Nginx配置
server {
listen 443 ssl;
server_name your.domain.com;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# ssl的设置
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_session_timeout 5m;
# 禁止ip访问
if ($host ~ ^\d+\.\d+\.\d+\.\d+$) {
return 404;
}
# 防止爬虫获取header,直接访问/就返回502,其他的路径才行,app观看不影响,不用这个
location = / {
return 502;
}
location / {
resolver 1.1.1.1 ipv6=off;
if ($host != $server_name) {
return 403;
}
proxy_pass https://www.emby.com;
# ssl pass相关的设置
proxy_ssl_name www.emby.com;
proxy_ssl_server_name on;
proxy_set_header Host www.emby.com;
set $magpiecdn "$scheme://$server_name:$server_port";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header MagpieCDN $magpiecdn;
proxy_buffering off;
}
location /***cdn {
resolver 1.1.1.1 ipv6=off;
proxy_pass https://$arg_load.emby.com;
# ssl pass相关的设置
proxy_ssl_name $arg_load.emby.com;
proxy_ssl_server_name on;
proxy_set_header Host $arg_load.emby.com;
proxy_buffering on;
proxy_max_temp_file_size 50m;
}
}说明:
注意替换为自己的域名和要反代的服务器域名
利用acme申请域名证书
- 在线安装
curl https://get.acme.sh | sh -s [email protected]- 配置证书
export CF_Token=“” #需要DNS读取编辑权限
export CF_Zone_ID=""
acme.sh --issue --dns dns_cf -d your.domain.com
acme.sh --install-cert -d your.domain.com \
--key-file /etc/nginx/ssl/key.pem \
--fullchain-file /etc/nginx/ssl/cert.pem \
--reloadcmd "service nginx reload"
