowOverride None allow from all </Directory> ScriptAlias /downloads/ /var/www/downloads/ # Token settings <Location /downloads/> AuthTokenSecret "mysecretstring" AuthTokenPrefix /downloads/ AuthTokenTimeout 60 AuthTokenLimitByIp off </Location>
Restart apache and we are done with that part of the configuration.
6. Usage
So how do you use it? In the root of your site (i.e.: /var/www/default.com/) make a directory “downloads”. This matches the folder we setup above in the apache site config. Now from the root of the site (/var/www/default.com/) you can call any file that is stored in the downloads folder by calling the following PHP script:
<?php // Settings to generate the URI $secret = "mysecretstring"; // Same as AuthTokenSecret $protectedPath = "/downloads/"; // Same as AuthTokenPrefix $hexTime = dechex(time()); // Time in Hexadecimal $fileName = "/mymp4file.mp4"; // The file to access $token = md5($secret . $fileName. $hexTime); // We build the url $url = $protectedPath . $token. "/" . $hexTime . $fileName; ?>
7. Follow Up
You can see this setup working here: http://videos.ajb.bz/scene/watch/cure_lovesong
That’s it! I’ve successfully used it to stream MP4s over the internet and to multiple clients – all while requiring a secure login to access the media. Post in the comments if you have any things that could be done better or if you have any questions.
Discover more from AJB Blog
Subscribe to get the latest posts sent to your email.
Hi
Thanks for the information but I still have no idea on how mod h264 and auth_token can be used together, I mean :
1/ you use php to generate a protected url, php writes this url in the html file which is sent to the browser.
2/ this protected url is used by the video player which makes an http call to it
3/ the server receives this call, check if the token/timestamp/… is ok, If yes it sends the video and kills the token, so you can’t use the same url again.
So if you want to go to the time 0:30 for example, you click in the progress bar of the player… which makes a new http call to the same url as before but with “?start=30” which obviously can’t work because :
– the url is not valid anymore because already used once
– the url may be not valid anymore because of the 60 (or similar) seconds timeout of the token
– (maybe, not verified) the url is not valid because the “?start=30” needs to be used to generate the token
So I really don’t understand how theses 2 mods could be used together without more work.
The first solution I think of is to modify the video player itself so it generates the url (and not php) but it seems a very bad idea (for example how to generate and check a timestamp if the client is not in the same timezone than the server ?), it also puts the key in a very unsecure and easy to “reverse engineere” file (the swf player).
Another solution may be to use the javascript API of the player (jwplayer for example) to intercept every “seeking” click to make an ajax call to a php script, which returns a new and valid url, and tells the player to load this url as a new video. (I will try)
Am I wrong ? Any other idea ?
You’re missing the token timeout. This allows the link to be good for a limited amount of time – it is not request based. Above in the “5. Configure Apache” you see the link timeout is set to 60. That means the link is valid until that time expires.