dtourolle/jellyfin-srfPlay
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 13 Wiki Activity

remove netowkring notes ans script
All checks were successful
🏗️ Build Plugin / build (push) Successful in 2m25s
Details
🧪 Test Plugin / test (push) Successful in 1m8s
Details

Browse Source
This commit is contained in:
Duncan Tourolle 2025-11-14 21:43:43 +01:00
parent 6ed53054c3
commit 87ccf80813
3 changed files with 0 additions and 481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
NETWORK_ROUTING_GUIDE.md
View File

@ -1,227 +0,0 @@
# Network-Level Gateway Routing for SRF Content
This guide explains how to configure network-level routing to direct all SRF-related traffic (including video streams) through your Swiss gateway/proxy at 192.168.1.37.
## Overview
Instead of configuring proxy support at the application level, this approach uses Linux policy-based routing to redirect traffic destined for SRF domains through an alternate gateway. This ensures:
- API requests to `il.srgssr.ch` go through the gateway
- Video stream requests to `srf-vod-amd.akamaized.net` (and other CDNs) go through the gateway
- ffprobe and ffmpeg automatically use the gateway
- No application configuration needed - transparent to Jellyfin
## Prerequisites
- Root access to the Jellyfin server (192.168.1.4)
- Gateway at 192.168.1.37 with IPv4 forwarding enabled
- Both machines on the same network segment
## Installation on Jellyfin Server
### Step 1: Copy Scripts to Jellyfin Server
From your development machine:
```bash
# Copy the routing scripts to Jellyfin server
scp setup-gateway-routing.sh cleanup-gateway-routing.sh user@192.168.1.4:~
```
### Step 2: SSH to Jellyfin Server
```bash
ssh user@192.168.1.4
```
### Step 3: Make Scripts Executable
```bash
chmod +x setup-gateway-routing.sh cleanup-gateway-routing.sh
```
### Step 4: Run Setup Script
```bash
sudo ./setup-gateway-routing.sh
```
When prompted:
- **Gateway IP**: `192.168.1.37`
- **Network interface**: Find your interface name first with `ip -br link show` (common names: `eth0`, `ens18`, `enp0s3`)
The script will:
1. Create a custom routing table named `srf_gateway`
2. Resolve IP addresses for all SRF domains
3. Add routes through your gateway (192.168.1.37)
4. Create routing rules for policy-based routing
5. Set up a systemd service for persistence across reboots
### Step 5: Verify Routing
Check that routes are configured:
```bash
# Show the custom routing table
ip route show table srf_gateway
# Show routing rules
ip rule show | grep srf_gateway
# Test routing for Integration Layer API
ip route get $(dig +short il.srgssr.ch | head -1)
# Test routing for video CDN
ip route get $(dig +short srf-vod-amd.akamaized.net | head -1)
```
### Step 6: Test from Jellyfin Server
Test that the routing is working:
```bash
# Test API access
curl -v "https://il.srgssr.ch/integrationlayer/2.0/mediaComposition/byUrn/urn:srf:video:b84713f0-f81b-460f-9b0f-d0517310fb4f.json" 2>&1 | grep -E "(x-location|HTTP/)"
# Should show: x-location: CH
```
### Step 7: Restart Jellyfin
```bash
sudo systemctl restart jellyfin
```
## What Gets Routed
The following domains are routed through the gateway:
- `il.srgssr.ch` - Integration Layer API (metadata)
- `www.srf.ch` - Main SRF site
- `www.rts.ch` - RTS (Radio Télévision Suisse)
- `www.rsi.ch` - RSI (Radiotelevisione svizzera)
- `www.rtr.ch` - RTR (Radiotelevisiun Svizra Rumantscha)
- `www.swi.ch` - SWI (swissinfo)
- `srf-vod-amd.akamaized.net` - SRF video CDN
- `rts-vod-amd.akamaized.net` - RTS video CDN
- `rsi-vod-amd.akamaized.net` - RSI video CDN
- `play-web.srf.ch` - Play web interface
- `il-stage.srgssr.ch` - Staging environment
## How It Works
1. **DNS Resolution**: Domains are resolved to IP addresses
2. **Routing Table**: A custom routing table (`srf_gateway`) is created with routes through the gateway
3. **Policy Routing**: Rules direct traffic to specific IPs to use the custom routing table
4. **Persistence**: A systemd service ensures routes survive reboots
## Disabling Plugin Proxy Configuration
Once network-level routing is working, you can disable the proxy configuration in the plugin:
1. Go to Jellyfin Dashboard → Plugins → SRF Play
2. Uncheck "Use Proxy"
3. Save configuration
4. Restart Jellyfin
The plugin will use direct HTTP requests, but the network layer will transparently route them through the gateway.
## Troubleshooting
### Routes Not Working
Check if gateway is reachable:
```bash
ping 192.168.1.37
nc -zv 192.168.1.37 3128
```
Check routing table:
```bash
ip route show table srf_gateway
```
### DNS Changes
If SRF changes their IP addresses, you may need to re-run the setup script:
```bash
sudo ./cleanup-gateway-routing.sh
sudo ./setup-gateway-routing.sh
```
### Verify Traffic Path
Use `traceroute` to see the path:
```bash
traceroute $(dig +short il.srgssr.ch | head -1)
# Should show 192.168.1.37 as first hop
```
### Check Systemd Service
```bash
systemctl status srf-gateway-routing.service
journalctl -u srf-gateway-routing.service
```
## Removing the Configuration
To completely remove the routing configuration:
```bash
sudo ./cleanup-gateway-routing.sh
```
This will:
- Remove all routing rules
- Flush the custom routing table
- Disable and remove the systemd service
## Advantages of This Approach
1. **Transparent**: No application changes needed
2. **Complete Coverage**: All network traffic to SRF domains uses gateway
3. **Persistent**: Survives reboots
4. **Centralized**: Managed at network level
5. **Debug-Friendly**: Can verify with standard network tools
## Disadvantages
1. **DNS Changes**: If SRF changes IPs, routing must be updated
2. **New Domains**: New CDN domains require script update
3. **Static IPs Only**: Doesn't work with wildcard domains
## Gateway Configuration
Ensure your gateway (192.168.1.37) has:
1. **IPv4 Forwarding Enabled**:
```bash
# On the gateway (192.168.1.37)
sudo sysctl net.ipv4.ip_forward=1
# Make permanent
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
```
2. **Firewall Rules** (if using iptables):
```bash
# On the gateway (192.168.1.37)
sudo iptables -A FORWARD -s 192.168.1.4 -j ACCEPT
sudo iptables -A FORWARD -d 192.168.1.4 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 192.168.1.4 -o <outbound-interface> -j MASQUERADE
```
3. **Squid Proxy** (if using proxy mode):
- Already configured and accessible at port 3128
- Note: With network-level routing, traffic goes through the gateway's routing, not necessarily the Squid proxy
## Testing Complete Data Chain
After setup, test the complete flow:
1. **Metadata API**: Browse shows in Jellyfin - should work
2. **Video Playback**: Try playing a video - should work
3. **Thumbnails**: Images should load
All traffic should be routed through 192.168.1.37, giving you the Swiss location needed to access geo-blocked content.

197
PROXY_SETUP_GUIDE.md
View File

@ -1,197 +0,0 @@
# Proxy Configuration Guide for SRF Play Plugin
This guide explains how to configure the Jellyfin SRF Play plugin to route all API traffic through a proxy or alternate gateway.
## Overview
The SRF Play plugin now supports proxy configuration directly in the plugin settings. This allows you to:
- Route traffic through a specific gateway or proxy server
- Use authentication if your proxy requires it
- Bypass geo-restrictions or network policies
- Route only SRF-related traffic without affecting other Jellyfin operations
## Supported Proxy Types
The plugin supports:
- **HTTP proxies**: `http://proxy.example.com:8080`
- **HTTPS proxies**: `https://proxy.example.com:8443`
- **SOCKS5 proxies**: `socks5://proxy.example.com:1080`
## Configuration Steps
### 1. Access Plugin Settings
1. Open Jellyfin Dashboard
2. Navigate to **Dashboard → Plugins → SRF Play**
3. Scroll down to the **Proxy Settings** section
### 2. Configure Proxy
Fill in the following fields:
#### Use Proxy
- **Enable this checkbox** to route all SRF API requests through the proxy
#### Proxy Address
- Enter your proxy server address with protocol and port
- Examples:
- `http://192.168.1.100:8080`
- `http://proxy.example.com:3128`
- `socks5://127.0.0.1:1080`
#### Proxy Username (Optional)
- Enter username if your proxy requires authentication
- Leave empty if no authentication is needed
#### Proxy Password (Optional)
- Enter password if your proxy requires authentication
- Leave empty if no authentication is needed
### 3. Save Configuration
1. Click **Save** button
2. Restart Jellyfin to apply changes (recommended)
## Examples
### Example 1: Simple HTTP Proxy (No Authentication)
```
Use Proxy: ✓ Enabled
Proxy Address: http://192.168.1.1:8080
Proxy Username: (empty)
Proxy Password: (empty)
```
### Example 2: Authenticated HTTP Proxy
```
Use Proxy: ✓ Enabled
Proxy Address: http://proxy.company.com:3128
Proxy Username: myusername
Proxy Password: mypassword
```
### Example 3: SOCKS5 Proxy
```
Use Proxy: ✓ Enabled
Proxy Address: socks5://127.0.0.1:1080
Proxy Username: (empty)
Proxy Password: (empty)
```
## Setting Up a Transparent Proxy Gateway on Ubuntu
If you want to create your own transparent proxy gateway on Ubuntu, here are some options:
### Option A: Squid Proxy
Install and configure Squid as a transparent proxy:
```bash
# Install Squid
sudo apt update
sudo apt install squid
# Edit configuration
sudo nano /etc/squid/squid.conf
# Add these lines:
http_port 3128
acl localnet src 192.168.1.0/24
http_access allow localnet
# Restart Squid
sudo systemctl restart squid
```
Then in plugin settings:
```
Proxy Address: http://192.168.1.1:3128
```
### Option B: SSH Tunnel (SOCKS5)
Create a SOCKS5 proxy through SSH:
```bash
# On your local machine
ssh -D 1080 -N user@remote-gateway-server
```
Then in plugin settings:
```
Proxy Address: socks5://127.0.0.1:1080
```
### Option C: Dante SOCKS Server
Install Dante for a dedicated SOCKS5 server:
```bash
sudo apt install dante-server
# Configure in /etc/danted.conf
sudo systemctl restart danted
```
## Troubleshooting
### Plugin Not Connecting Through Proxy
1. **Check proxy address format**: Ensure it includes the protocol (http://, socks5://, etc.)
2. **Verify proxy is running**: Test connectivity to the proxy from your Jellyfin server
3. **Check Jellyfin logs**: Look for proxy-related errors in Dashboard → Logs
4. **Firewall rules**: Ensure your firewall allows outbound connections to the proxy
### Authentication Errors
1. Verify username and password are correct
2. Check if your proxy requires domain authentication (DOMAIN\\username)
3. Some proxies may require specific authentication methods not supported by .NET HttpClient
### DNS Resolution
- The plugin resolves domain names before sending requests through the proxy
- If you need DNS resolution through the proxy, you may need to use a VPN or network-level routing instead
## Affected Domains
When proxy is enabled, all requests to these domains will be routed through the proxy:
- `il.srgssr.ch` - SRF Integration Layer API
- `www.srf.ch` - SRF Play v3 API (German)
- `www.rts.ch` - RTS Play v3 API (French)
- `www.rsi.ch` - RSI Play v3 API (Italian)
- `www.rtr.ch` - RTR Play v3 API (Romansh)
- `www.swi.ch` - SWI Play v3 API (International)
## Viewing Logs
To verify the proxy is being used:
1. Go to **Dashboard → Logs**
2. Look for entries containing "Proxy configured"
3. Example log entry:
```
Proxy configured: http://192.168.1.1:8080 (Authentication: False)
```
## Security Notes
- Proxy credentials are stored in Jellyfin's plugin configuration
- Use HTTPS for the proxy connection when possible to encrypt traffic
- Consider using a VPN for more secure routing if dealing with sensitive content
- Regularly update your proxy server and Jellyfin to patch security vulnerabilities
## Alternative: Network-Level Routing
If you prefer network-level routing instead of application proxy, see the `setup-srf-routing.sh` script for IP-based routing tables (requires root access and is more complex).
## Support
If you encounter issues:
1. Check Jellyfin logs for detailed error messages
2. Verify proxy connectivity with `curl --proxy http://proxy:port https://il.srgssr.ch`
3. Open an issue on the GitHub repository with logs and configuration details

57
deploy-to-jellyfin.sh
View File

@ -1,57 +0,0 @@
#!/bin/bash
# Deploy SRF Play plugin to Jellyfin server
set -e
# Configuration
JELLYFIN_SERVER="192.168.1.4"
JELLYFIN_USER="dtourolle" # Change this to your SSH user
DLL_PATH="Jellyfin.Plugin.SRFPlay/bin/Release/net8.0/Jellyfin.Plugin.SRFPlay.dll"
# Colors
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
echo -e "${GREEN}=== Deploying SRF Play Plugin ===${NC}\n"
# Check if DLL exists
if [ ! -f "$DLL_PATH" ]; then
echo "Error: DLL not found. Building..."
dotnet build Jellyfin.Plugin.SRFPlay/Jellyfin.Plugin.SRFPlay.csproj -c Release
fi
echo "Step 1: Copying DLL to Jellyfin server..."
scp "$DLL_PATH" "${JELLYFIN_USER}@${JELLYFIN_SERVER}:~/"
echo -e "\nStep 2: Installing DLL on Jellyfin server..."
ssh "${JELLYFIN_USER}@${JELLYFIN_SERVER}" << 'ENDSSH'
echo "Stopping Jellyfin..."
sudo systemctl stop jellyfin
echo "Backing up old DLL..."
sudo cp /var/lib/jellyfin/plugins/SRF/Jellyfin.Plugin.SRFPlay.dll \
/var/lib/jellyfin/plugins/SRF/Jellyfin.Plugin.SRFPlay.dll.backup || true
echo "Installing new DLL..."
sudo cp ~/Jellyfin.Plugin.SRFPlay.dll /var/lib/jellyfin/plugins/SRF/
sudo chown jellyfin:jellyfin /var/lib/jellyfin/plugins/SRF/Jellyfin.Plugin.SRFPlay.dll
echo "Starting Jellyfin..."
sudo systemctl start jellyfin
echo "Waiting for Jellyfin to start..."
sleep 5
echo "Checking Jellyfin status..."
sudo systemctl status jellyfin --no-pager -l | head -20
ENDSSH
echo -e "\n${GREEN}✓ Deployment complete!${NC}"
echo -e "\n${YELLOW}Next steps:${NC}"
echo "1. Test video playback - GUID errors should be fixed"
echo "2. If videos still don't play due to geo-blocking, run network routing setup:"
echo " scp setup-gateway-routing.sh cleanup-gateway-routing.sh ${JELLYFIN_USER}@${JELLYFIN_SERVER}:~"
echo " ssh ${JELLYFIN_USER}@${JELLYFIN_SERVER}"
echo " chmod +x setup-gateway-routing.sh"
echo " sudo ./setup-gateway-routing.sh"