How to serve part of a file with Nginx?

Question

I'm using X-Accel to serve protected content, using X-Accel-Redirect.

Is it possible to serve only a part of the file? for example, bytes range 0-x, or first 5 minutes of a video (my final goal)

It's important to do that on the server-side, so the client will not have access to the rest of the file.

Currently this is how I send the whole file:

X-Accel-Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/octet-stream
Content-Length: {file_size}
Content-Disposition: attachment; filename="myfile.mp4"
Accept-Ranges: bytes
X-Accel-Buffering: yes
X-Accel-Redirect: /protected/myfile.mp4

Nginx conf:

location /protected {
    internal;
    alias /dir/of/protected/files/;
    if_modified_since off;
    output_buffers 2 1m;
    open_file_cache max=50000 inactive=10m;
    open_file_cache_valid 15m;
    open_file_cache_min_uses 1;
    open_file_cache_errors off;
}

Answer 1

The massive hack would be to use nginx to proxy to itself with a Range header that would limit the request to a range of bytes

something like this (not tested so this probably wont work, but the idea should work):

{ 

    ... snip config ...

    server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /html;
                index index.html;

        location / {

            proxy_pass http://localhost/content;
            add_header Range btyes=0,100000;
        }

        location /content {
           try_files $uri $uri/ =404;
        }
    }
}

Answer 2

I haven't tested Slice and X-Accel together. If each file can have a different limit defined by the backend you might configure Slice in the location and send the limit with the X-Accel-Redirect URL as below:

X-Accel-Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/octet-stream
Content-Length: {file_size}
Content-Disposition: attachment; filename="myfile.mp4"
Accept-Ranges: bytes
X-Accel-Buffering: yes
X-Accel-Redirect: /protected/myfile.mp4?s=0&e=$PHP_VAR

Nginx.conf

location /protected {
    slice; # enable slicing
    slice_start_arg s;
    slice_end_arg e;

    internal;
    alias /dir/of/protected/files/;
    if_modified_since off;
    output_buffers 2 1m;
    open_file_cache max=50000 inactive=10m;
    open_file_cache_valid 15m;
    open_file_cache_min_uses 1;
    open_file_cache_errors off;
}

A global file limit

You would need to redirect the original request including the Slice parameters to truncate the file being served.

Nginx conf:

location /sample {
    slice; # enable slicing
    slice_start_arg s;
    slice_end_arg e;

    internal;
    alias /dir/of/protected/files/;
    if_modified_since off;
    output_buffers 2 1m;
    open_file_cache max=50000 inactive=10m;
    open_file_cache_valid 15m;
    open_file_cache_min_uses 1;
    open_file_cache_errors off;
}

location /protected {
    rewrite ^ /sample&s=0&e=1024; # replace for the desired file limit in bytes
}

If the rewrite directive above doesn't work, I suggest the following option using proxy_pass .

location /protected {
    set $file_limit 1024 # replace for the desired file limit in bytes
    set $delimiter "";
    if ($is_args) {
        set $delimiter "&";
    }
    set $args $args${delimiter}s=0&e=$file_limit;
    proxy_pass $scheme://127.0.0.1/sample; 
}