nginx 反向代理后面的 Plex
[英]Plex behind nginx reverse proxy
问题描述
I need to use Plex Server behind nginx reverse proxy and I'm using this configuration:
我需要在 nginx 反向代理后面使用 Plex 服务器,并且我正在使用以下配置:
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve prime256v1:secp384r1;
location /plex {
proxy_pass http://127.0.0.1:32400;
}
but when I call the service it replies with 401 code:但是当我调用该服务时,它会回复 401 代码:
127.0.0.1 - - [22/Dec/2020:17:53:19 +0000] "GET /plex/web/index.html HTTP/2.0" 401 82 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(Both services are on own docker container in host network mode.) (这两个服务都在自己的 docker 容器中,处于host网络模式。)
I've also tried this nginx configuration but the result doesn't change.我也试过这个nginx 配置,但结果没有改变。
Different reply is produced if I change如果我改变会产生不同的回复
location /plex {
proxy_pass http://127.0.0.1:32400;
}
to至
location /plex/ {
proxy_pass http://127.0.0.1:32400/;
}
and the server output is:服务器 output 是:
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
(If I call Plex using its URL (localhost:32400) it works fine) (如果我使用它的 URL (localhost:32400) 调用 Plex,它工作正常)
2 个解决方案
解决方案1
0 2020-12-22 18:45:54
Looking at your latest output查看您最新的 output
[22/Dec/2020:18:10:45 +0000] "GET /plex/web/index.html HTTP/2.0" 200 11543 "https://localhost/plex/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:45 +0000] "GET /web/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.css HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-4-60164a56fe56242806a1-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
127.0.0.1 - - [22/Dec/2020:18:10:46 +0000] "GET /web/js/chunk-2-0b62ab5d252af885d778-plex-4.47.3-927d87d.js HTTP/2.0" 404 812 "https://localhost/plex/web/index.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" "-"
It seems like you can reach the /plex/web/index.html .看来您可以到达/plex/web/index.html 。 But then when your webpage inturn is trying to find the /web/js/.... the baseURL its using is / instead of /plex .但是,当您的网页反过来试图找到/web/js/....时,它使用的 baseURL 是/而不是/plex 。
Referring to this answer: How to preserve request url with nginx proxy_pass参考这个答案: How to preserve request url with nginx proxy_pass
You can ask nginx to preserve the baseURL.您可以要求 nginx 保留 baseURL。
location /plex/ {
proxy_pass http://127.0.0.1:32400;
proxy_set_header Host $host;
}
解决方案2
0 2021-02-18 17:45:56
First off首先关闭
So, I think you are really close to getting it.所以,我认为你真的很接近得到它。 I went ahead and confirmed with my set up if I could use a sub-path and it appears to be working with the following plex.conf.我继续并确认我的设置是否可以使用子路径,并且它似乎正在使用以下 plex.conf。 Try it out and see if it works for you.试试看它是否适合你。
A couple things worth mentioning:有几点值得一提:
- Only use TLSv1.2 and TLSv1.3仅使用 TLSv1.2 和 TLSv1.3
- Change ciphers accordingly相应地更改密码
- You don't need the
error_pagesection if you don't want (but will tell you if Plex server isn't running for some reason or another)如果您不想要,则不需要error_page部分(但会告诉您 Plex 服务器是否由于某种原因未运行) - Add some security headers添加一些安全标头
- Turn on SSL Session Cache开启 SSL Session 缓存
- SSL Stapling (if don't have a self-signed certificate) SSL 装订(如果没有自签名证书)
- Use upstream if you want (required nginx upstream module )如果需要,请使用上游(需要nginx 上游模块)
What this config enables on Plex这个配置在 Plex 上启用了什么
- Can watch Live TV, Movies & Shows on Plex可以在 Plex 上观看直播电视、电影和节目
- Plays TV Show theme songs播放电视剧主题曲
- Plays Movie trailers, extras, and featurettes播放电影预告片、临时演员和专题片
Finally最后
If you run into problems with images not displaying, media not playing, or something else that worked before, comment out the add_header Content-Security-Policy line and reload nginx and see if that helps.如果您遇到图像未显示、媒体未播放或其他问题,请注释掉add_header Content-Security-Policy行并重新加载 nginx 并查看是否有帮助。
plex.conf plex.conf
upstream plex {
server localhost:32400;
}
server {
listen 443 ssl http2;
server_name plex.domain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.key;
client_max_body_size 500M;
send_timeout 100m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_stapling on;
ssl_stapling_verify on;
# For LetsEncrypt/Certbot, you can get your chain like this: https://esham.io/2016/01/ocsp-stapling
ssl_trusted_certificate /path/to/intermediate/ocsp/cert-r3.pem;
add_header Strict-Transport-Security max-age=15768000;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Frame-Options deny;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy "geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), fullscreen=(self), payment=(self)";
# Pay attention to how many domains we need to allow
add_header Content-Security-Policy "default-src 'none'; base-uri 'self' plex.domain.com; font-src 'self' data: plex.domain.com; media-src 'self' data: blob: plex.domain.com https://*.plex.direct:32400 https://video.internetvideoarchive.net https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' domain.com plex.domain.com; style-src 'self' 'unsafe-inline' plex.domain.com; img-src 'self' data: blob: https: plex.domain.com; worker-src * blob:; frame-src 'self'; connect-src 'self' https: domain.com plex.domain.com wss://*.plex.direct:32400 wss://pubsub.plex.tv; object-src 'self' plex.domain.com; frame-ancestors 'self' domain.com plex.domain.com; form-action 'self' plex.domain.com; manifest-src 'self' plex.domain.com; script-src-elem 'self' 'unsafe-inline' domain.com plex.domain.com www.gstatic.com";
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /path/to/503;
}
# gzip source: https://github.com/toomuchio/plex-nginx-reverseproxy/blob/master/nginx.conf
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# If not using ngx_http_realip_module change '$http_x_forwarded_for,$realip_remote_addr' to $proxy_add_x_forwarded_for
proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for,$realip_remote_addr';
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Disables compression between Plex and Nginx, required if using sub_filter below.
# May also improve loading time by a very marginal amount, as nginx will compress anyway.
#proxy_set_header Accept-Encoding "";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location /plex/ {
proxy_pass http://plex/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
nginx 反向代理后面的 Plex,带有对不同路由的获取请求 - Plex behind nginx reverse proxy with get requests to different route
获取Nginx反向代理以与plex一起使用 - Getting a nginx reverse proxy to work with plex
nganax反向代理背后的grafana - grafana behind a nginx reverse proxy
Nginx反向代理背后的TFS - TFS behind Nginx reverse proxy
Nginx反向代理背后的牧场主 - Rancher behind a Nginx Reverse Proxy
Kong 背后 nginx 反向代理 - Kong behind nginx reverse proxy
nginx反向代理背后的Nginx配置 - Nginx configuration behind nginx reverse proxy
让 GitLab 在 Nginx 反向代理后面运行 - Get GitLab running behind Nginx Reverse Proxy
NGBX反向代理背后的SpringBoot API REST - SpringBoot API REST behind NGINX reverse proxy
"在 Nginx 反向代理后面运行 Mockserver" - Run Mockserver behind Nginx Reverse proxy
相关标签