nginx 反向代理背后的 Plex [英] Plex behind nginx reverse proxy
本文介绍了nginx 反向代理背后的 Plex的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要在 nginx 反向代理后面使用 Plex 服务器,我正在使用此配置:
I need to use Plex Server behind nginx reverse proxy and I'm using this configuration:
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve prime256v1:secp384r1;
location /plex {
proxy_pass http://127.0.0.1:32400;
}
但是当我调用该服务时,它会回复 401 代码:
but when I call the service it replies with 401 code:
127.0.0.1 - - [22/Dec/2020:17:53:19 +0000] "GET /plex/web/index.html HTTP/2.0" 401 82 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(两个服务都在 host 网络模式下的自己的 docker 容器上.)
(Both services are on own docker container in host network mode.)
我也试过 this nginx 配置,但结果没有改变.
I've also tried this nginx configuration but the result doesn't change.
如果我改变会产生不同的回复
Different reply is produced if I change
location /plex {
proxy_pass http://127.0.0.1:32400;
}
到
location /plex/ {
proxy_pass http://127.0.0.1:32400/;
}
服务器输出为:
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(如果我使用它的 URL (localhost:32400) 调用 Plex,它工作正常)
(If I call Plex using its URL (localhost:32400) it works fine)
推荐答案
首先
所以,我认为您非常接近获得它.我继续并确认我的设置是否可以使用子路径,它似乎可以使用以下 plex.conf.尝试一下,看看它是否适合您.
First off
So, I think you are really close to getting it. I went ahead and confirmed with my set up if I could use a sub-path and it appears to be working with the following plex.conf. Try it out and see if it works for you.
- 仅使用 TLSv1.2 和 TLSv1.3
- 相应地更改密码
- 如果您不想要,则不需要
error_page部分(但会告诉您 Plex 服务器是否由于某种原因没有运行) - 添加一些安全标头
- 开启 SSL 会话缓存
- SSL Stapling(如果没有自签名证书)
- 如果需要,请使用上游(必需 nginx 上游模块)
- Only use TLSv1.2 and TLSv1.3
- Change ciphers accordingly
- You don't need the
error_pagesection if you don't want (but will tell you if Plex server isn't running for some reason or another) - Add some security headers
- Turn on SSL Session Cache
- SSL Stapling (if don't have a self-signed certificate)
- Use upstream if you want (required nginx upstream module)
- 可以观看直播电视、电影和Plex 上的节目
- 播放电视剧主题曲
- 播放电影预告片、临时演员和专题片
如果您遇到图像无法显示、媒体无法播放或其他以前有效的问题,请注释掉 add_header Content-Security-Policy 行并重新加载 nginx,看看是否有帮助.
If you run into problems with images not displaying, media not playing, or something else that worked before, comment out the add_header Content-Security-Policy line and reload nginx and see if that helps.
upstream plex {
server localhost:32400;
}
server {
listen 443 ssl http2;
server_name plex.domain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
client_max_body_size 500M;
send_timeout 100m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_stapling on;
ssl_stapling_verify on;
# For LetsEncrypt/Certbot, you can get your chain like this: https://esham.io/2016/01/ocsp-stapling
ssl_trusted_certificate /path/to/intermediate/ocsp/cert-r3.pem;
add_header Strict-Transport-Security max-age=15768000;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Frame-Options deny;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy "geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), fullscreen=(self), payment=(self)";
# Pay attention to how many domains we need to allow
add_header Content-Security-Policy "default-src 'none'; base-uri 'self' plex.domain.com; font-src 'self' data: plex.domain.com; media-src 'self' data: blob: plex.domain.com https://*.plex.direct:32400 https://video.internetvideoarchive.net https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' domain.com plex.domain.com; style-src 'self' 'unsafe-inline' plex.domain.com; img-src 'self' data: blob: https: plex.domain.com; worker-src * blob:; frame-src 'self'; connect-src 'self' https: domain.com plex.domain.com wss://*.plex.direct:32400 wss://pubsub.plex.tv; object-src 'self' plex.domain.com; frame-ancestors 'self' domain.com plex.domain.com; form-action 'self' plex.domain.com; manifest-src 'self' plex.domain.com; script-src-elem 'self' 'unsafe-inline' domain.com plex.domain.com www.gstatic.com";
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /path/to/503;
}
# gzip source: https://github.com/toomuchio/plex-nginx-reverseproxy/blob/master/nginx.conf
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# If not using ngx_http_realip_module change '$http_x_forwarded_for,$realip_remote_addr' to $proxy_add_x_forwarded_for
proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for,$realip_remote_addr';
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Disables compression between Plex and Nginx, required if using sub_filter below.
# May also improve loading time by a very marginal amount, as nginx will compress anyway.
#proxy_set_header Accept-Encoding "";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location /plex/ {
proxy_pass http://plex/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
}
这篇关于nginx 反向代理背后的 Plex的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
