apache - 使用Apache作为反向代理访问子域下的Plex-6ren

apache - 使用Apache作为反向代理访问子域下的Plex

转载作者：行者123 更新时间：2023-12-02 00:50:34

我有一个运行在 website.com:32400/web 的 Plex 服务器。我希望能够使用 Apache 的反向代理功能在 plex.website.com 访问它。以下是我的 /etc/apache2/sites-available/plex.website.com.conf 文件的(相关部分):

<VirtualHost *:80>
        ServerName plex.website.com

        ProxyRequests off
        ProxyPass / http://website.com:32400/web/
        ProxyPassReverse / http://website.com:32400/web/
        ProxyHTMLURLMap http://website.com:32400/web http://plex.website.com
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
</VirtualHost>

此设置部分有效；也就是说，如果我访问 plex.website.com/index.html，那么我将获得与访问 website.com:32400/web/index 时完全相同的 HTML .html。然而，除此之外，其他一切似乎都是 404(即 CSS 和 JavaScript)。例如，http://website.com:32400/web/img/desktop/ios/icon-iphone.png 加载正常，但 http://plex.website.com/web/img/desktop/ios/icon-iphone.png 产生 404 错误。

虽然我可以直接访问 web 目录中的任何内容，例如加载良好的 plex.website.com/favicon.ico。很明显，这是一个专门针对映射子域的问题。

已启用所有必要的 Apache 模块。

我不太确定我将如何开始尝试解决这个问题。

编辑:我刚刚意识到它是 404'ing 的原因是它仍然包含 URL 的 web 部分，而这是不应该的。在我给出的示例中，http://plex.website.com/web/img/desktop/ios/icon-iphone.png 是它试图访问的位置 - 但这应该是 http://plex.website.com/img/desktop/ios/icon-iphone.png 代替。所以我怀疑是 ProxyHTMLURLMap 的问题。

最佳答案

你们很亲密。我正在为那些正在搜索并偶然发现这篇文章的人发布我的答案。您将需要使用 Apache2 >= 2.4.17 来使用这个和几个启用的 mods(proxy、ssl、proxy_wstunnel、http、dir、defalte、env、headers、proxy_balancer、proxy_http、rewrite 我认为都是它们):

编辑 2019 年 8 月

添加了一些新信息，现在以下配置可以让您观看预告片和听到电视节目主题音乐。

编辑 2021 年 2 月

更新内容安全政策
添加权限策略
移除重写
已添加 <Location>部分
通用文件(javascript、xml 等)的 gzip defalte
更新密码

使用 SSL(2021 年 2 月新)

    DEFINE plex_url 192.168.1.9
    DEFINE plex_port 32400
    DEFINE serv_name plex.domain.com
    ServerTokens Prod
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
### If you have Google's Mod PageSpeed, disable it ###
    <IfModule mod_pagespeed_ap24.c>
        ModPagespeed Off
    </IfModule>
<VirtualHost *:80>
    ServerName ${serv_name}
    Redirect / https://plex.domain.com
    ErrorLog ${APACHE_LOG_DIR}/plex.error.log
    CustomLog ${APACHE_LOG_DIR}/plex.access.log combined
</VirtualHost>
<VirtualHost *:443>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/plex.error.log
    CustomLog ${APACHE_LOG_DIR}/plex.access.log combined
### Let's Encrypt Section ###
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
### Deny http1.0 requests ###
    Protocols h2 http/1.1
### Harden Security ###
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 600
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ServerSignature Off
    SSLCompression Off
    SSLUseStapling On
    SSLStaplingResponderTimeout 20
    SSLStaplingReturnResponderErrors Off
    SSLSessionTickets Off
### Add headers ###
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    Header always set Strict-Transport-Security "max-age=15552000;"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Robots-Tag none
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "same-origin"
    Header always set Permissions-Policy "geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), fullscreen=(self), payment=(self)"
### Content Security Policy for the overly paranoid - may break with Plex server updates (works with server version 1.21.3.4046 and 1.21.3.4021) ###
    Header always set Content-Security-Policy "default-src 'none'; base-uri 'self' ${serv_name}; font-src 'self' data: ${serv_name}; media-src 'self' data: blob: ${serv_name} https://*.plex.direct:32400 https://video.internetvideoarchive.net https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' domain.com ${serv_name}; style-src 'self' 'unsafe-inline' ${serv_name}; img-src 'self' data: blob: https: ${serv_name}; worker-src * blob:; frame-src 'self'; connect-src 'self' https: domain.com ${serv_name} wss://*.plex.direct:32400 wss://pubsub.plex.tv; object-src 'self' ${serv_name}; frame-ancestors 'self' domain.com ${serv_name}; form-action 'self' ${serv_name}; manifest-src 'self' ${serv_name}; script-src-elem 'self' 'unsafe-inline' domain.com ${serv_name} www.gstatic.com"
### Add secure ciphers ###
    SSLCipherSuite TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
### Only enable TLSv1.2 and TLSv1.3 ###
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
### Tell clients to use server defined ciphers and orders ###
    SSLHonorCipherOrder On
### If path is for Let's Encrypt, don't proxy ###
    ProxyPassMatch ^/.well-known !
### Plex Specific Section ###
 ## Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices, disable this section
    <IfModule mod_deflate.c>
        AddOutputFilterByType DEFLATE text/html
        AddOutputFilterByType DEFLATE text/plain
        AddOutputFilterByType DEFLATE text/css
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE application/x-javascript
        AddOutputFilterByType DEFLATE image/svg+xml
        AddOutputFilterByType DEFLATE image/x-icon
        AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
        AddOutputFilterByType DEFLATE application/x-font
        AddOutputFilterByType DEFLATE application/x-font-opentype
        AddOutputFilterByType DEFLATE application/x-font-otf
        AddOutputFilterByType DEFLATE application/x-font-truetype
        AddOutputFilterByType DEFLATE application/x-font-ttf
        AddOutputFilterByType DEFLATE font/opentype
        AddOutputFilterByType DEFLATE font/otf
        AddOutputFilterByType DEFLATE font/ttf
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/xhtml+xml
        AddOutputFilterByType DEFLATE application/xml
        AddOutputFilterByType DEFLATE text/xml
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
        Header append Vary User-Agent
    </IfModule>
 ## Proxy all web traffic here ## 
    <Location />
        ProxyPass http://${plex_url}:${plex_port}/
        ProxyPassReverse http://${plex_url}:${plex_port}/
    </Location>
 ## Proxy all websocket requests here ## 
    <Location /:/>
        ProxyPass wss://${plex_url}:${plex_port}/:/
        ProxyPassReverse wss://${plex_url}:${plex_port}/:/
    </Location>
### Don't know if we still need this ###
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    #RewriteEngine on
    #RewriteCond %{REQUEST_URI} !^/web
    #RewriteCond %{HTTP:X-Plex-Device} ^$
    #RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    #RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
    #RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
    #RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>

使用 SSL(旧的 2019 年 8 月)

    DEFINE plex_url 127.0.0.1
    DEFINE plex_port 32400
    DEFINE public_url subdomain.plex.tv
    DEFINE email admin@subdomain.plex.tv
    ServerTokens Prod
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
### If you have Google's Mod PageSpeed, disable it
    #ModPagespeed Off
<VirtualHost *:80>
    ServerName ${public_url}
    DocumentRoot /var/www/offline
    ServerAdmin ${email}
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =${public_url}
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    ServerName ${public_url}
    DocumentRoot /var/www/offline
    ServerAdmin ${email}
    ErrorLog ${APACHE_LOG_DIR}/${public_url}.error.log
    CustomLog ${APACHE_LOG_DIR}/${public_url}.access.log combined
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/${public_url}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${public_url}/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
### Forbid the http1.0 protocol ###
    Protocols h2 http/1.1
    #Options -Includes -ExecCGI
    #LimitRequestBody 512000
    #FileETag None
    #TraceEnable off
    Timeout 360
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 600
    ProxyReceiveBufferSize 4096
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ServerSignature Off
    SSLCompression Off
    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    SSLSessionTickets Off
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    Header always set Strict-Transport-Security "max-age=15552000; preload"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Robots-Tag none
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Content-Security-Policy "default-src 'self' https:; font-src 'self' data: ${plex_url} ${public_url}; media-src 'self' blob: data: https: ${plex_url} ${public_url} *.plex.direct *.plex.tv plex.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' ${plex_url} ${public_url} plex.tv *.plex.tv gstatic.com *.gstatic.com *.plex.direct; style-src 'self' ${plex_url} ${public_url} *.plex.direct; img-src 'self' data: blob: ${plex_url} ${public_url} plex.tv *.plex.tv *.plex.direct; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${plex_url} ${public_url} plex.tv *.plex.direct *.plex.tv;"
 ## If you want to be safer, remove the 'unsafe-inline' 'unsafe-eval' from above and use Chrome to get the sha-256 sums and input below (below was for Server version: 1.16.5.1488; Web version: 3.108.2)
    #Header always set Content-Security-Policy "default-src 'self' https:; font-src 'self' data: ${plex_url} ${public_url}; media-src 'self' blob: data: https: ${plex_url} ${public_url} *.plex.direct *.plex.tv plex.tv; script-src 'self' 'sha256-8yKKbip2qr14RHV8H1qDEbRAm9Mmf5ePeQh+wB5pMCw=' 'sha256-pKO/nNgeauDINvYfxdygP3mGssdVQRpRNxaF7uPRoGM=' 'sha256-mrLkgfrqAhdxc2TvIODT0I7QtvuQLMS9AgtfLL9eMXo=' ${plex_url} ${public_url} plex.tv *.plex.tv gstatic.com *.gstatic.com *.plex.direct; style-src 'self' ${plex_url} ${public_url} *.plex.direct; img-src 'self' data: blob: ${plex_url} ${public_url} plex.tv *.plex.tv *.plex.direct; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${plex_url} ${public_url} plex.tv *.plex.direct *.plex.tv;"
    Header always set Feature-Policy "geolocation 'self'; midi 'self'; sync-xhr 'self'; microphone 'self'; camera 'self'; magnetometer 'self'; gyroscope 'self'; speaker 'self'; fullscreen 'self'; payment 'self'"
### Use next two for very secure connections ###
    SSLHonorCipherOrder On
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
### Use next two for secure connections and supports more endpoints ###
    #SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    #SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
### Actually proxy the traffic and really the only important part ###
    ProxyPass / http://${plex_url}:${plex_port}/
    ProxyPassReverse / http://${plex_url}:${plex_port}/
    ProxyPass /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPass /:/ wss://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ wss://${plex_url}:${plex_port}/:/
    LimitRequestBody 512000
    FileETag None
    TraceEnable off
    #Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
    Timeout 60
    <Location /:/websockets/notifications>
        ProxyPass wss://${plex_url}:${plex_port}/:/websockets/notifications
        ProxyPassReverse wss://${plex_url}:${plex_port}/:/websockets/notifications
    </Location>
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
    RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>

没有 SSL

    DEFINE plex_url 192.168.1.22
    DEFINE plex_port 32400
    DEFINE serv_name plex.domain.com
    ServerTokens Prod
<VirtualHost *:80>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ServerAdmin aw@hell.no
    ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
    CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
    Options -Includes -ExecCGI
### Deny http1.0 requests ###
    RewriteEngine On
    RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
    #RewriteCond %{REQUEST_URI} !^/404/$
    RewriteRule ^ - [F]
### Plex Specific Section ###
    ProxyPass / http://${plex_url}:${plex_port}/
    ProxyPassReverse / http://${plex_url}:${plex_port}/
    ProxyPass /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPass /:/ wss://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ wss://${plex_url}:${plex_port}/:/
    LimitRequestBody 512000
    FileETag None
    TraceEnable off
    #Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
    Timeout 60
    <Location /:/websockets/notifications>
        ProxyPass ws://${plex_url}:${plex_port}/:/websockets/notifications
        ProxyPassReverse ws://${plex_url}:${plex_port}/:/websockets/notifications
    </Location>
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
    RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>

需要此设置，但用于 nginx ？

关于apache - 使用Apache作为反向代理访问子域下的Plex，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/40291126/

文章推荐： scheme - 如何在scheme中实现put和get过程？

文章推荐： tortoisegit - 我如何取消 TortoiseGit 中的合并？

文章推荐： netbeans - "The project does not have a build script"错误

linux - Plex 媒体服务器和 encFS
我正在尝试在 Docker 中旋转 Plex 媒体服务器。而且我想将我的媒体作为一个卷，但加密。流动:1. 在底层主机上从外部存储挂载卷。2. 将volume作为volume挂载到docker容器3.
python - 无法设置 Plex 海报元数据
我正在与 AvalonRestAgent.bundle 合作并尝试修改它以设置媒体项目的海报。然而，我的尝试却陷入了停滞。我做了什么在我的utils.py我创建了一个名为 set_metadata
bash - FFMPEG 编码上的 Plex DVR 文件重命名
我目前正在使用 bash shell 脚本使用 FFMPEG 将我的所有 Plex DVR 录音编码为 H.264。我正在使用我在网上找到的这个小 for 循环来编码单个目录中的所有文件: for i
apache - 从 PLEX URL 中删除/web
如何消除在我的 PLEX 媒体服务器末尾键入/web 以从我的网络外部访问的需要？我有一个no-ip.com账号，设置了一个静态域名指向一个静态ip。但这并没有多大帮助，因为我仍然需要输入/web 来
nginx - 在 nginx 上重写 plex 媒体服务器 url？
我对在 nginx 中重写 url 的知识非常有限。我有一个 plex 媒体服务器在 nginx 上运行，我可以使用 http://domain.com/web/index.html 访问仪表板使用我
使用 Letstencrypt 的 Plex 媒体服务器的 SSL 证书
我需要一点指导。我想使用我在 No-IP 上使用我的 Plex 媒体服务器生成的主机名获取 https。我可以通过我的主机名连接到我的 plex 媒体服务器，我只是想让 letsencrypt 为其生
google-play - 如何从 Google Play 音乐转移到 Plex 音乐
这是给任何像我一样正在哀悼悲伤的人，soon-coming death of Google Play (Music)并对被迫转移到 YouTube 音乐感到恼火。我的问题/目标只是“我如何从 Goog
ssl - Caddy + Organizr + Plex Media Server = 无法连接到 PMS？
最终我的目标是能够通过 Organizr 加载我的 PMS 管理界面。我已经尝试通过 Organizr 简单地使用 URL https://app.plex.tv/desktop，但是该 URL 不允
linux - 为什么 Plex Media Server 在 Ubuntu 16 上不适合我？
首先我要声明我过去曾在 Ubuntu 16 上多次使用过 Plex Media Server。在 Ubuntu 16 桌面上安装 Plex 有多种不同的方法。我尝试下载安装程序，将 plex.list
linux - 为什么 Plex Media Server PID 在 "top"中不断增加？
我已经搜索过，但无济于事。当我输入时: sudo service plexmediaserver start 然后: top 我得到: PID USER PR NI VIRT
c# - 在 C# (Plex Media Server) 中访问/更改视频文件(MKV 等)的元数据
背景我有一个媒体服务器，上面有大量的电视节目。它目前使用以下文件夹结构进行组织: [流派][节目名称]\季[季号]([季]x[剧集])剧集名称。[扩展名] 因此，House 的一集将具有以下路径:
python - CPLEX 二次 objective-c PLEX 错误 1017 : Not available for mixed-integer problems
我正在尝试使用 cplex 求解以下线性程序: def generate_linear_program(self): problem = cplex.Cplex() problem.o
odbc - 使用 ODBC 连接从 MS Excel 中的 Power Pivot 连接到 Plex ERP 数据库
错误信息如下: DataSource.Error: ODBC: ERROR [42S02] [Plex][ODBC ODBC Report Data Source driver][OpenAccess

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城