With the rapid development of the Internet, the Internet environment is getting worse and worse, whether it is customer data in the financial and banking industry, audio and video and HTML5 interactive courseware in the online education industry, e-books, company documents, and open source website projects such as Wordpress/Moodle/LearnPress, or the live broadcast of Zoom conferences and online live lectures on the Agora require DRM to protect the copyright of digital content. Then, how to effectively protect and prevent piracy of website content has become the most concerned issue.

Currently, the widely used SSL and HTTPS protocols can only protect the website’s secure transmission and collection of user information in this way, but it cannot protect the website’s content piracy. Users can still view the source code, download pictures, videos, and copy text through the Inspect tool that comes with the browser. And because the front-end HTML and Javascript code are visible, users can tamper with the data and submit it, or find website vulnerabilities through JS code. There are hidden dangers in the copyright security of the website content and the security of the website server.

As of the end of 2020, 39.5% of the world's websites built using the free and open source website CMS WordPress have been built. A large number of WordPress sites contain important user data, courseware, live broadcast, audio and video resources, back-end management data and reports and other information. WordPress contains a large number of free and paid plugins that make the website powerful. The important value of WordPress website data, especially as digital content for sale, requires DRM copyright protection to prevent the leakage of website resources. Applying DRM-X 4.0 can protect the Zoom/Agora live plug-in in WordPress.

We can protect website content from piracy in a new way. This method is based on server-side high-performance encryption protection. Let's first introduce Nginx. Nginx is a high-performance and lightweight HTTP and reverse proxy web server. It is characterized by low memory usage and strong concurrency. Haihaisoft has developed Nginx for Xvast for Nginx based on the Linux platform, which provides high-speed real-time encryption protection for websites. The website is still hosted on your server, you only need to install Nginx for Xvast and use it to provide web services or proxy to the website. For example, PHP, ASPX, JavaScript, images, and CSS are all protected by DRM-X 4.0. It can be used to protect real-time video conferences, such as Zoom Web SDK, Agora voice calls/video calls/interactive live broadcasts, etc. It can protect the company's management background, online office software, and prevent the company's important information from leaking. It can also protect online education courseware and prevent the leakage of learning resources.

Note: Current DRM-X 4.0 Dynamic Website Encryption is the beta version. It does not support gzip compressed website, so you need to turn off gzip. This will affect the operation of individual plug-ins, such as Elementor in WordPress.

The following demonstrates how to encrypt and protect Wordpress and Moodle websites to prevent content piracy.

First, as a content provider, you need to register for a DRM-X 4.0 account. Company customers can apply for free use for the first month and provide free technical support for the first month. The following deployment process is suitable for technicians. For company customers, Haihaisoft can also deploy and test for you for free, so you don't need to worry about deployment and installation.

Then you also need to have a Linux cloud server or a dedicated Linux server. I recommend using CentOS, but you can also use Ubuntu or other Linux servers.

Download and install Nginx for Xvast:

Please visit your DRM-X 4.0 account, enter the website encryption page, check " Step 4. Protect Sites", and download Nginx for Xvast. After the download is complete, unzip the downloaded Nginx for Xvast to the /usr/local/nginx/ directory of your server.

Get encryption parameters:

On the Protect sites of the DRM-X 4.0 account, check the fourth step, you can see the encryption parameters provided, and then copy these parameters to the service configuration section of the nginx.conf file of Nginx for Xvast. As shown below:

Configure Nginx for Xvast encryption parameters:

Please select the license Profile on the Protect sites page of the DRM-X 4.0, and find and copy the encryption parameters in the fourth step.

add_header 4.drm-x.com-Param "****Sample_ReplaceWithYourOwnParam****==";
add_header 4.drm-x.com-Header "***Sample_ReplaceWithYourOwnHeader****==";

Then open the nginx.conf configuration file, you can also use the sample file in the zip file for configuration.

In the configuration file, you need to comment out gzip and disable gzip. as follows:

#gzip on; #You must comment out gzip, and disable gzip to support encryption

Under Server section, you need to make sure: chunked_transfer_encoding off;

chunked_transfer_encoding off; #You need to make sure: chunked_transfer_encoding off;

Sample Reverse Proxy for website, such as for Reverse Proxy: https://cn.haihaisoft.com

server {
	listen      443 ssl http2;
	# listen    443 ssl;
	server_name demo12cn.hhsview.com;
	
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
	add_header 4.drm-x.cn-Param "*************************************";
	add_header 4.drm-x.cn-Header "************************************";
	ssl_certificate  /root/.acme.sh/demo1cn.hhsview.com_ecc/fullchain.cer;
	ssl_certificate_key  /root/.acme.sh/demo1cn.hhsview.com_ecc/demo1cn.hhsview.com.key;
	chunked_transfer_encoding off;
	
	location / {
		proxy_pass https://cn.haihaisoft.com/;
		proxy_ssl_server_name on;
		proxy_set_header Accept-Encoding "";
		root   html;
		index  index.html index.htm;
	}
	
	# This is for remind user: if they are not using Xvast, it will redirect to http://www.xvast.com, if you comment it out it will display messy encrypted code.
	# if ($http_user_agent !~ "Xvast") {
		# rewrite ^/(.*) http://www.xvast.com/ permanent;
	# }
}

For the hosted PHP website, the configuration is as follows, and the demo domain name is https://demo11cn.hhsview.com

server {
	listen      443 ssl http2;
	# listen    443 ssl;
	server_name demo11cn.hhsview.com;
	
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
	add_header 4.drm-x.cn-Param "*************************************";
	add_header 4.drm-x.cn-Header "************************************";
	ssl_certificate     /root/.acme.sh/demo11cn.hhsview.com_ecc/demo11cn.hhsview.com.cer;
	ssl_certificate_key /root/.acme.sh/demo11cn.hhsview.com_ecc/demo11cn.hhsview.com.key;
	chunked_transfer_encoding off;
	location / {
		root   html;
		index  index.html index.htm index.php;
	}
	
	location ~ \.php$ {
		root   html;
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		# fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
		fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
		include fastcgi_params;
	}
	
	# if ($http_user_agent !~ "Xvast") {
		# rewrite ^/(.*) https://www.xvast.com/protected_site.html permanent;
	# }
}

Obtain a free SSL certificate in Linux. Of course, you can also apply for an SSL certificate through your server host:

yum install socat nohup
curl https://get.acme.sh | sh
acme.sh --issue --standalone -d demo11cn.hhsview.com --keylength ec-256

Running Nginx For Xvast:

After you configure nginx.conf and save it, if you are root user, you can start Nginx with this command:
./nginx

To stop Nginx, use the following command:
./nginx -s quit

After you change the nginx.conf, you need to restart nginx.

After Nginx runs successfully, you can download and install the Xvast browser, and use the Xvast browser to test the URL of the protected website. When everything is working, congratulations, your website content has been deployed to the Internet very securely. You no longer need to worry about the content of the website, online videos, pictures, documents, Zoom meetings, and Agora live content being ripped and screenshots.

Final reminder: When users visit your encrypted website, they must download and install and use the Xvast browser to visit the encrypted website. If the user uses other browsers to visit the encrypted website, the user will see a lot of garbled characters and prompt the user to use the Xvast browser to visit the protected website at the beginning.