+89 -95

modules/nixos/server/plex.nix

reviewed

··· 10 10 group = "media"; 11 11 }; 12 12 13 13 - # services.traefik.dynamicConfigOptions = { 14 14 - # http = { 15 15 - # routers = { 16 16 - # plex = { 17 17 - # entryPoints = [ "websecure" ]; 18 18 - # rule = "Host(`plex.otter.place`)"; 19 19 - # service = "plex"; 20 20 - # tls = { 21 21 - # certResolver = "letsencrypt"; 22 22 - # options = "plexTLS"; 23 23 - # }; 24 24 - # middlewares = [ "plex-headers" "plex-compress" "plex-buffering" ]; 25 25 - # }; 26 26 - # }; 27 27 - 28 28 - # services = { 29 29 - # plex = { 30 30 - # loadBalancer = { 31 31 - # passHostHeader = true; 32 32 - # serversTransport = "plexTransport"; 33 33 - # servers = [ { url = "http://127.0.0.1:32400"; } ]; 34 34 - # }; 35 35 - # }; 36 36 - # }; 13 13 + services.traefik.dynamicConfigOptions = { 14 14 + http = { 15 15 + middlewares = { 16 16 + plex-headers = { 17 17 + headers = { 18 18 + customRequestHeaders = { 19 19 + X-Real-IP = "{ClientIP}"; 20 20 + X-Forwarded-For = "{ClientIP}"; 21 21 + X-Forwarded-Proto = "https"; 22 22 + Host = "plex.otter.place"; 23 23 + Referer = "plex.otter.place"; 24 24 + Origin = "plex.otter.place"; 25 25 + X-Plex-Client-Identifier = ""; 26 26 + X-Plex-Device = ""; 27 27 + X-Plex-Device-Name = ""; 28 28 + X-Plex-Platform = ""; 29 29 + X-Plex-Platform-Version = ""; 30 30 + X-Plex-Product = ""; 31 31 + X-Plex-Token = ""; 32 32 + X-Plex-Version = ""; 33 33 + X-Plex-Nocache = ""; 34 34 + X-Plex-Provides = ""; 35 35 + X-Plex-Device-Vendor = ""; 36 36 + X-Plex-Model = ""; 37 37 + }; 38 38 + }; 39 39 + }; 37 40 38 38 - # middlewares = { 39 39 - # plex-headers = { 40 40 - # headers = { 41 41 - # customRequestHeaders = { 42 42 - # Upgrade = "websocket"; 43 43 - # Connection = "Upgrade"; 44 44 - # # If Plex needs original scheme forwarded: 45 45 - # X-Forwarded-Proto = "https"; 46 46 - # }; 47 47 - # }; 48 48 - # }; 41 41 + plex-compress = { 42 42 + compress = { 43 43 + excludedContentTypes = [ 44 44 + "video/*" 45 45 + "audio/*" 46 46 + "image/*" 47 47 + ]; 48 48 + minResponseBodyBytes = 1000; 49 49 + }; 50 50 + }; 51 51 + }; 49 52 50 50 - # plex-compress = { 51 51 - # compress = { 52 52 - # includedContentTypes = [ 53 53 - # "text/plain" 54 54 - # "text/css" 55 55 - # "text/xml" 56 56 - # "application/xml" 57 57 - # "application/json" 58 58 - # "application/javascript" 59 59 - # "image/svg+xml" 60 60 - # ]; 61 61 - # }; 62 62 - # }; 53 53 + serversTransports.plex-transport.forwardingTimeouts = { 54 54 + dialTimeout = "30s"; 55 55 + responseHeaderTimeout = "6000s"; 56 56 + idleConnTimeout = "6000s"; 57 57 + }; 63 58 64 64 - # plex-buffering = { 65 65 - # buffering = { 66 66 - # maxRequestBodyBytes = 104857600; # 100M 67 67 - # }; 68 68 - # }; 69 69 - # }; 59 59 + routers = { 60 60 + plex = { 61 61 + entryPoints = [ "websecure" ]; 62 62 + rule = "Host(`plex.otter.place`)"; 63 63 + service = "plex"; 64 64 + middlewares = [ "plex-headers" "plex-compress" ]; 65 65 + tls = { 66 66 + certResolver = "letsencrypt"; 67 67 + options = "plex-tls"; 68 68 + }; 69 69 + }; 70 70 + }; 70 71 71 71 - # serversTransports = { 72 72 - # plexTransport = { 73 73 - # responseHeaderTimeout = "100m"; 74 74 - # idleTimeout = "100m"; 75 75 - # dialTimeout = "30s"; 76 76 - # }; 77 77 - # }; 78 78 - # }; 72 72 + services = { 73 73 + plex = { 74 74 + loadBalancer = { 75 75 + servers = [{ url = "http://localhost:32400"; }]; 76 76 + responseForwarding = { 77 77 + flushInterval = "1ms"; 78 78 + }; 79 79 + serversTransport = "plex-transport"; 80 80 + healthCheck = { 81 81 + path = "/web/index.html"; 82 82 + interval = "30s"; 83 83 + timeout = "10s"; 84 84 + scheme = "http"; 85 85 + }; 86 86 + }; 87 87 + }; 88 88 + }; 89 89 + }; 79 90 80 80 - # tls = { 81 81 - # options = { 82 82 - # plexTLS = { 83 83 - # minVersion = "VersionTLS12"; 84 84 - # preferServerCipherSuites = true; 85 85 - # cipherSuites = [ 86 86 - # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" 87 87 - # "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" 88 88 - # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" 89 89 - # "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" 90 90 - # "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" 91 91 - # "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" 92 92 - # "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" 93 93 - # "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" 94 94 - # "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" 95 95 - # "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" 96 96 - # "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" 97 97 - # "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" 98 98 - # "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" 99 99 - # "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" 100 100 - # "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" 101 101 - # "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" 102 102 - # "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" 103 103 - # "TLS_RSA_WITH_AES_128_GCM_SHA256" 104 104 - # "TLS_RSA_WITH_AES_256_GCM_SHA384" 105 105 - # "TLS_RSA_WITH_AES_128_CBC_SHA256" 106 106 - # "TLS_RSA_WITH_AES_256_CBC_SHA" 107 107 - # "TLS_RSA_WITH_AES_128_CBC_SHA" 108 108 - # ]; 109 109 - # }; 110 110 - # }; 111 111 - # }; 112 112 - # }; 91 91 + tls = { 92 92 + options = { 93 93 + plex-tls = { 94 94 + minVersion = "VersionTLS10"; 95 95 + maxVersion = "VersionTLS12"; 96 96 + preferServerCipherSuites = true; 97 97 + cipherSuites = [ 98 98 + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" 99 99 + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" 100 100 + "TLS_RSA_WITH_AES_128_GCM_SHA256" 101 101 + "TLS_RSA_WITH_AES_256_GCM_SHA384" 102 102 + ]; 103 103 + }; 104 104 + }; 105 105 + }; 106 106 + }; 113 107 }

+3 -1

modules/nixos/server/traefik.nix

reviewed

··· 27 27 }; 28 28 29 29 log = { 30 30 - level = "INFO"; 30 30 + level = "DEBUG"; 31 31 filePath = "${config.services.traefik.dataDir}/traefik.log"; 32 32 format = "json"; 33 33 }; ··· 48 48 49 49 api.dashboard = true; 50 50 api.insecure = true; 51 51 + 52 52 + core.defaultRuleSyntax = "v3"; 51 53 }; 52 54 }; 53 55