Allow access from one domain with NGINX

Question

I'm looking for a solution to prevent hot-linking with NGINX for JWPlayer. Say I have a NGINX server configured as a reverse proxy at http://mydomain1.com , I'll get the url http://mydomain1.com/file.mp4 to put on my website hosted on another VPS at http://mydomain2.com . How do I restrict the file so it can be played on http://mydomain2.com only and nowhere else?

I tried allow & deny directives but then I realized this is a HTML5 streaming so the directives will block the stream to users.

Answer 1

On nginx of mydomain1.com. Make sure you have one additional block which listens to default host and deny all traffic. Then in the existing listen block we add a rule to allow only www.mydomain2.com

map $http_referer $not_allowed {
   default 0;
   "~www.mydomain2.com" 1;
}

server {
    listen 80 default_server;

    server_name _;

    deny all;
}

server {
   listen 80;
   server_name www.mydomain1.com

   location / {
      if ($not_allowed)
         {
            return 404 "Not sure its there";
         }
   }
}

Answer 2

Because the mp4 url will be put in a HTML5 player, this means the remote address (user's machine) will always communicate directly with the reverse proxy. So that's impossible to restrict the access using other methods except nginx secure link module. With this module I'm now able to restrict the access basing on the user's ip, expiration time, url and a secret word.