我需要在 nginx 反向代理后面使用 Plex Server,并且我正在使用此配置:
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve prime256v1:secp384r1;
location /plex {
proxy_pass http://127.0.0.1:32400;
}
但是当我调用该服务时,它回复了 401 代码:
127.0.0.1 - - [22/Dec/2020:17:53:19 +0000] "GET /plex/web/index.html HTTP/2.0" 401 82 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(这两个服务都在
host
网络模式下位于自己的 docker 容器上。)
我也尝试了this nginx 配置,但结果没有改变。
如果我改变,会产生不同的回复
location /plex {
proxy_pass http://127.0.0.1:32400;
}
到
location /plex/ {
proxy_pass http://127.0.0.1:32400/;
}
服务器输出是:
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(如果我使用 Plex 的 URL (localhost:32400) 调用它,它就可以正常工作)
所以,我认为您已经非常接近获得它了。我继续确认我的设置是否可以使用子路径,并且它似乎正在与以下 plex.conf 一起使用。尝试一下,看看它是否适合您。
error_page
部分(但会告诉您 Plex 服务器是否由于某种原因未运行)如果您遇到图像不显示、媒体不播放或其他以前有效的问题,请注释掉
add_header Content-Security-Policy
行并重新加载 nginx,看看是否有帮助。
upstream plex {
server localhost:32400;
}
server {
listen 443 ssl http2;
server_name plex.domain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
client_max_body_size 500M;
send_timeout 100m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_stapling on;
ssl_stapling_verify on;
# For LetsEncrypt/Certbot, you can get your chain like this: https://esham.io/2016/01/ocsp-stapling
ssl_trusted_certificate /path/to/intermediate/ocsp/cert-r3.pem;
add_header Strict-Transport-Security max-age=15768000;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Frame-Options deny;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy "geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), fullscreen=(self), payment=(self)";
# Pay attention to how many domains we need to allow
add_header Content-Security-Policy "default-src 'none'; base-uri 'self' plex.domain.com; font-src 'self' data: plex.domain.com; media-src 'self' data: blob: plex.domain.com https://*.plex.direct:32400 https://video.internetvideoarchive.net https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' domain.com plex.domain.com; style-src 'self' 'unsafe-inline' plex.domain.com; img-src 'self' data: blob: https: plex.domain.com; worker-src * blob:; frame-src 'self'; connect-src 'self' https: domain.com plex.domain.com wss://*.plex.direct:32400 wss://pubsub.plex.tv; object-src 'self' plex.domain.com; frame-ancestors 'self' domain.com plex.domain.com; form-action 'self' plex.domain.com; manifest-src 'self' plex.domain.com; script-src-elem 'self' 'unsafe-inline' domain.com plex.domain.com www.gstatic.com";
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /path/to/503;
}
# gzip source: https://github.com/toomuchio/plex-nginx-reverseproxy/blob/master/nginx.conf
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# If not using ngx_http_realip_module change '$http_x_forwarded_for,$realip_remote_addr' to $proxy_add_x_forwarded_for
proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for,$realip_remote_addr';
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Disables compression between Plex and Nginx, required if using sub_filter below.
# May also improve loading time by a very marginal amount, as nginx will compress anyway.
#proxy_set_header Accept-Encoding "";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location /plex/ {
proxy_pass http://plex/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
}
查看您最新的输出
[22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
看来你可以到达
/plex/web/index.html
。但是当你的网页反过来试图找到 /web/js/....
时,它使用的 baseURL 是 /
而不是 /plex
。
参考这个答案:How to keep request url with nginx proxy_pass
您可以要求 nginx 保留 baseURL。
location /plex/ {
proxy_pass http://127.0.0.1:32400;
proxy_set_header Host $host;
}
我也有同样的问题。我解决如下。
我在容器中使用 Plex 服务器。容器的主机名是
family-media
,端口是 32400
。此 Plex 服务器是在名称为 teamware-fam
的桥接网络上创建的。
我的 nginx 服务器也被创建为另一个桥接网络上的容器,但也连接到
teamware-fam
网络,因此我可以引用 plex 容器及其名称。
对我有用的 Nginx 配置如下,我正在使用这篇文章中的答案。
location /plex/ {
proxy_pass http://family-media:32400/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
if ($http_referer ~ /plex/) {
rewrite ^/web/(.*) /plex/web/$1? redirect;
}
本节只是完成解决方案的参考,因为解决方案是 主要依靠调用容器中的plex服务器。但是,在容器中创建 plex serverver 并不 强制解决Nginx反向代理。你可以参考Plex 服务器通过其 IP 地址。
我使用以下
docker-compose.yml
文件来创建 plex 服务器容器。
services:
plex:
image: plexinc/pms-docker
container_name: famedia-plex
networks:
- teamware-fam
ports:
- 32400:32400/tcp
environment:
- TZ=Africa/Cairo
- VERSION=docker
# You can get the claim from https://www.plex.tv/claim/
#- PLEX_CLAIM=claim-<Insert the Claim here>
hostname: family-media
volumes:
- ./config/:/config
- ${MEDIA_STORAGE}:/media
restart: always
networks:
teamware-fam:
name: teamware-fam
并且
MEDIA_STORAGE
设置在 .env 文件中,其本地路径如下:
MEDIA_STORAGE="<Local Path To >/media/"