现在好多了。但是另外一个问题来了，就是评论提交时的 IP 地址出现问题了，推测携带的应该是cdn 的 IP 地址。每次刷新还不一样，不过也就那么几个。

但HTTP_X_FORWARDED_FOR 显示的确实正常的。因为我的博客是通过 frp 穿透出去的，真实 IP 地址是通过 proxy_protocol 协议传递的。所以在 nginx 配置中会设置real_ip_header proxy_protocol。（这个在之前文章提过，具体了解见此文）

通过 EdgeOne 之后，直接HTTP_X_FORWARDED_FOR 可以正常传递真实 IP，所以咱们将上面 nginx 设置如下：

real_ip_header X-Forwarded-For;

OK，现在正常了！

今天如果有人访问我的博客，你会发现大部分时间无法访问，不止我的博客，我服务器上所有站点都无法访问，后来就断断续续能访问，再后来就正常了。对此，我向影响到你使用体验不佳的朋友们说声抱歉。这几天折腾了不少东西，脑子都快不够用了，赶紧整理整理。

#换服务器

是的，又换服务器了。

今天早上一起床，第一件事就是备份插着移动硬盘的笔记本里的网站数据，是的，那个移动服务器现在插在笔记本上了。其实这件事昨晚就该干了，太困了睡着了。几天前我买了块M.2 sata3 2280固态，二手的，就是给小主机当系统盘的。测试了几天，小主机很稳定，于是趁今天休息，把服务器转移过来。本地备份和拷贝数据是非常快的，再加上我配置的shell命令，完全可以自动化部署。从此Linux不再用虚拟机了。

11点多的时候，收到一份邮件——阿里云双十一活动，2G2核心3M只需99元/年，可同价续费三年。于是我更兴奋了。直接拿下。其实这跟之前我买的轻量服务器配置差不多，而这款主机的带宽是固定带宽，价格更是没有可比性，还免费分配IPv6，只是我感觉这IPv6是内网地址，跟我电脑上分配的IPv6一样，公网访问不了。配置完新服务器，我就把轻量云给退了，退款按天计算。

话说这个退款也不容易找，服务器管理界面连退款按钮都容不下。后来Bing了一下，找到阿里云的产品文档，拉到底，有个登录阿里云退订管理页面，点进去就看见了。好了，又省了一大笔巨款。

#frp内网穿透更新换代

很久没管frp了，一个版本用着还很稳定，稳定到你都快忘了它。前几天突然发现frp官方文档和往常不一样，我才知道frp更新换代了，从0.52.0版本开始使用新的配置文件（TOML、YAML 和 JSON），老配置文件.ini截止到0.51.3版本。新版本的配置我折腾了一下午，这就是为什么今天我的博客大部分时间无法访问的原因了。它其实不难，可能一开始不适应，我就适应了一下午。基本上可以满足我当前的需求了。其中让我一眼看中的功能就是它支持配置拆分（includes），好比nginx各主机的配置文件.conf一样，需要哪个配置哪个，不需要删文件重启服务就好了。

配置参考完整版frps_full_example.toml和frpc_full_example，如果不能访问GitHub，可以看下面，怎么样，是不是很细。

frps.toml完整配置：

# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
bindAddr = "0.0.0.0"
bindPort = 7000

# udp port used for kcp protocol, it can be same with 'bindPort'.
# if not set, kcp is disabled in frps.
kcpBindPort = 7000

# udp port used for quic protocol.
# if not set, quic is disabled in frps.
# quicBindPort = 7002

# Specify which address proxy will listen for, default value is same with bindAddr
# proxyBindAddr = "127.0.0.1"

# quic protocol options
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000

# Heartbeat configure, it's not recommended to modify the default value
# The default value of heartbeatTimeout is 90. Set negative value to disable it.
# transport.heartbeatTimeout = 90

# Pool count in each proxy will keep no more than maxPoolCount.
transport.maxPoolCount = 5

# If tcp stream multiplexing is used, default is true
# transport.tcpMux = true

# Specify keep alive interval for tcp mux.
# only valid if tcpMux is true.
# transport.tcpMuxKeepaliveInterval = 60

# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
# If negative, keep-alive probes are disabled.
# transport.tcpKeepalive = 7200

# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls.force = false

# transport.tls.certFile = "server.crt"
# transport.tls.keyFile = "server.key"
# transport.tls.trustedCaFile = "ca.crt"

# If you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bindPort
vhostHTTPPort = 80
vhostHTTPSPort = 443

# Response header timeout(seconds) for vhost http server, default is 60s
# vhostHTTPTimeout = 60

# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
# requests on one single port. If it's not - it will listen on this value for
# HTTP CONNECT requests. By default, this value is 0.
# tcpmuxHTTPConnectPort = 1337

# If tcpmuxPassthrough is true, frps won't do any update on traffic.
# tcpmuxPassthrough = false

# Configure the web server to enable the dashboard for frps.
# dashboard is available only if webServer.port is set.
webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# webServer.tls.certFile = "server.crt"
# webServer.tls.keyFile = "server.key"
# dashboard assets directory(only for debug mode)
# webServer.assetsDir = "./static"

# Enable golang pprof handlers in dashboard listener.
# Dashboard port must be set first
webServer.pprofEnable = false

# enablePrometheus will export prometheus metrics on webServer in /metrics api.
enablePrometheus = true

# console or real logFile path like ./frps.log
log.to = "./frps.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# disable log colors when log.to is console, default is false
log.disablePrintColor = false

# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
detailedErrorsToClient = true

# auth.method specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
auth.method = "token"

# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]

# auth token
auth.token = "12345678"

# oidc issuer specifies the issuer to verify OIDC tokens with.
auth.oidc.issuer = ""
# oidc audience specifies the audience OIDC tokens should contain when validated.
auth.oidc.audience = ""
# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
auth.oidc.skipExpiryCheck = false
# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
auth.oidc.skipIssuerCheck = false

# userConnTimeout specifies the maximum time to wait for a work connection.
# userConnTimeout = 10

# Only allow frpc to bind ports you list. By default, there won't be any limit.
allowPorts = [
  { start = 2000, end = 3000 },
  { single = 3001 },
  { single = 3003 },
  { start = 4000, end = 50000 }
]

# Max ports can be used for each client, default value is 0 means no limit
maxPortsPerClient = 0

# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
# When subdomain is est, the host used by routing is test.frps.com
subDomainHost = "frps.com"

# custom 404 page for HTTP requests
# custom404Page = "/path/to/404.html"

# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udpPacketSize = 1500

# Retention time for NAT hole punching strategy data.
natholeAnalysisDataReserveHours = 168

[[httpPlugins]]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = ["Login"]

[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]

frpc.toml完整配置文件：

# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.

# your proxy name will be changed to {user}.{proxy}
user = "your_name"

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single serverAddr field, no need square brackets, like serverAddr = "::".
serverAddr = "0.0.0.0"
serverPort = 7000

# STUN server to help penetrate NAT hole.
# natHoleStunServer = "stun.easyvoip.com:3478"

# Decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
loginFailExit = true

# console or real logFile path like ./frpc.log
log.to = "./frpc.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# disable log colors when log.to is console, default is false
log.disablePrintColor = false

auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]

# auth token
auth.token = "12345678"

# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
# auth.oidc.clientID = ""
# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
# auth.oidc.clientSecret = ""
# oidc.audience specifies the audience of the token in OIDC authentication.
# auth.oidc.audience = ""
# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
# auth.oidc.scope = ""
# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
# It will be used to get an OIDC token.
# auth.oidc.tokenEndpointURL = ""

# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
# For example, if you want to specify the "audience" parameter, you can set as follow.
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
# auth.oidc.additionalEndpointParams.var1 = "foobar"

# Set admin address for control frpc's action by http api such as reload
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
# Admin assets directory. By default, these assets are bundled with frpc.
# webServer.assetsDir = "./static"

# Enable golang pprof handlers in admin listener.
webServer.pprofEnable = false

# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
# transport.dialServerTimeout = 10

# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
# If negative, keep-alive probes are disabled.
# transport.dialServerKeepalive = 7200

# connections will be established in advance, default value is zero
transport.poolCount = 5

# If tcp stream multiplexing is used, default is true, it must be same with frps
# transport.tcpMux = true

# Specify keep alive interval for tcp mux.
# only valid if tcpMux is enabled.
# transport.tcpMuxKeepaliveInterval = 60

# Communication protocol used to connect to server
# supports tcp, kcp, quic, websocket and wss now, default is tcp
transport.protocol = "tcp"

# set client binding ip when connect server, default is empty.
# only when protocol = tcp or websocket, the value will be used.
transport.connectServerLocalIP = "0.0.0.0"

# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
# it only works when protocol is tcp
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"

# quic protocol options
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000

# If tls.enable is true, frpc will connect frps by tls.
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
transport.tls.enable = true

# transport.tls.certFile = "client.crt"
# transport.tls.keyFile = "client.key"
# transport.tls.trustedCaFile = "ca.crt"
# transport.tls.serverName = "example.com"

# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
# first custom byte when tls is enabled.
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
# transport.tls.disableCustomTLSFirstByte = true

# Heartbeat configure, it's not recommended to modify the default value.
# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value
# to disable it.
# transport.heartbeatInterval = 30
# transport.heartbeatTimeout = 90

# Specify a dns server, so frpc will use this instead of default one
# dnsServer = "8.8.8.8"

# Proxy names you want to start.
# Default is empty, means all proxies.
# start = ["ssh", "dns"]

# Specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udpPacketSize = 1500

# Additional metadatas for client.
metadatas.var1 = "abc"
metadatas.var2 = "123"

# Include other config files for proxies.
# includes = ["./confd/*.ini"]

[[proxies]]
# 'ssh' is the unique proxy name
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
# Limit bandwidth for this proxy, unit is KB and MB
transport.bandwidthLimit = "1MB"
# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
transport.bandwidthLimitMode = "client"
# If true, traffic of this proxy will be encrypted, default is false
transport.useEncryption = false
# If true, traffic will be compressed
transport.useCompression = false
# Remote port listen by frps
remotePort = 6001
# frps will load balancing connections for proxies in same group
loadBalancer.group = "test_group"
# group should have same group key
loadBalancer.groupKey = "123456"
# Enable health check for the backend service, it supports 'tcp' and 'http' now.
# frpc will connect local service's port to detect it's healthy status
healthCheck.type = "tcp"
# Health check connection timeout
healthCheck.timeoutSeconds = 3
# If continuous failed in 3 times, the proxy will be removed from frps
healthCheck.maxFailed = 3
# every 10 seconds will do a health check
healthCheck.intervalSeconds = 10
# additional meta info for each proxy
metadatas.var1 = "abc"
metadatas.var2 = "123"

[[proxies]]
name = "ssh_random"
type = "tcp"
localIP = "192.168.31.100"
localPort = 22
# If remotePort is 0, frps will assign a random port for you
remotePort = 0

[[proxies]]
name = "dns"
type = "udp"
localIP = "114.114.114.114"
localPort = 53
remotePort = 6002

# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[[proxies]]
name = "web01"
type = "http"
localIP = "127.0.0.1"
localPort = 80
# http username and password are safety certification for http protocol
# if not set, you can access this customDomains without certification
httpUser = "admin"
httpPassword = "admin"
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
subdomain = "web01"
customDomains = ["web01.yourdomain.com"]
# locations is only available for http type
locations = ["/", "/pic"]
# route requests to this service if http basic auto user is abc
# routeByHTTPUser = abc
hostHeaderRewrite = "example.com"
requestHeaders.set.x-from-where = "frp"
healthCheck.type = "http"
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
healthCheck.path = "/status"
healthCheck.intervalSeconds = 10
healthCheck.maxFailed = 3
healthCheck.timeoutSeconds = 3

[[proxies]]
name = "web02"
type = "https"
localIP = "127.0.0.1"
localPort = 8000
subdomain = "web02"
customDomains = ["web02.yourdomain.com"]
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
transport.proxyProtocolVersion = "v2"

[[proxies]]
name = "tcpmuxhttpconnect"
type = "tcpmux"
multiplexer = "httpconnect"
localIP = "127.0.0.1"
localPort = 10701
customDomains = ["tunnel1"]
# routeByHTTPUser = "user1"

[[proxies]]
name = "plugin_unix_domain_socket"
type = "tcp"
remotePort = 6003
# if plugin is defined, localIP and localPort is useless
# plugin will handle connections got from frps
[proxies.plugin]
type = "unix_domain_socket"
unixPath = "/var/run/docker.sock"

[[proxies]]
name = "plugin_http_proxy"
type = "tcp"
remotePort = 6004
[proxies.plugin]
type = "http_proxy"
httpUser = "abc"
httpPassword = "abc"

[[proxies]]
name = "plugin_socks5"
type = "tcp"
remotePort = 6005
[proxies.plugin]
type = "socks5"
username = "abc"
password = "abc"

[[proxies]]
name = "plugin_static_file"
type = "tcp"
remotePort = 6006
[proxies.plugin]
type = "static_file"
localPath = "/var/www/blog"
stripPrefix = "static"
httpUser = "abc"
httpPassword = "abc"

[[proxies]]
name = "plugin_https2http"
type = "https"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "https2http"
localAddr = "127.0.0.1:80"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"

[[proxies]]
name = "plugin_https2https"
type = "https"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "https2https"
localAddr = "127.0.0.1:443"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"

[[proxies]]
name = "plugin_http2https"
type = "http"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "http2https"
localAddr = "127.0.0.1:443"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"

[[proxies]]
name = "secret_tcp"
# If the type is secret tcp, remotePort is useless
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
type = "stcp"
# secretKey is used for authentication for visitors
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
# If not empty, only visitors from specified users can connect.
# Otherwise, visitors from same user can connect. '*' means allow all users.
allowUsers = ["*"]

[[proxies]]
name = "p2p_tcp"
type = "xtcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
# If not empty, only visitors from specified users can connect.
# Otherwise, visitors from same user can connect. '*' means allow all users.
allowUsers = ["user1", "user2"]

# frpc role visitor -> frps -> frpc role server
[[visitors]]
name = "secret_tcp_visitor"
type = "stcp"
# the server name you want to visitor
serverName = "secret_tcp"
secretKey = "abcdefg"
# connect this address to visitor stcp server
bindAddr = "127.0.0.1"
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
# other visitors. (This is not supported for SUDP now)
bindPort = 9000

[[visitors]]
name = "p2p_tcp_visitor"
type = "xtcp"
# if the server user is not set, it defaults to the current user
serverUser = "user1"
serverName = "p2p_tcp"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
# other visitors. (This is not supported for SUDP now)
bindPort = 9001
# when automatic tunnel persistence is required, set it to true
keepTunnelOpen = false
# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour
maxRetriesAnHour = 8
minRetryInterval = 90
# fallbackTo = "stcp_visitor"
# fallbackTimeoutMs = 500

相比老版本，差距还是很大的，如果不需要什么新功能或者懒得折腾，我建议老版本也是一样的。

#emby刮削阿里云盘影视

这几天折腾最多的就是它——emby，这也是受老朱的影响，之前感觉看电影的时间不是很多，也用不着搭建个服务这么麻烦。刚看完了神鬼八阵图，在电脑前看电脑，上厕所、洗澡、烧菜看手机或者平板，每次切换好麻烦，于是就想搭建个emby，这样各种设备就可以无缝衔接了。

影视资源阿里云盘用的多，有人说百度网盘也不少，它那速度我早放弃了，你有会员你牛逼。阿里云盘看个1080P电影还是很流畅的。所以我想法是这样的：将阿里云盘通过webdav挂载到Linux服务器上，emby直接加wendav里的资源就可以了。以前用的nas，docker，很简单，鼠标点点就可以了。如今要在Linux服务器上实现，基本上全是命令符了。现在Linux用的是Debian。因为它对lnmp最友好，系统也比较省资源。

##挂载webdav

挂载webdav我用rclone，这个应该是最简单方便的把（系统自带的mount.davfs也可以挂载，只是emby不能访问）。安装一条命令：

curl https://rclone.org/install.sh | sudo bash

配置用rclone config命令，主要就是name、url、user、password填好即可，一步步来就可以了。

最后关键是挂载阿里云盘的命令。

rclone mount 远程名称:/ 本地挂载路径 --cache-dir /tmp --allow-other --vfs-cache-mode writes --header "Referer:https://www.aliyundrive.com/drive"

譬如：

rclone mount alist:/ /mnt/alist --cache-dir /tmp --allow-other --vfs-cache-mode writes --header "Referer:https://www.aliyundrive.com/drive"

没错，远程名称就是rclone config配置的name，本地挂载路径随你自己选择，不过事先建好文件夹即可。

然后来个开机自启。

#将加粗的部分改成你的，然后整段代码扔进ssh里，回车；
command="mount alist:/ /home/alist --cache-dir /tmp --allow-other --vfs-cache-mode writes --header "Referer:https://www.aliyundrive.com/drive""
cat > /etc/systemd/system/rclone.service <<EOF
[Unit]
Description=Rclone
After=network-online.target

[Service]
Type=simple
ExecStart=$(command -v rclone) ${command}
Restart=on-abort
User=root

[Install]
WantedBy=default.target
EOF

webdav最简单的搭建就是alist了，它既能添加绝大部分网盘资源，又能自动搭建webdav服务，确实是我见过最强大的网盘整合工具了。听说天翼网盘和中国移动网盘都是不限速的，做电影盘最好了。

##安装emby

emby官网下载对应的Debian安装包.deb，然后使用一条命令安装成功：

dpkg -i emby-server-deb_4.7.14.0_amd64.deb

然后你就可以通过IP:8096访问到emby了。

##刮削阿里云影视资源

刮削这个活真不好做，我是折腾了好几天都没刮干净。你也可以搜索现成刮削好的网盘资源。刮削最关键的一步就是整理好资源的格式。iOS系统有一款软件叫VidHub，目前免费，干净无广告，可以连接阿里云盘，直接刮削阿里云盘的影视，只是刮削的数据只在播放器里使用。我最欣赏的是它对文件命名规则的整理。

VidHub媒体库文件命名规则

1 - 电影文件名以影片的完整名字开头(中英文均可)，后面带上其他相关的文件信息。
​ The.Irishman.爱尔兰人.2019.1080p.x264.mp4
2 - 电视剧分集文件名以剧名开头(同一部剧所有分集文件开头的剧名保持一致，中英文均可)，后面必须跟上季和集的信息(S01E01/第一季第一集)。
​ Shameless.无耻之徒.S01E01.1080p.AMZN.WEB-DL.mkv
​ Shameless.无耻之徒.S03E03.720p.AMZN.WEB-DL.mkv
补充：因为emby的规则电视剧文件夹的结构是这样的：
神鬼八阵图(2006) \ Season 1 \ 神鬼八阵图.S01E01.1080p.AVC1.AC.mp4
3 - 电视剧花絮、特别篇文件名以剧名开头，后面的季数信息必须设置为0，并指定集数(S00E01)。
​ Shameless.无耻之徒.S00E01.Sneak Peek.1080p.AMZN.mkv

老朱介绍了一款TMM——tinyMediaManager软件，4.x版本不建议用，有限制收费。不过破解论坛里有不限制版本，我用过，不知道是不是姿势不对，看不到刮削的状态，看着干着急就放弃了。软件不错，只是资源不好弄，themoviedb资源时好时坏，不好刮削。需要的朋友可以看看他的方法。

##介绍两个好东西

IPTV直播源：https://live.fanmingming.com/

阿里云网盘搜索工具：https://www.upyunso.com

好了，这几天折腾的东西都整理好了，满满的干货有没有。

我的环境还是那样——通过FRP内网穿透本地lnmp环境。如果是这种情况的话，这应该是最简单实现真实IP的方法——proxy_protocol协议。最先了解的就是这个，可一直没搞明白，搁置了。今天终于搞明白了。

proxy_protocol协议是什么？网上一大堆了，我折腾这么多年，搜了好几个搜索引擎的资料，看最多的就是proxy_protocol的介绍。具体是什么呢？我也不大清楚，反正他能让后端获取客户端的网络信息，也就是IP地址以及TCP端口。它有两种格式——v1和v2，当然现在用的最多的是v2了。

而FRP用proxy_protocol最简单，在穿透的隧道后面加上“proxy_protocol_version = v2”即可。譬如：

[liuyuanlin_https]
# 配置 http 访问
type = https
# 本地 Web 服务的端口（与前面的配置一样，都对应同一个 Web 服务）
local_port = 443
# 需要反向代理的域名（当访客通过此域名访问 A 机器时，才会将请求反向代理到此 Web 服务）
custom_domains = liuyuanlin.com, www.liuyuanlin.com
use_encryption=true
use_compression=true
proxy_protocol_version = v2

注意的是，不要再加https2http、https2https这类插件了，因为这类插件就好比nginx的反向代理，会出现502错误。此时你打开网站会出现“ERR SSL PROTOCOL ERROR”的错误，这说明此站流量在走proxy_protocol协议。是正常的。

然后我们配置后端nginx：

server{

	......
	#listen 端口后面加上proxy_protocol字段，开启Proxy Protocol协议
	listen 12443 ssl http2 proxy_protocol;
	listen [::]:12443 ssl http2 proxy_protocol;
	......

	#proxy_protocol协议头部真实IP
	real_ip_header proxy_protocol;
	real_ip_recursive on;
	set_real_ip_from 127.0.0.1;
	set_real_ip_from 内网IP，公网IP;
	#需要排除的IP，如果你有CDN，可以再加
	...

	#SSL ON
	此处为SSL证书信息，必须得有;
	#SSL END

}

然后重启nginx和frpc服务，搞定！这样默认的REMOTE_ADDR记录的就是客户端的IP了。也不用在wp-config.php多余的配置了。你可以将下面代码保存为.php文件，来测试客户端IP。

<?php
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];             // 客户端与服务器握手IP，如果使用代理则会获取到代理IP
$HTTP_CLIENT_IP = $_SERVER['HTTP_CLIENT_IP'];          // 代理服务器发送的HTTP头（可伪造）
$HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];    // 用户是在哪个IP使用的代理（可伪造）
$X_Real_IP = $_SERVER['X-Real-IP'];

echo 'REMOTE_ADDR'.$REMOTE_ADDR.'<br/>';
echo 'HTTP_CLIENT_IP'.$HTTP_CLIENT_IP.'<br/>';
echo 'HTTP_X_FORWARDED_FOR'.$HTTP_X_FORWARDED_FOR.'<br/>';
echo 'X_Real_IP'.$X_Real_IP.'<br/>';
?>

总之呢，现在你不用花昂贵的价钱买阿里云、腾讯云、天翼云、京东云服务器了，只需要花十分之一的价钱买FRP服务或者免费的FRP服务就可以穿透自己本地搭建的网站了。

在此，感谢FRP、老朱、alain lam、军哥LNMP以及网络肯分享技术的大佬们！希望此文可以帮助曾经跟我一样糊涂的童鞋们。

好在我留了个心眼，先备份了服务器里所有的网站。备份到群晖里速度还是可以的，全程大概16分钟，8G数据。而恢复到新安装的服务器里，时间有点长，单单从群晖ftp到服务器里的数据就花了1个多小时了。

今天找了款能试用一个月的VPS——京东云，从网上找了相关资料，终于搞定了内网穿透+反向代理+HSTS+HTTP/2+真实IP。

首先思路是这样的：frps（服务端）所在的服务器是公网服务器，frpc（客户端）所在的服务器是本地内网服务器，内网服务器安装lnmp和WordPress博客，公网服务器只需要安装nginx，用来做反向代理。我们通过“https//域名”访问公网服务器默认端口443，其所在nginx反向代理到frps的vhost_http_port非80端口，而frps连接到frpc服务器的http服务。

其次再说说具体配置，frp的相关配置可以参考我曾经的两篇文章：记录FRP+NGINX内网穿透和FRP内网穿透·续，或者参考官网配置文件frps_full.ini和frpc_full.ini，这个比较完整。

然后是nginx反向代理配置：

    server {
        listen 443 ssl http2;
        server_name  hjyl.org;
        ssl_certificate "vhost/hjyl.org.crt";
        ssl_certificate_key "vhost/hjyl.org.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1.2 TLSv1.3; 
        #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
	#开启 HSTS，并设置有效期为“31536000 秒”（一年），包括子域名(根据情况可删掉)，预加载到浏览器缓存(根据情况可删掉)

        location / {
            proxy_pass  http://hjyl.org:9527;
            # 反向代理到vhost_http_port端口
            proxy_redirect default;
            # 保证获取到真实IP
            proxy_set_header X-Real-IP $remote_addr;
            # 真实端口号
            proxy_set_header X-Real-Port $remote_port;
            # X-Forwarded-For 是一个 HTTP 扩展头部。
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # 在多级代理的情况下，记录每次代理之前的客户端真实ip 
            proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
            # 获取到真实协议
            proxy_set_header X-Forwarded-Proto $scheme;
            # 真实主机名
            proxy_set_header Host $host;
            # 设置变量
            proxy_set_header X-NginX-Proxy true; 
        }
}

最后重点来了，上面这样如果内网穿透的链接打开正常，你通过“https://域名”可以打开WordPress博客，但是样式表却丢失了，打开源代码，你可以看到WordPress的网址是“http://域名”，主要是WordPress跟其他网站不同，它后台是绑定网址的，使用的是绝对路径。此时我们需要在wp-config.php里加入以下代码（此代码由ChenJieHua分享）：

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
	$_SERVER['HTTPS'] = 'on';
} 

2024.07.18更新：如果上面这段代码不管用，可以直接用下面这个代码：

$_SERVER["HTTPS"] = "on";

（此代码由tlanyan分享）不知道是不是版本升级的原因，之前上述代码是正常的。

这样你再打开网址就正常了。

但是此时你的评论上IP还不是客户的真实IP，虽然我们再nginx里配置了，我们还需要在WordPress里配置一下，同样在wp-config.php加入以下代码（此代码由JUST FOR FUN分享）：

  if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	$list = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
	$_SERVER['REMOTE_ADDR'] = $list[0];
  }

或者

if( !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ) {
$get_HTTP_X_FORWARDED_FOR = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$_SERVER['REMOTE_ADDR'] = trim($get_HTTP_X_FORWARDED_FOR[0]);
}

到此，效果就出来了！不过我觉得这种还是太复杂了。如果直接frp里设置出nginx反向代理的效果就好了，毕竟frp本身也是一直反向代理嘛！

首先，外网服务器无需架设nginx服务，只要有个正常的系统即可，我推荐Linux服务器，安全稳定设置简单，所以说外网服务器除了带宽要求，配置不需要很好了。

上传frps及其配置文件frps.ini服务端，配置如下：

[common]
bind_port = 7000
token = 123456
#这两个端口直接设置80和443
vhost_http_port = 80
vhost_https_port = 443

#以下配置可以有也可以没有，根据需要
dashboard_addr = 0.0.0.0
dashboard_port = 7500
# dashboard user and passwd for basic auth protect
dashboard_user = admin
dashboard_pwd = admin
# enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api.
enable_prometheus = true
# console or real logFile path like ./frps.log
log_file = ./frps.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3

启动frps服务。

其次，内网服务器正常架设网站服务，本人推荐lnmp，非常了不起的快速搭建网站环境。然后上传frpc及其frpc.ini内网穿透客户端，配置如下：

[common]
# 这里填写 A 机器的 IP 或者域名
server_addr = X.X.X.X
# 填写 A 机器开放的 frp 服务端口，也就是 frps.ini 配置文件中 bind_port 的值
server_port = 7000
token = 123456

[hjyl_http]
# 依然支持 http 访问
type = http
# 本地 Web 服务的端口
local_port = 180
# 需要反向代理的域名（当访客通过此域名访问 A 机器时，才会将请求反向代理到此 Web 服务）
custom_domains = hjyl.org

[hjyl_https]
# 配置 https 访问
type = https
# 本地 Web 服务的端口（与前面的配置一样，都对应同一个 Web 服务）
local_port = 1443
# 需要反向代理的域名（当访客通过此域名访问 A 机器时，才会将请求反向代理到此 Web 服务）
custom_domains = hjyl.org

# 接下来的配置是支持 https 的重点配置
# 配置插件，将 https 请求转换成 http 请求后再发送给本地 Web 服务程序
plugin = https2https
# 转换成 http 后，发送到本机的 9999端口
plugin_local_addr = 127.0.0.1:1443
# 这个头部信息我改成你映射的域名，这样feed就不会转到127.0.0.1本地网站了
plugin_host_header_rewrite = hjyl.org
# 指定代理方式为 frp
plugin_header_X-From-Where = frp
# 指定成你在前面部分导出的证书的路径
plugin_crt_path = /wwwroot/keys/hjyl.org.crt
plugin_key_path = /wwwroot/keys/hjyl.org.key

启动frpc服务。

到此基本上99%内网直接穿透到外网了。

但是还有几个问题，譬如，你会发现你评论上显示的IP地址全都是127.0.0.1，而不是客户真是地址，为什么呢？原因一直找不到，求大神指点！其次，那个微博同步插件失效了，我测试过，貌似不是PHP版本的问题，可能与之有关。

就是这样如此简单的想法需要花费很多钱、技术和时间。其实现在的网站搭建已经是很简单了，空间+域名搞定！可因为电信网络的问题，我们的宽带不能直接被外网访问，而且更可恶的是还封闭了我们的80端口和443端口。所以即便我们的网络被外网访问，也不能直接访问，还得加个端口。这样多难看啊！曾几何时，尝试了多少次，如今才勉强搞定一个站点。

如今在网络上说到内网穿透，frp成了代名词。也确实，frp做内网穿透确实很专业。可惜官网的配置我就是看不懂，一定是的技术不专业！查了很多资料，慢慢尝试才搞定了，这种心情很难用言语形容的。

好了，现在说说我咋做到的！

首先，我们需要几个条件：域名（liuyuanlin.com）、服务器（可以支持Nginx反向代理，所以vps这种最好了，空间应该不行吧）、本地架设服务器（这个简单，很多软件都可以做到）、frp软件（免费开源的，放心使用，frp内网穿透官网）。

其次，配置服务端。
服务端是外网服务器，也就是可以直接被外网访问的vps。
在frp软件里，frps是服务端，frps.ini是配置文件，我们只需要编辑这个文件即可。

[common]
bind_port = 7000 #监听服务端端口，这个必须要和客户端配置里的server_port端口一致
token = 123456 #token验证，这个必须是和客户端一致
vhost_http_port = 8080 #这个是监听http的端口，下面需要设置的端口跟这个一样
vhost_https_port = 9999 #这个是监听https的端口，下面需要设置的端口跟这个一样
log_file = ./frps.log #这个是错误日志的存储位置
log_level = info #这个是显示错误日志的类型，trace, debug, info, warn, error这几个可以选一个
log_max_days = 7 #这个顾名思义，存储日志最长天数

vps我用的是阿里云ecs，缺点是需要备案，如果你用国外的或者香港的，那就不需要备案了。为了不影响其他站点，我装了lnmp，这样添加一个主机空间，修改对应的.conf配置也就不影响了。

server {
listen 80;
listen 443 ssl;
server_name liuyuanlin.com www.liuyuanlin.com;
root /wwwroot/liuyuanlin.com;
index index.html index.htm index.php default.html default.htm default.php;
ssl_certificate /wwwroot/keys/liuyuanlin.com.crt; #如果证书和此配置文件不在同一目录，需写上路径，例如/home/wwwroot/ssl.pem
ssl_certificate_key /wwwroot/keys/liuyuanlin.com.key; #同上
ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://127.0.0.1:8080; #这个端口很重要，填写frps配置文件里的vhost_http_port端口
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_read_timeout 240s;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

这个反向代理配置很关键，道理就是要将我们监听的8080端口，也就是本地服务器的8080端口映射到外网的80端口，这样就不用再域名后面加端口那么难看了。
lnmp restart重启lnmp，./frps -c ./frps.ini 启动服务端。

第三，配置客户端。
客户端就是我们的本地服务器，不能被外网访问的可怜的服务器。如果你的内网有公网动态或者静态IP，那就不需要内网穿透了。
在frp软件里frpc是内网客户端软件，frpc.ini是配置文件，编辑此文件：

[common]
# 这里填写 服务端 机器的 IP 或者域名
server_addr = X.X.X.X
# 填写 服务端 机器开放的 frp 服务端口，也就是 frps.ini 配置文件中 bind_port 的值
server_port = 7000
token = 123456

[liuyuanlin_http]
# 依然支持 http 访问
type = http
# 本地 Web 服务的端口
local_port = 8080
# 需要反向代理的域名（当访客通过此域名访问 A 机器时，才会将请求反向代理到此 Web 服务）
custom_domains = liuyuanlin.com, www.liuyuanlin.com

[liuyuanlin_https]
# 配置 https 访问
type = https
# 本地 Web 服务的端口（与前面的配置一样，都对应同一个 Web 服务）
local_port = 9999
# 需要反向代理的域名（当访客通过此域名访问 A 机器时，才会将请求反向代理到此 Web 服务）
custom_domains = liuyuanlin.com, www.liuyuanlin.com

# 接下来的配置是支持 https 的重点配置
# 配置插件，将 https 请求转换成 http 请求后再发送给本地 Web 服务程序
plugin = https2http
# 转换成 http 后，发送到本机的 9999端口
plugin_local_addr = 127.0.0.1:9999
# 可能是 frp 的 Bug？这里必须写成 127.0.0.1，稍后解释
plugin_host_header_rewrite = 127.0.0.1
# 指定代理方式为 frp
plugin_header_X-From-Where = frp
# 指定成你在前面部分导出的证书的路径
plugin_crt_path = /wwwroot/keys/liuyuanlin.com.crt
plugin_key_path = /wwwroot/keys/liuyuanlin.com.key

而客户端的服务器Nginx不需要怎么配置，只是把端口设置为服务端监听的端口即可。譬如：

server {
listen 8080;
listen 9999 ssl;
............
}

因为我本地架设的服务器也是lnmp，所以直接用lnmp restart重启lnmp即可，./frpc -c ./frpc.ini 启动客户端。
如果需要在后台长期运行，建议结合其他工具使用，例如 systemd 和 supervisor，这个frp软件里都有。

最后，有兴趣的朋友试试吧！这些配置只不过根据网上大神的经验修改而来的，或许代码可以更加精炼。请多多指教！
这样的话，我们服务端的主机就不需要很高的配置了，只要能正常运行Nginx就可以了。所以流量不高的朋友，可以尝试定制vps主机，把带宽设置高一些，访问的速度就快多了。

最最最后，本文介绍的反向代理如果不好弄，本人也放弃了，可以看这篇文章，比较直接！

在网上找到一个方法，本站未测试，但对方测试了，看起来貌似很有用。记录下来或许以后会用到。

第一步：修改服务器中nginx.conf配置文件

在nginx.conf中http{ }里添加以下参数

server {
listen 80;
server_name xiaoyue.ml www.xiaoyue.ml;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect http://$host/ http://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}

如下图，设置好后保存，重启nginx

第二步：修改frp服务端配置文件

既然反向代理到了8080端口，那么frp服务端的配置文件也需要进行设置

frps.ini配置文件中vhost_http_port = 8080端口

第三步：修改frp客户端配置文件

第一步配置中：server_name xiaoyue.ml www.xiaoyue.ml; 这里填写对应域名。

也支持泛解析，例如：server_name *.xiaoyue.ml;需要域名同时进行泛解析才行。

那么frpc.ini怎么修改呢，很简单

对应穿透服务配置里配置好对应域名，custom_domains = xiaoyue.ml

第四步：

服务器中重启frps，本地电脑中启动frpc，就可以在浏览器中通过80端口直接访问xiaoyue.ml了。

xiaoyue.ml是解析到我的服务器中，而这个网站是搭建在局域网里面我自己的电脑中。

也就是首先保证你电脑上访问127.0.0.1，是有内容的哦。

其实本文核心就一步，那就是将比如你访问xiaoyue.ml(默认情况下，我们访问网站都是80端口)，反向代理到xiaoyue.ml:8080端口而已。

那这样做有什么意义呢，就是想直接通过域名访问，而不是通过域名:端口号访问网站。

此方法由http://blog.hux6.com/archives/326.html分享。