{"id":26475471,"url":"https://github.com/opencast/apache-httpd-stream-security-plugin","last_synced_at":"2026-05-18T05:38:50.893Z","repository":{"id":55990733,"uuid":"269194789","full_name":"opencast/apache-httpd-stream-security-plugin","owner":"opencast","description":"Apache HTTPd Stream Security Plugin","archived":false,"fork":false,"pushed_at":"2020-12-02T15:23:04.000Z","size":194,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":5,"default_branch":"develop","last_synced_at":"2024-03-26T16:26:05.148Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"ecl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opencast.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-06-03T21:07:03.000Z","updated_at":"2024-03-26T16:26:05.148Z","dependencies_parsed_at":"2022-08-15T11:00:23.349Z","dependency_job_id":null,"html_url":"https://github.com/opencast/apache-httpd-stream-security-plugin","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencast%2Fapache-httpd-stream-security-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencast%2Fapache-httpd-stream-security-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencast%2Fapache-httpd-stream-security-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencast%2Fapache-httpd-stream-security-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opencast","download_url":"https://codeload.github.com/opencast/apache-httpd-stream-security-plugin/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244520142,"owners_count":20465632,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-19T23:17:14.425Z","updated_at":"2025-10-24T11:09:23.723Z","avatar_url":"https://github.com/opencast.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Apache HTTPd Stream Security Plugin\n\nThis plugin brings Opencast Stream Security to the Apache HTTPd server. More information about Opencast Stream Security can be found in the [Opencast Administration Guide](https://docs.opencast.org).\n\nOpencast installations can use Apache HTTPd to distribute files over HTTP or HTTPS, with the verification of signed URLs carried out by a custom component available from Bitbucket: http://bitbucket.org/opencast-community/apache-httpd-stream-security-plugin.\n\n## Install Dependencies\nIn order to build the HTTPd component, some dependencies need to be installed first. The example routine is based on CentOS 6 and will work similarly using alternate platforms and/or package managers.\n\n#### 1. Install Package Dependencies For Your Platform (Example is CentOS 6)\n\n    sudo yum install httpd-devel libtool openssl-devel\n\n#### 2. Install Jansson For Json Support\n\n    cd /tmp\n    wget http://www.digip.org/jansson/releases/jansson-2.10.tar.gz\n    tar -xvf jansson-2.10.tar.gz\n    cd jansson-2.10\n    ./configure\n    make\n    make check\n    sudo make install\n    sudo ln -s /usr/local/lib/libjansson.so.4 /usr/lib/libjansson.so.4\n    sudo ldconfig\n\n## Install Stream Security HTTPd Component\nOnce the dependencies are in place, the HTTPd component can be built with the following commands:\n\n    sudo yum install git\n    cd /tmp\n    git clone http://bitbucket.org/opencast-community/apache-httpd-stream-security-plugin.git\n    cd apache-httpd-stream-security-plugin\n    ./configure\n    make\n    sudo make install\n\n## Configure\n\nIn order to use stream security load the module in the httpd config with\n\n    LoadModule stream_security_module modules/mod_stream_security.so\n\nThe Stream Security component is implemented as an [Apache Handler](https://httpd.apache.org/docs/2.2/handler.html). To activate the component, the handler must be added to the HTTPd configuration:\n\n```xml\n\u003cDirectory \"/var/matterhorn/distribution/downloads\"\u003e\n    ...\n    SetHandler stream-security\n    ...\n\u003c/Directory\u003e\n```\n\nBesides the handler, there are two directives which need to be defined:\n* `StreamSecurityEnabled` - (`On/Off`, default `On`)\n* `StreamSecurityKeysPath` - {path to the keys file}\n\nExample:\n\n```xml\n\u003cVirtualHost *:80\u003e    \n    ...\n    StreamSecurityEnabled On\n    StreamSecurityKeysPath /etc/httpd/conf/stream-security-keys.json\n    ...\n\u003c/VirtualHost\u003e\n```\n\nAdditionally, there are two optional directives which can be defined:\n* `StreamSecurityDebug` - (`On/Off`, default `Off`) - Returns an html document of the result of the request for a resource instead of actually returning the resource / denying the source. Useful for trying to determine why a request for a resource failed.\n* `StreamSecurityStrict` - (`On/Off`, default `On`) - If turned on, the entire URL will be considered when comparing the current request for a resource against the policy, including the scheme (http, https etc.), hostname  and optional port. If turned off, only the path to the resource will be considered. So if the request is for a resource at `http://download.matterhorn.com:8080/the/full/path/video.mp4`, and strict mode is disabled, only the `/the/full/path/video.mp4` will be checked against the policy. This flexibility is useful when using things like load balancers, where the Apache hostname may not match the requested hostname or if a video player is rewriting requests, e.g. by inserting the port number.\n\n#### Keys File\nThe final configuration involves setting the parameters for id and key for each key. The entries here need to have the same values for `id` and `key` as used for the Signing Providers configuration, because the `id` is part of the policy and the `key` is used to sign and verify the request.\n\nAn example configuration file is contained in the component code called stream-security-keys.json and as below:\n\nExample:\n\n```json\n{\n  \"keys\":[\n    {\n      \"id\":\"demoKeyOne\",\n      \"key\":\"6EDB5EDDCF994B7432C371D7C274F\"\n    },\n    {\n      \"id\":\"demoKeyTwo\",\n      \"key\":\"C843C21ECF59F2B38872A1BCAA774\"\n    }\n  ]\n}\n```\n\n## Development\n\n### Bump version of plugin\n\nBumping the version of the plugin is a manual task and involves two steps:\n\n1. Change the version in the file `configure.ac` in the `AC_INIT` section.\n2. Rebuild the `configure` file by running the `autoconf` tool without any further parameters.\n\nChanges in both files, `configure.ac` and `configure` need to be committed to the version control system.\n\n\n### Docker based build environment\n\nThe project comes with a `Dockerfile` which defines a Docker image useful for tasks during development. In order to build the image, execute this task: \n\n    docker build -t stream-security-build-env .\n\n### Build distribution archive\n\nThe distribution archive can be created leveraging the Docker image created in the previous step by executing this command:\n\n    docker run --rm -v $(pwd):/tmp -w /tmp stream-security-build-env ./configure \u0026\u0026 make dist distclean\n\nAs a result, you should find the archive in your working directory.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencast%2Fapache-httpd-stream-security-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopencast%2Fapache-httpd-stream-security-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencast%2Fapache-httpd-stream-security-plugin/lists"}