NGINX VOD Module

Learn how to use the NGINX VOD Module to package your media for Studio DRM.

The NGINX VOD Module is an .mp4 file repackager. The CPIX API exposes an endpoint for requesting encryption keys to integrate with Kaltura's NGINX VOD Module.



Package Content

  1. Request the encryption keys from the CPIX API. The API returns a JSON object containing the encryption keys formatted for the NGINX VOD Module.
curl -L -X GET 'https://cpix.vudrm.tech/v1/keys/<client-name>/nginx/<content-id>'
     -H 'api-key: {api-key}'
[
    {
        "pssh": [
            {
                "data": "<base64 encoded PlayReady PSSH data>",
                "uuid": "9a04f079-9840-4286-ab92-e65be0885f95"
            },
            {
                "data": "<base64 encoded Widevine PSSH data>",
                "uuid": "edef8ba9-79d6-4ace-a3c8-27dcd51d21ed"
            }
        ],
        "key": "<base64 encoded encryption key>",
        "key_id": "<base64 encoded key id>",
        "iv": "<base64 encoded iv>"
    }
]

  1. Use the encryption keys to create an NGINX config file as explained the example below.


NGINX Config File Example

The following NGINX config file integrates the VOD module with Studio DRM. This example is a modified version of an example given in The New York Times nginx-vod-module-docker repo.


The following modifications have been made:

  • Activating just-in-time DRM on all endpoints
vod_drm_enabled on;
vod_drm_request_uri "/<client-name>/nginx/<content-id>";
vod_drm_upstream_location /drm;

  • Adding a proxy pass to include your API key in the request made to the CPIX Key Provider API
location /drm {
    internal;
    proxy_pass "https://cpix.vudrm.tech/v1/keys";
    proxy_set_header API-KEY <api-key>;
}

  • Providing support for HLS with FairPlay
vod_hls_encryption_method sample-aes;
vod_hls_encryption_key_uri "skd://fairplay-license.vudrm.tech/v2/license/<content-id>";
vod_hls_encryption_key_format "com.apple.streamingkeydelivery";
vod_hls_encryption_key_format_versions "1";


File Example

worker_processes  auto;

events {
    use epoll;
}

http {
    log_format  main  '$remote_addr $remote_user [$time_local] "$request" '
        '$status "$http_referer" "$http_user_agent"';

    access_log  /dev/stdout  main;
    error_log   stderr debug;

    default_type  application/octet-stream;
    include       /usr/local/nginx/conf/mime.types;

    sendfile    on;
    tcp_nopush  on;
    tcp_nodelay on;

    vod_mode                           local;
    vod_metadata_cache                 metadata_cache 16m;
    vod_response_cache                 response_cache 512m;
    vod_last_modified_types            *;
    vod_segment_duration               9000;
    vod_align_segments_to_key_frames   on;
    vod_dash_fragment_file_name_prefix "segment";
    vod_hls_segment_file_name_prefix   "segment";

    vod_drm_enabled on;
    vod_drm_request_uri "/vualto-demo/nginx/test-nginx";
    vod_drm_upstream_location /drm;

    vod_manifest_segment_durations_mode accurate;

    open_file_cache          max=1000 inactive=5m;
    open_file_cache_valid    2m;
    open_file_cache_min_uses 1;
    open_file_cache_errors   on;

    aio on;

    server {
        listen 80;
        server_name localhost;
        root /opt/static;

        location ~ ^/videos/.+$ {
            autoindex on;
        }

        location /hls/ {
            vod hls;
            vod_hls_encryption_method sample-aes;
            vod_hls_encryption_key_uri "skd://fairplay-license.vudrm.tech/v2/license/test-nginx";
            vod_hls_encryption_key_format "com.apple.streamingkeydelivery";
            vod_hls_encryption_key_format_versions "1";

            alias /opt/static/videos/;
            add_header Access-Control-Allow-Headers '*';
            add_header Access-Control-Allow-Origin '*';
            add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
        }

        location /thumb/ {
            vod thumb;
            alias /opt/static/videos/;
            add_header Access-Control-Allow-Headers '*';
            add_header Access-Control-Allow-Origin '*';
            add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
        }

        location /dash/ {
            vod dash;
            alias /opt/static/videos/;
            add_header Access-Control-Allow-Headers '*';
            add_header Access-Control-Allow-Origin '*';
            add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
        }

        location /drm {
            internal;
            proxy_pass "https://cpix.vudrm.tech/v1/keys";
            proxy_set_header API-KEY <api-key>;
        } 
    }
}


Next step
Did this page help you?