Install Apache and PHP to do Secure h264 Pseudo Streaming

From PaskvilWiki
Jump to: navigation, search

Install Apache and PHP to do Secure h264 Pseudo Streaming

In Ubuntu.

If you’ve ever wanted to stream MP4s securely over the internet while preventing hotlinking and stealing of your content, hopefully this helps.

sudo apt-get install mysql-server
sudo apt-get install phpmyadmin

Install H264 Module

sudo apt-get install apache2-threaded-dev

Then download the latest H264 Streaming Module for Apache and untar it.

cd ~
wget http://h264.code-shop.com/download/apache_mod_h264_streaming-2.2.7.tar.gz
tar -zxvf apache_mod_h264_streaming-2.2.7.tar.gz

Next we need to make and install it

cd ~/mod_h264_streaming-2.2.7
./configure --with-apxs=`which apxs2`
make
sudo make install

Edit the Apache config (i.e.: /etc/apache/httpd.conf) to enable the new module

LoadModule h264_streaming_module /usr/lib/apache2/modules/mod_h264_streaming.so
AddHandler h264-streaming.extensions .mp4

Restart apache and the module will be enabled. Now you have the ability to seek and do HTTP Pseudo Streaming. But the next issue is how to keep people from stealing your content. For that we move to the next step.

Install Mod-Auth-Token

What is mod_auth_token? mod_auth_token allows you to generate URIs for a determined time window. Exactly the same as mod_securedownload on lighttpd. Basically it makes a link that is only available for a short period of time and then it no longer works. Typically limited to 60 seconds.

Download and make/install the module as so – I’d recommend you copy and paste most of it:

cd ~
wget "http://mod-auth-token.googlecode.com/files/mod_auth_token-1.0.5.tar.gz"
tar xvzf mod_auth_token-1.0.5.tar.gz
cd mod_auth_token-1.0.5/
sudo rm missing
sudo ln -s /usr/share/automake-1.11/missing missing
sudo rm config.guess
sudo ln -s /usr/share/automake-1.11/config.guess config.guess
sudo rm config.sub
sudo ln -s /usr/share/automake-1.11/config.sub config.sub
sudo rm COPYING
sudo ln -s /usr/share/automake-1.11/COPYING COPYING
sudo rm install-sh
sudo ln -s /usr/share/automake-1.11/install-sh install-sh
sudo ./configure
sudo make
sudo make check
sudo make install
sudo service apache2 restart

Configure Apache

Edit your site specific config in Apache for the site you want to use this on (i.e.: sites-enabled/default.conf). Add the following to the config file.

# Disable direct access to the folder
<Directory /var/www/downloads>
        AllowOverride None
        allow from all
</Directory>
ScriptAlias /downloads/ /var/www/downloads/
# Token settings
<Location /downloads/>
      AuthTokenSecret       "mysecretstring"
      AuthTokenPrefix       /downloads/
      AuthTokenTimeout      60
      AuthTokenLimitByIp    off
</Location>

Restart apache and we are done with that part of the configuration.

Usage

So how do you use it? In the root of your site (i.e.: /var/www/default.com/) make a directory “downloads”. This matches the folder we setup above in the apache site config. Now from the root of the site (/var/www/default.com/) you can call any file that is stored in the downloads folder by calling the following PHP script:

<?php
// Settings to generate the URI
$secret = "mysecretstring";             // Same as AuthTokenSecret
$protectedPath = "/downloads/";        // Same as AuthTokenPrefix
$hexTime = dechex(time());             // Time in Hexadecimal      
$fileName = "/mymp4file.mp4";    // The file to access

$token = md5($secret . $fileName. $hexTime);

// We build the url
$url = $protectedPath . $token. "/" . $hexTime . $fileName;
?>