README.md |
nginx-useragent-auth
This document provides you with an idea and a solution for restricting web access to a certain resource or location by specifying a custom useragent.
If you want to access a file on your webserver, but you also don't want it to be publicly accessible, then you maybe found out about http basic auth, but then you noticed that it's not so convenient to use with mpv and this is exactly where this solution comes and saves your day and future.
Attention
The key is not private, it will be sent to the http server and will be written in plaintext to the access log if an access log is being written, take this into account. For best security practice only use this solution with your own http server where you are in control.
This means that your modified user agent will be submitted every time you use mpv to watch a video from a web resource, regardless.
mpv
has a config option that lets you specify a custom useragent: https://github.com/mpv-player/mpv/blob/master/etc/mpv.conf#L99
Specify your personal auth token in your mpv.conf then;
sudo vim /etc/nginx/nginx.conf
map $http_user_agent $auth {
default 0;
"your custom user agent (for example a 128 char string or more or less)" 1;
}
sudo vim your-vhost-config.conf
location /private-location/ {
if ($auth = 0) {
## UNAUTHORIZED
# for example return to a location or 403
#return 302 /dl/;
return 403;
}
## AUTHORIZED
# for example publish your file server or return
#proxy_pass http://backend/;
return 200;
}
If set up properly this will let you just paste the full url of your file and use it with mpv
mpv <url>
no more url modifications for http basic auth