创建配置文件/etc/nginx/conf.d/jellyfin.fangyuanxiaozhan.com.conf ,并添加以下内容
upstream jellyfin_fangyuanxiaozhan_com { server 127.0.0.1:8096; }
server {
server_name jellyfin.fangyuanxiaozhan.com;
listen 80;
#rewrite ^(.*)$ https://$host$1 permanent;
location / {
proxy_pass http://jellyfin_fangyuanxiaozhan_com;
proxy_set_header Host $host:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
重启nginx
nginx -t
nginx -s reload
访问 http://jellyfin.fangyuanxiaozhan.com
image.png
获取https证书
# 提取出变量
domain="jellyfin.fangyuanxiaozhan.com"
# 请求证书
acme.sh --issue -d $domain --nginx /etc/nginx/conf.d/$domain.conf
# 创建文件夹
mkdir -p /etc/nginx/ssl/$domain/
# 安装证书
acme.sh --install-cert -d $domain \
--key-file /etc/nginx/ssl/$domain/$domain.key \
--fullchain-file /etc/nginx/ssl/$domain/fullchain.cer \
--reloadcmd "service nginx force-reload"
image.png
更新/etc/nginx/conf.d/jellyfin.fangyuanxiaozhan.com.conf,为了保证通信安全, 强制使用https
upstream jellyfin_fangyuanxiaozhan_com { server 127.0.0.1:8096; }
server {
server_name jellyfin.fangyuanxiaozhan.com;
listen 80;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.fangyuanxiaozhan.com;
location / {
proxy_pass http://jellyfin_fangyuanxiaozhan_com;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate "/etc/nginx/ssl/jellyfin.fangyuanxiaozhan.com/fullchain.cer";
ssl_certificate_key "/etc/nginx/ssl/jellyfin.fangyuanxiaozhan.com/jellyfin.fangyuanxiaozhan.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
更新后重启Nginx
nginx -t
nginx -s reload
服务端关闭8096端口的对外访问
网友评论