# 此文件只需要更改 periodics 相关配置,和 includes 下 listen, SSL 配置 # Load the njs script js_path /etc/nginx/conf.d/; js_import config from constant.js; js_import plex2Pan from plex.js; js_import periodics from common/periodics.js; # Memory Cache, workers shared values, since njs 0.8.0 js_shared_dict_zone zone=partInfoDict:4M timeout=1d evict; js_shared_dict_zone zone=routeL1Dict:8M timeout=15m evict; js_shared_dict_zone zone=routeL2Dict:16M timeout=15m evict; # js_shared_dict_zone zone=routeL3Dict:32M timeout=15m evict; ## ReqLimit, the processing rate of requests coming from a single IP address # limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s; ## ConnLimit, the number of connections from a single IP addres # limit_conn_zone $binary_remote_addr zone=one:1m; ## Start of actual server blocks server { js_set $plex config.getPlexHost; #plex address ## Include the http and https configs, better don't use same port include /etc/nginx/conf.d/includes/http.conf; # include /etc/nginx/conf.d/includes/https.conf; ## Include the proxy headers include /etc/nginx/conf.d/includes/proxy-header.conf; proxy_http_version 1.1; ## js_fetch SETTINGS resolver 8.8.8.8 114.114.114.114 [2001:4860:4860::8888] [2400:3200::1]; js_fetch_verify off; # internal use only, off this fetch https:// ## hide nginx version info server_tokens off; ## Compresses the content to the client, speeds up client browsing. gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc. client_max_body_size 20M; # This default is either 4K or 8K, depending on a platform # Plex sections API maybe be too large, 200k not enough subrequest_output_buffer_size 4M; # # Security / XSS Mitigation Headers # add_header X-Frame-Options "SAMEORIGIN"; # add_header X-XSS-Protection "1; mode=block"; # add_header X-Content-Type-Options "nosniff"; # aliDrive direct stream need no-referrer add_header 'Referrer-Policy' 'no-referrer'; set $apiType ""; # PlexMediaServer Start # Proxy sockets traffic for webClient location ~* /(websockets) { # Proxy plex Websockets traffic proxy_pass $plex; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_connect_timeout 1h; proxy_send_timeout 1h; proxy_read_timeout 1h; tcp_nodelay on; ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request. } # internal redirect location ~ ^(.*)/proxy(/.*)$ { internal; # internal use only gunzip on; # Jellyfin/Plex has gzip,need this,Emby no gzip but compatible proxy_set_header Accept-Encoding ""; # subrequest need this client_body_in_file_only clean; rewrite ^(.*)/proxy(/.*)$ $1$2 break; proxy_pass $plex$request_uri; # Emby/Plex need $request_uri,Jellyfin not need but compatible proxy_pass_request_body on; proxy_pass_request_headers on; add_header X-Proxy-Success true; # for debug } # PlexApiHandler, this REG see: https://regex101.com/r/spMXKP/3 location ~* ^\/(hubs|library|status)\/(sections\/\d+($|\/all)|metadata\/\d+($|\/children)|continueWatching|promoted$|sessions$) { proxy_set_header Accept-Encoding ""; add_header X-Modify-Success true; js_content plex2Pan.plexApiHandler; } # like emby playbackinfo,but response is xml location ~* /video/:/transcode/universal/decision { set $apiType "TranscodeUniversalDecision"; proxy_set_header Accept-Encoding ""; # set $isDecision 1; add_header X-Cache-PartInfo-Success true; js_content plex2Pan.plexApiHandler; } # Mobile Clients only support text/xml location ~* /playQueues { proxy_set_header Accept-Encoding ""; add_header X-Modify-Success true; js_content plex2Pan.plexApiHandler; } # Redirect the stream to njs location ~* /library/parts/(\d+)/(\d+)/file { set $apiType "PartStreamPlayOrDownload"; # limit_req zone=one; # Cache alist direct link add_header Cache-Control max-age=3600; # proxy_pass $goalist; js_content plex2Pan.redirect2Pan; } # transcode, dash scheme, mpd file location ~* /video/:/transcode/universal/start { set $apiType "VideoTranscodePlay"; # limit_req zone=one; # Cache alist direct link add_header Cache-Control max-age=3600; # proxy_pass $goalist; js_content plex2Pan.redirect2Pan; } # transcode, m4s, this is expected, not redirect2Pan location ~* /video/:/transcode/universal/session { proxy_pass $plex; } # other streams like subtitles location ~* /library/streams/(\d+)$ { proxy_pass $plex; proxy_set_header Range ""; add_header X-Message 'fix upstream error removed headersIn["Range"]: $http_range'; # for debug } # PlexMediaServer End # customeLocations must before default location / include custome/location/*.conf; location / { # Proxy main plex traffic proxy_pass $plex; # client_max_body_size 1000M; ## Allows for mobile device large photo uploads. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ## ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ## # add_header 'Referrer-Policy' 'origin-when-cross-origin'; # add_header Strict-Transport-Security "max-age=15552000; preload" always; # add_header X-Frame-Options "SAMEORIGIN" always; # add_header X-Content-Type-Options "nosniff" always; # add_header X-XSS-Protection "1; mode=block" always; } location @root { # Proxy main plex traffic proxy_pass $plex; } # global schedule task, since njs 0.8.1 # location @periodics { # # to be run at 7 day intervals in worker process 0 # js_periodic periodics.logHandler interval=7d; # } }