安装Nginx和Certbot

首先在你的阿里云VPS上安装Nginx和Certbot（用于获取Let's Encrypt证书）

# 更新系统
sudo apt update
sudo apt upgrade -y

# 安装Nginx
sudo apt install nginx -y

# 安装Certbot和Nginx插件
sudo apt install certbot python3-certbot-nginx -y

创建nginx配置文件

进入配置文件

vim /etc/nginx/sites-available/emby.conf

将下面内容对应修改后填写进去

server {
    listen 80;
    server_name [你的域名];


       #关闭nginx缓存，有消息直接发送客户端，适合流媒体
    proxy_buffering off;
    
    location / {
        proxy_pass http://127.0.0.1:8080; #自定义端口，需与frps的vhost_http_port端口一致
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }}

创建符号链接启用该配置

sudo ln -s /etc/nginx/sites-available/emby.conf /etc/nginx/sites-enabled/

使用Certbot获取SSL证书

Certbot会自动修改Nginx配置，添加SSL相关设置并重定向HTTP到HTTPS

sudo certbot --nginx -d [你的域名]

Let's Encrypt证书有效期为90天，设置自动续期

sudo crontab -e

添加以下内容

0 12 * * * /usr/bin/certbot renew --quiet

验证Nginx配置并重启

sudo nginx -t
sudo systemctl restart nginx

Frps服务端配置添加

vhost_http_port 自定义端口，用于转发nginx和frps数据，须与nginx配置文件中的proxy_pass端口保持一致

改完配置记得重启systemctl restart frps

[common]
vhost_http_port = 8080 

Frpc客户端配置调整

改完配置记得重启systemctl restart frpc

[emby_web]
type = http
local_ip = 127.0.0.1
local_port = 8096
custom_domains = [你的域名]

访问逻辑图

至此，群晖内网的相关端口可以关闭转发了

取而代之：访问url为 https://[你的域名] 不需要在后缀增加端口号，https默认端口443

最终完整的nginx配置文件

#强制HTTPS
server {
    listen 80;
    server_name [你的域名];
    return 301 https://$host$request_uri;}

server {
    listen 443 ssl;
    server_name [你的域名];

    # SSL 配置
    ssl_certificate /etc/letsencrypt/live/[你的域名]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[你的域名]/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # 代理配置
    location / {
        proxy_pass http://127.0.0.1:8080[自定义端口，需与frps的vhost_http_port端口一致];
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }}