From 87ccf80813cd1f3b8494c0d1c1406dc6f8d814da Mon Sep 17 00:00:00 2001 From: Duncan Tourolle Date: Fri, 14 Nov 2025 21:43:43 +0100 Subject: [PATCH] remove netowkring notes ans script --- NETWORK_ROUTING_GUIDE.md | 227 --------------------------------------- PROXY_SETUP_GUIDE.md | 197 --------------------------------- deploy-to-jellyfin.sh | 57 ---------- 3 files changed, 481 deletions(-) delete mode 100644 NETWORK_ROUTING_GUIDE.md delete mode 100644 PROXY_SETUP_GUIDE.md delete mode 100755 deploy-to-jellyfin.sh diff --git a/NETWORK_ROUTING_GUIDE.md b/NETWORK_ROUTING_GUIDE.md deleted file mode 100644 index 85ae8ad..0000000 --- a/NETWORK_ROUTING_GUIDE.md +++ /dev/null @@ -1,227 +0,0 @@ -# Network-Level Gateway Routing for SRF Content - -This guide explains how to configure network-level routing to direct all SRF-related traffic (including video streams) through your Swiss gateway/proxy at 192.168.1.37. - -## Overview - -Instead of configuring proxy support at the application level, this approach uses Linux policy-based routing to redirect traffic destined for SRF domains through an alternate gateway. This ensures: - -- API requests to `il.srgssr.ch` go through the gateway -- Video stream requests to `srf-vod-amd.akamaized.net` (and other CDNs) go through the gateway -- ffprobe and ffmpeg automatically use the gateway -- No application configuration needed - transparent to Jellyfin - -## Prerequisites - -- Root access to the Jellyfin server (192.168.1.4) -- Gateway at 192.168.1.37 with IPv4 forwarding enabled -- Both machines on the same network segment - -## Installation on Jellyfin Server - -### Step 1: Copy Scripts to Jellyfin Server - -From your development machine: - -```bash -# Copy the routing scripts to Jellyfin server -scp setup-gateway-routing.sh cleanup-gateway-routing.sh user@192.168.1.4:~ -``` - -### Step 2: SSH to Jellyfin Server - -```bash -ssh user@192.168.1.4 -``` - -### Step 3: Make Scripts Executable - -```bash -chmod +x setup-gateway-routing.sh cleanup-gateway-routing.sh -``` - -### Step 4: Run Setup Script - -```bash -sudo ./setup-gateway-routing.sh -``` - -When prompted: -- **Gateway IP**: `192.168.1.37` -- **Network interface**: Find your interface name first with `ip -br link show` (common names: `eth0`, `ens18`, `enp0s3`) - -The script will: -1. Create a custom routing table named `srf_gateway` -2. Resolve IP addresses for all SRF domains -3. Add routes through your gateway (192.168.1.37) -4. Create routing rules for policy-based routing -5. Set up a systemd service for persistence across reboots - -### Step 5: Verify Routing - -Check that routes are configured: - -```bash -# Show the custom routing table -ip route show table srf_gateway - -# Show routing rules -ip rule show | grep srf_gateway - -# Test routing for Integration Layer API -ip route get $(dig +short il.srgssr.ch | head -1) - -# Test routing for video CDN -ip route get $(dig +short srf-vod-amd.akamaized.net | head -1) -``` - -### Step 6: Test from Jellyfin Server - -Test that the routing is working: - -```bash -# Test API access -curl -v "https://il.srgssr.ch/integrationlayer/2.0/mediaComposition/byUrn/urn:srf:video:b84713f0-f81b-460f-9b0f-d0517310fb4f.json" 2>&1 | grep -E "(x-location|HTTP/)" - -# Should show: x-location: CH -``` - -### Step 7: Restart Jellyfin - -```bash -sudo systemctl restart jellyfin -``` - -## What Gets Routed - -The following domains are routed through the gateway: - -- `il.srgssr.ch` - Integration Layer API (metadata) -- `www.srf.ch` - Main SRF site -- `www.rts.ch` - RTS (Radio Télévision Suisse) -- `www.rsi.ch` - RSI (Radiotelevisione svizzera) -- `www.rtr.ch` - RTR (Radiotelevisiun Svizra Rumantscha) -- `www.swi.ch` - SWI (swissinfo) -- `srf-vod-amd.akamaized.net` - SRF video CDN -- `rts-vod-amd.akamaized.net` - RTS video CDN -- `rsi-vod-amd.akamaized.net` - RSI video CDN -- `play-web.srf.ch` - Play web interface -- `il-stage.srgssr.ch` - Staging environment - -## How It Works - -1. **DNS Resolution**: Domains are resolved to IP addresses -2. **Routing Table**: A custom routing table (`srf_gateway`) is created with routes through the gateway -3. **Policy Routing**: Rules direct traffic to specific IPs to use the custom routing table -4. **Persistence**: A systemd service ensures routes survive reboots - -## Disabling Plugin Proxy Configuration - -Once network-level routing is working, you can disable the proxy configuration in the plugin: - -1. Go to Jellyfin Dashboard → Plugins → SRF Play -2. Uncheck "Use Proxy" -3. Save configuration -4. Restart Jellyfin - -The plugin will use direct HTTP requests, but the network layer will transparently route them through the gateway. - -## Troubleshooting - -### Routes Not Working - -Check if gateway is reachable: -```bash -ping 192.168.1.37 -nc -zv 192.168.1.37 3128 -``` - -Check routing table: -```bash -ip route show table srf_gateway -``` - -### DNS Changes - -If SRF changes their IP addresses, you may need to re-run the setup script: -```bash -sudo ./cleanup-gateway-routing.sh -sudo ./setup-gateway-routing.sh -``` - -### Verify Traffic Path - -Use `traceroute` to see the path: -```bash -traceroute $(dig +short il.srgssr.ch | head -1) -# Should show 192.168.1.37 as first hop -``` - -### Check Systemd Service - -```bash -systemctl status srf-gateway-routing.service -journalctl -u srf-gateway-routing.service -``` - -## Removing the Configuration - -To completely remove the routing configuration: - -```bash -sudo ./cleanup-gateway-routing.sh -``` - -This will: -- Remove all routing rules -- Flush the custom routing table -- Disable and remove the systemd service - -## Advantages of This Approach - -1. **Transparent**: No application changes needed -2. **Complete Coverage**: All network traffic to SRF domains uses gateway -3. **Persistent**: Survives reboots -4. **Centralized**: Managed at network level -5. **Debug-Friendly**: Can verify with standard network tools - -## Disadvantages - -1. **DNS Changes**: If SRF changes IPs, routing must be updated -2. **New Domains**: New CDN domains require script update -3. **Static IPs Only**: Doesn't work with wildcard domains - -## Gateway Configuration - -Ensure your gateway (192.168.1.37) has: - -1. **IPv4 Forwarding Enabled**: - ```bash - # On the gateway (192.168.1.37) - sudo sysctl net.ipv4.ip_forward=1 - - # Make permanent - echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf - ``` - -2. **Firewall Rules** (if using iptables): - ```bash - # On the gateway (192.168.1.37) - sudo iptables -A FORWARD -s 192.168.1.4 -j ACCEPT - sudo iptables -A FORWARD -d 192.168.1.4 -m state --state RELATED,ESTABLISHED -j ACCEPT - sudo iptables -t nat -A POSTROUTING -s 192.168.1.4 -o -j MASQUERADE - ``` - -3. **Squid Proxy** (if using proxy mode): - - Already configured and accessible at port 3128 - - Note: With network-level routing, traffic goes through the gateway's routing, not necessarily the Squid proxy - -## Testing Complete Data Chain - -After setup, test the complete flow: - -1. **Metadata API**: Browse shows in Jellyfin - should work -2. **Video Playback**: Try playing a video - should work -3. **Thumbnails**: Images should load - -All traffic should be routed through 192.168.1.37, giving you the Swiss location needed to access geo-blocked content. diff --git a/PROXY_SETUP_GUIDE.md b/PROXY_SETUP_GUIDE.md deleted file mode 100644 index a8fb080..0000000 --- a/PROXY_SETUP_GUIDE.md +++ /dev/null @@ -1,197 +0,0 @@ -# Proxy Configuration Guide for SRF Play Plugin - -This guide explains how to configure the Jellyfin SRF Play plugin to route all API traffic through a proxy or alternate gateway. - -## Overview - -The SRF Play plugin now supports proxy configuration directly in the plugin settings. This allows you to: -- Route traffic through a specific gateway or proxy server -- Use authentication if your proxy requires it -- Bypass geo-restrictions or network policies -- Route only SRF-related traffic without affecting other Jellyfin operations - -## Supported Proxy Types - -The plugin supports: -- **HTTP proxies**: `http://proxy.example.com:8080` -- **HTTPS proxies**: `https://proxy.example.com:8443` -- **SOCKS5 proxies**: `socks5://proxy.example.com:1080` - -## Configuration Steps - -### 1. Access Plugin Settings - -1. Open Jellyfin Dashboard -2. Navigate to **Dashboard → Plugins → SRF Play** -3. Scroll down to the **Proxy Settings** section - -### 2. Configure Proxy - -Fill in the following fields: - -#### Use Proxy -- **Enable this checkbox** to route all SRF API requests through the proxy - -#### Proxy Address -- Enter your proxy server address with protocol and port -- Examples: - - `http://192.168.1.100:8080` - - `http://proxy.example.com:3128` - - `socks5://127.0.0.1:1080` - -#### Proxy Username (Optional) -- Enter username if your proxy requires authentication -- Leave empty if no authentication is needed - -#### Proxy Password (Optional) -- Enter password if your proxy requires authentication -- Leave empty if no authentication is needed - -### 3. Save Configuration - -1. Click **Save** button -2. Restart Jellyfin to apply changes (recommended) - -## Examples - -### Example 1: Simple HTTP Proxy (No Authentication) - -``` -Use Proxy: ✓ Enabled -Proxy Address: http://192.168.1.1:8080 -Proxy Username: (empty) -Proxy Password: (empty) -``` - -### Example 2: Authenticated HTTP Proxy - -``` -Use Proxy: ✓ Enabled -Proxy Address: http://proxy.company.com:3128 -Proxy Username: myusername -Proxy Password: mypassword -``` - -### Example 3: SOCKS5 Proxy - -``` -Use Proxy: ✓ Enabled -Proxy Address: socks5://127.0.0.1:1080 -Proxy Username: (empty) -Proxy Password: (empty) -``` - -## Setting Up a Transparent Proxy Gateway on Ubuntu - -If you want to create your own transparent proxy gateway on Ubuntu, here are some options: - -### Option A: Squid Proxy - -Install and configure Squid as a transparent proxy: - -```bash -# Install Squid -sudo apt update -sudo apt install squid - -# Edit configuration -sudo nano /etc/squid/squid.conf - -# Add these lines: -http_port 3128 -acl localnet src 192.168.1.0/24 -http_access allow localnet - -# Restart Squid -sudo systemctl restart squid -``` - -Then in plugin settings: -``` -Proxy Address: http://192.168.1.1:3128 -``` - -### Option B: SSH Tunnel (SOCKS5) - -Create a SOCKS5 proxy through SSH: - -```bash -# On your local machine -ssh -D 1080 -N user@remote-gateway-server -``` - -Then in plugin settings: -``` -Proxy Address: socks5://127.0.0.1:1080 -``` - -### Option C: Dante SOCKS Server - -Install Dante for a dedicated SOCKS5 server: - -```bash -sudo apt install dante-server - -# Configure in /etc/danted.conf -sudo systemctl restart danted -``` - -## Troubleshooting - -### Plugin Not Connecting Through Proxy - -1. **Check proxy address format**: Ensure it includes the protocol (http://, socks5://, etc.) -2. **Verify proxy is running**: Test connectivity to the proxy from your Jellyfin server -3. **Check Jellyfin logs**: Look for proxy-related errors in Dashboard → Logs -4. **Firewall rules**: Ensure your firewall allows outbound connections to the proxy - -### Authentication Errors - -1. Verify username and password are correct -2. Check if your proxy requires domain authentication (DOMAIN\\username) -3. Some proxies may require specific authentication methods not supported by .NET HttpClient - -### DNS Resolution - -- The plugin resolves domain names before sending requests through the proxy -- If you need DNS resolution through the proxy, you may need to use a VPN or network-level routing instead - -## Affected Domains - -When proxy is enabled, all requests to these domains will be routed through the proxy: - -- `il.srgssr.ch` - SRF Integration Layer API -- `www.srf.ch` - SRF Play v3 API (German) -- `www.rts.ch` - RTS Play v3 API (French) -- `www.rsi.ch` - RSI Play v3 API (Italian) -- `www.rtr.ch` - RTR Play v3 API (Romansh) -- `www.swi.ch` - SWI Play v3 API (International) - -## Viewing Logs - -To verify the proxy is being used: - -1. Go to **Dashboard → Logs** -2. Look for entries containing "Proxy configured" -3. Example log entry: - ``` - Proxy configured: http://192.168.1.1:8080 (Authentication: False) - ``` - -## Security Notes - -- Proxy credentials are stored in Jellyfin's plugin configuration -- Use HTTPS for the proxy connection when possible to encrypt traffic -- Consider using a VPN for more secure routing if dealing with sensitive content -- Regularly update your proxy server and Jellyfin to patch security vulnerabilities - -## Alternative: Network-Level Routing - -If you prefer network-level routing instead of application proxy, see the `setup-srf-routing.sh` script for IP-based routing tables (requires root access and is more complex). - -## Support - -If you encounter issues: -1. Check Jellyfin logs for detailed error messages -2. Verify proxy connectivity with `curl --proxy http://proxy:port https://il.srgssr.ch` -3. Open an issue on the GitHub repository with logs and configuration details diff --git a/deploy-to-jellyfin.sh b/deploy-to-jellyfin.sh deleted file mode 100755 index 21035c5..0000000 --- a/deploy-to-jellyfin.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# Deploy SRF Play plugin to Jellyfin server - -set -e - -# Configuration -JELLYFIN_SERVER="192.168.1.4" -JELLYFIN_USER="dtourolle" # Change this to your SSH user -DLL_PATH="Jellyfin.Plugin.SRFPlay/bin/Release/net8.0/Jellyfin.Plugin.SRFPlay.dll" - -# Colors -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -NC='\033[0m' - -echo -e "${GREEN}=== Deploying SRF Play Plugin ===${NC}\n" - -# Check if DLL exists -if [ ! -f "$DLL_PATH" ]; then - echo "Error: DLL not found. Building..." - dotnet build Jellyfin.Plugin.SRFPlay/Jellyfin.Plugin.SRFPlay.csproj -c Release -fi - -echo "Step 1: Copying DLL to Jellyfin server..." -scp "$DLL_PATH" "${JELLYFIN_USER}@${JELLYFIN_SERVER}:~/" - -echo -e "\nStep 2: Installing DLL on Jellyfin server..." -ssh "${JELLYFIN_USER}@${JELLYFIN_SERVER}" << 'ENDSSH' - echo "Stopping Jellyfin..." - sudo systemctl stop jellyfin - - echo "Backing up old DLL..." - sudo cp /var/lib/jellyfin/plugins/SRF/Jellyfin.Plugin.SRFPlay.dll \ - /var/lib/jellyfin/plugins/SRF/Jellyfin.Plugin.SRFPlay.dll.backup || true - - echo "Installing new DLL..." - sudo cp ~/Jellyfin.Plugin.SRFPlay.dll /var/lib/jellyfin/plugins/SRF/ - sudo chown jellyfin:jellyfin /var/lib/jellyfin/plugins/SRF/Jellyfin.Plugin.SRFPlay.dll - - echo "Starting Jellyfin..." - sudo systemctl start jellyfin - - echo "Waiting for Jellyfin to start..." - sleep 5 - - echo "Checking Jellyfin status..." - sudo systemctl status jellyfin --no-pager -l | head -20 -ENDSSH - -echo -e "\n${GREEN}✓ Deployment complete!${NC}" -echo -e "\n${YELLOW}Next steps:${NC}" -echo "1. Test video playback - GUID errors should be fixed" -echo "2. If videos still don't play due to geo-blocking, run network routing setup:" -echo " scp setup-gateway-routing.sh cleanup-gateway-routing.sh ${JELLYFIN_USER}@${JELLYFIN_SERVER}:~" -echo " ssh ${JELLYFIN_USER}@${JELLYFIN_SERVER}" -echo " chmod +x setup-gateway-routing.sh" -echo " sudo ./setup-gateway-routing.sh"