nginx 反向代理背后的 Plex

首先

所以，我认为您已经非常接近获得它了。我继续确认我的设置是否可以使用子路径，并且它似乎正在与以下 plex.conf 一起使用。尝试一下，看看它是否适合您。

有几件事值得一提：

• 仅使用 TLSv1.2 和 TLSv1.3
• 相应地更改密码
• 如果您不需要，则不需要

  error_page

  部分（但会告诉您 Plex 服务器是否由于某种原因未运行）
• 添加一些安全标头
• 打开 SSL 会话缓存
• SSL 装订（如果没有自签名证书）
• 如果需要，可以使用上游（需要nginx上游模块）

此配置在 Plex 上启用什么

• 可以在 Plex 上观看直播电视、电影和节目
• 播放电视节目主题曲
• 播放电影预告片、花絮和专题片

终于

如果您遇到图像不显示、媒体不播放或其他以前有效的问题，请注释掉

add_header Content-Security-Policy

行并重新加载 nginx，看看是否有帮助。

plex.conf

upstream plex {
    server localhost:32400;
}
server {
    listen 443 ssl http2;
    server_name plex.domain.com;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.key;
    client_max_body_size 500M;
    send_timeout 100m;
    
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_stapling on;
    ssl_stapling_verify on;
    # For LetsEncrypt/Certbot, you can get your chain like this: https://esham.io/2016/01/ocsp-stapling
    ssl_trusted_certificate /path/to/intermediate/ocsp/cert-r3.pem;
    
    add_header Strict-Transport-Security max-age=15768000;
    add_header Referrer-Policy strict-origin-when-cross-origin;
    add_header X-Frame-Options deny;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Permissions-Policy "geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), fullscreen=(self), payment=(self)";
    # Pay attention to how many domains we need to allow
    add_header Content-Security-Policy "default-src 'none'; base-uri 'self' plex.domain.com; font-src 'self' data: plex.domain.com; media-src 'self' data: blob: plex.domain.com https://*.plex.direct:32400 https://video.internetvideoarchive.net https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' domain.com plex.domain.com; style-src 'self' 'unsafe-inline' plex.domain.com; img-src 'self' data: blob: https: plex.domain.com; worker-src * blob:; frame-src 'self'; connect-src 'self' https: domain.com plex.domain.com wss://*.plex.direct:32400 wss://pubsub.plex.tv; object-src 'self' plex.domain.com; frame-ancestors 'self' domain.com plex.domain.com; form-action 'self' plex.domain.com; manifest-src 'self' plex.domain.com; script-src-elem 'self' 'unsafe-inline' domain.com plex.domain.com www.gstatic.com";

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        root /path/to/503;
    }
    
    # gzip source: https://github.com/toomuchio/plex-nginx-reverseproxy/blob/master/nginx.conf
    gzip on;
    gzip_vary on;
    gzip_min_length 1000;
    gzip_proxied any;
    gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
    gzip_disable "MSIE [1-6]\.";

    # Forward real ip and host to Plex
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    
    # If not using ngx_http_realip_module change '$http_x_forwarded_for,$realip_remote_addr' to $proxy_add_x_forwarded_for
    proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for,$realip_remote_addr';
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
    proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
    proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;

    # Disables compression between Plex and Nginx, required if using sub_filter below.
    # May also improve loading time by a very marginal amount, as nginx will compress anyway.
    #proxy_set_header Accept-Encoding "";

    # Buffering off send to the client as soon as the data is received from Plex.
    proxy_redirect off;
    proxy_buffering off;

    location /plex/ {
        proxy_pass http://plex/;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_ssl_verify off;
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
}

查看您最新的输出

[22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
    127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
    127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
    127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
    127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
    127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
    127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"

看来你可以到达

/plex/web/index.html

。但是当你的网页反过来试图找到

/web/js/....

时，它使用的 baseURL 是

/

而不是

/plex

。

参考这个答案：How to keep request url with nginx proxy_pass

您可以要求 nginx 保留 baseURL。

location /plex/  {
    proxy_pass      http://127.0.0.1:32400;
    proxy_set_header Host $host;
}

我也有同样的问题。我解决如下。

我的配置

我在容器中使用 Plex 服务器。容器的主机名是

family-media

，端口是

32400

。此 Plex 服务器是在名称为

teamware-fam

的桥接网络上创建的。

我的 nginx 服务器也被创建为另一个桥接网络上的容器，但也连接到

teamware-fam

网络，因此我可以引用 plex 容器及其名称。

解决方案

对我有用的 Nginx 配置如下，我正在使用这篇文章中的答案。

    location /plex/ {
        proxy_pass http://family-media:32400/;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host   $server_name;
        proxy_ssl_verify off;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
    if ($http_referer ~ /plex/) {
        rewrite ^/web/(.*) /plex/web/$1? redirect;
    }

Docker compose 文件作为参考。

本节只是完成解决方案的参考，因为解决方案是 主要依靠调用容器中的plex服务器。但是，在容器中创建 plex serverver 并不 强制解决Nginx反向代理。你可以参考Plex 服务器通过其 IP 地址。

我使用以下

docker-compose.yml

文件来创建 plex 服务器容器。

services:
  plex:
    image: plexinc/pms-docker
    container_name: famedia-plex

    networks:
      - teamware-fam

    ports:
      - 32400:32400/tcp
    environment:
      - TZ=Africa/Cairo
      - VERSION=docker
      # You can get the claim from https://www.plex.tv/claim/
      #- PLEX_CLAIM=claim-<Insert the Claim here>
    hostname: family-media
    volumes:
      - ./config/:/config
      - ${MEDIA_STORAGE}:/media
    restart: always

networks:
  teamware-fam:
    name: teamware-fam

并且

MEDIA_STORAGE

设置在 .env 文件中，其本地路径如下：

MEDIA_STORAGE="<Local Path To >/media/"