- Proxy requests to a target URL with headers
- Proxy subrequests in m3u8
- Optional JWT authentication (enabled via config)
- Country blocking, CORS, and optional cache control
Serverside DRM protected .mpd decryption
- Caching with HLS livestreams will break the livestream
- Caching can also break a number of other things, pass
cache=falseas a parameter if a page has dynamic content.
- Caching can also break a number of other things, pass
npm installEdit wrangler.toml to set non-secret variables:
[vars]
BLOCKED_COUNTRY_CODES = "" # Comma-separated country codes to block (e.g., "KP,IR,SY")
CACHE_NAME = "proxy-cache-v1"
CACHE_TTL_SECONDS = "3600"
CACHE_MIME_TYPES = "text/html,audio/mpeg,video/mp4,video/mp2t,application/vnd.apple.mpegurl,text/vtt,audio/aac,image/jpeg,image/png,application/json"
CACHE_EXTS = "html,mp3,mp4,ts,m4s,m3u8,vtt,webvtt,key,aac,jpg,png,json"
CACHE_HEADER = "X-Proxy-Cache"
JWT_AUTH_ENABLED = "false" # Set to "true" to require JWT auth
JWT_ALGORITHM = "HS256" # Change if using a different algorithm (e.g., "RS256")Do not put JWT_SECRET in wrangler.toml! Instead, set it as a secret:
npx wrangler secret put JWT_SECRETYou will be prompted to enter the secret value.
npm startnpm run deploy- To enable JWT authentication, set
JWT_AUTH_ENABLED = "true"in the wrangler.toml and provide a validJWT_SECRET(Do not putJWT_SECRETinwrangler.tomlsee step 3 in setup). - Requests must include an
Authorization: Bearer <token>header when JWT auth is enabled. - Proxy requests must include a
urlquery parameter with the base64-encoded target URL. - Request headers can be set via the
headersparameter as base64-encoded JSON. - Optionally enable caching per-request via the
cacheparameter.