我需要在nginx反向代理后面使用Plex服务器,我使用的配置是:
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve prime256v1:secp384r1;
location /plex {
proxy_pass http://127.0.0.1:32400;
}
但当我呼叫该服务时,它会回复401代码:
127.0.0.1 - - [22/Dec/2020:17:53:19 +0000] "GET /plex/web/index.html HTTP/2.0" 401 82 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(在host网络模式下,这两项服务都在自己的docker容器上。(
我也尝试过这种nginx配置,但结果没有改变。
如果我更改,会产生不同的回复
location /plex {
proxy_pass http://127.0.0.1:32400;
}
至
location /plex/ {
proxy_pass http://127.0.0.1:32400/;
}
服务器输出为:
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(如果我使用Plex的URL(localhost:32400(调用它,它可以正常工作(
首次关闭
所以,我认为你真的很接近它。我继续进行并确认了我的设置是否可以使用子路径,它似乎可以使用下面的plex.conf。试试看它是否适合你。
有几件事值得一提:
- 仅使用TLSv1.2和TLSv1.3
- 相应地更改密码
- 如果您不需要
error_page部分(但会告诉您Plex服务器是否因某种原因未运行( - 添加一些安全标头
- 启用SSL会话缓存
- SSL装订(如果没有自签名证书(
- 如果需要,可以使用上游(需要nginx上游模块(
此配置在Plex上启用了什么
- 可以观看电视直播、电影和;Plex上的节目
- 播放电视节目主题曲
- 播放电影预告片、临时演员和短片
最后
如果遇到图像无法显示、媒体无法播放或其他问题,请注释掉add_header Content-Security-Policy行并重新加载nginx,看看这是否有帮助。
丛.conf
upstream plex {
server localhost:32400;
}
server {
listen 443 ssl http2;
server_name plex.domain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
client_max_body_size 500M;
send_timeout 100m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_stapling on;
ssl_stapling_verify on;
# For LetsEncrypt/Certbot, you can get your chain like this: https://esham.io/2016/01/ocsp-stapling
ssl_trusted_certificate /path/to/intermediate/ocsp/cert-r3.pem;
add_header Strict-Transport-Security max-age=15768000;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Frame-Options deny;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy "geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), fullscreen=(self), payment=(self)";
# Pay attention to how many domains we need to allow
add_header Content-Security-Policy "default-src 'none'; base-uri 'self' plex.domain.com; font-src 'self' data: plex.domain.com; media-src 'self' data: blob: plex.domain.com https://*.plex.direct:32400 https://video.internetvideoarchive.net https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' domain.com plex.domain.com; style-src 'self' 'unsafe-inline' plex.domain.com; img-src 'self' data: blob: https: plex.domain.com; worker-src * blob:; frame-src 'self'; connect-src 'self' https: domain.com plex.domain.com wss://*.plex.direct:32400 wss://pubsub.plex.tv; object-src 'self' plex.domain.com; frame-ancestors 'self' domain.com plex.domain.com; form-action 'self' plex.domain.com; manifest-src 'self' plex.domain.com; script-src-elem 'self' 'unsafe-inline' domain.com plex.domain.com www.gstatic.com";
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /path/to/503;
}
# gzip source: https://github.com/toomuchio/plex-nginx-reverseproxy/blob/master/nginx.conf
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6].";
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# If not using ngx_http_realip_module change '$http_x_forwarded_for,$realip_remote_addr' to $proxy_add_x_forwarded_for
proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for,$realip_remote_addr';
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Disables compression between Plex and Nginx, required if using sub_filter below.
# May also improve loading time by a very marginal amount, as nginx will compress anyway.
#proxy_set_header Accept-Encoding "";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location /plex/ {
proxy_pass http://plex/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
}
查看您的最新输出
[22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
看起来你可以到达/plex/web/index.html。但是当你的网页inturn试图找到/web/js/....时,它使用的基本URL是/而不是/plex。
参考这个答案:如何用nginxproxy_pass 保存请求url
您可以要求nginx保留baseURL。
location /plex/ {
proxy_pass http://127.0.0.1:32400;
proxy_set_header Host $host;
}