多台vps反代jellyfin服务实现大陆地区加速访问
[TOC]
需求
- vps A: 性能好,带宽大,跑jellyfin的服务端,但是到大陆的速度不太行
- vps B、C、D…: 随便啥配置,能跑nginx就够,到大陆的速度很快
目的
大陆用户访问公布的主域名的时候,根据电信、联通、移动的运营商,自动返回vps B,C,D的ip。
通过vps B,C,D 反代 vps A来加速国内访问jellyfin。
环境
- 域名A: 指向vpsA的域名,托管在 cloudflare,并开启小云朵保护vps A
- 域名B:我是托管在华为云国际版,这个域名是公布出去的主域名
可以看到我是2个不同的域名的,同域名也行,我感觉设置麻烦。
VPS A的设置
域名设置
解析ip并开启小云朵(cdn)。
设置ssl证书为 灵活
因为vps A我是不准备申请ssl证书的,直接全部白嫖cloudflare的,灵活的话只会加密浏览器到cf的通信,cf到我们服务器的通信还是http的。
在cf的边缘证书部分可以开启自动https重写 这样别人访问http的端口也会自动跳转到https。
nginx的设置
按照jellyfin官方的推荐的:
server {
listen 80;
server_name VPSA的域名;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location / {
# Proxy main Jellyfin traffic
proxy_pass http://localhost:8096/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://localhost:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://localhost:8096/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
因为我的jellyfin是跑在docker并且映射到127.0.0.1:8096端口的(外网无法访问),不同的端口你改一下配置文件。
VPS B、C、D …的设置
域名设置
华为云域名设置的时候可以实现智能dns解析,可以根据运营商或者地区进行解析。
我是准备了3台vps,一台cn2给电信,一台9929给移动和联通,一台新加坡甲骨文给移动。
此时分析设置过去就👌了。
vps的设置,以一台vps为例子
vps只需要设置nginx反代就行了。
但是要记住一点,因为反代是的cf网站,并且开启了cdn,方法有点不一样。
首先,必须申请ssl证书,因为客户端到cf是ssl加密的。
然后就是反代cf的网站nginx配置文件需要加入:
proxy_ssl_name 你的域名;
proxy_ssl_server_name on;
我的配置文件
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name vpsB的域名 ;
index index.html index.htm;
root /usr/share/nginx/html;
ssl_certificate ssl证书公钥路径;
ssl_certificate_key ssl证书私钥路径;
ssl_session_timeout 5m;
location / {
# Proxy main Jellyfin traffic
proxy_pass https://vpsA的域名
proxy_ssl_name vpsA的域名;
proxy_ssl_server_name on;
proxy_set_header Host vpsA的域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location = /web/ {
# Proxy main Jellyfin traffic
proxy_ssl_name vpsA的域名;
proxy_ssl_server_name on;
proxy_pass https://vpsA的域名/web/index.html;
proxy_set_header Host vpsA的域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_ssl_name vpsA的域名;
proxy_ssl_server_name on;
proxy_pass https://vpsA的域名/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host vpsA的域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 80;
server_name vpsB的域名;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location / {
# Proxy main Jellyfin traffic
proxy_pass http://vpsA的域名;
proxy_set_header Host vpsA的域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://vpsA的域名/web/index.html;
proxy_set_header Host vpsA的域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://vpsA的域名/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host vpsA的域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
自己看看把我写中文的地方改了就ok了。
留着80端口的原因是,如果用kodi,他是只能http的,不能https播放,所以留一个80的配置。
记得一点的就是在一台机器申请ssl证书,然后同步到其他的机器上,我是rsync 每天同步一次。