This container is identical to the RTMP to HLS container except that it encrypts the HLS stream. Each 3 second segment of the stream is encrypted with an AES-128 key which is rotated out every 30 seconds. While this isn't as good as DRM, it is better than nothing.

https://github.com/Zibbp/Nginx-RTMP-HLS-Encrypted

This container expands on information from the base version RTMP to HLS, refer there for baseline documentation.

docker run -d --name=rtmp-hls -p 1935:1935 -p 7080:7080 -v /mnt/static:/www/static -e URL=https://cdn.example.com -e APP_URL=https://radium.example.com zibbp/nginx-rtmp-hls-encrypted:latest

Expose the static directory (the keys are generated in here and can house your own HLS media)

-v /mnt/static:/www/static

URL of the NGINX server (This url is put in the .m3u8 file telling clients where the encryption keys are)

-e URL=https://cdn.example.com

URL of your Radium instance (used for CORS, only this URL will have permission to use the keys)

-e APP_URL=https://radium.example.com

Load the HLS stream in your radium instance and it should play. Once playing, open the dev tools and visit the network tab and copy the url of one of the .ts files and paste it in a new tab to download the file.

Once downloaded try to play it. The player will error out.