Using Emby Video Station on Alibaba Cloud Drive

Things to Prepare#

A public server with internet access
A domain name
A smooth network
A pair of nimble hands
~~A healthy normal brain~~

I recommend using Docker for installation as it can avoid configuration issues.

Docker#

Taking Ubuntu as an Example#

You can also use a one-click script for installation

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh ./get-docker.sh --dry-run

Manual Installation

First, uninstall old versions

sudo apt-get remove docker docker-engine docker.io containerd runc

Update the apt package index and install required apt packages

sudo apt-get update
sudo apt-get install ca-certificates curl gnupg

Add Docker's official GPG key

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

Set up the repository

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Update the apt index

sudo apt-get update

Install Docker Engine, containerd, and Docker Compose

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Test

sudo docker run --rm hello-world

If it outputs normally without errors, the installation is successful.

Aftercare
Add the current user to the Docker group to avoid using sudo

sudo usermod -aG docker $USER
exit

Alist#

Official Documentation

Installation#

docker run -d --restart=always \
  --name="alist" \
  -v /etc/alist:/opt/alist/data \ #'/etc/alist' local mapping path can be set to your preferred location
  -p 5244:5244 \ # If you don't want to map to the public network, you can use -p 127.0.0.1:5244:5244. Since Rclone is also inside Docker, you may need to add -p 172.17.0.1:5244:5244
  xhofe/alist:latest

Configuration#

Jump The official documentation is detailed enough.

Rclone#

You may need to install fuse first

sudo apt-get install fuse

Installation#

Generate Configuration File#

docker run -it --rm \
  -v /etc/rclone:/config/rclone \
  rclone/rclone \
  config

Create a new configuration
Set the configuration name

It should be consistent with mount Rclone in the later run rclone section.
Choose the protocol

Usually WebDAV.
Set the host address

Generally point to the Docker gateway.
Choose the WebDAV service type

Alist recommends choosing Nextcloud.
Enter the username
Enter

Usually choose 'y' to use your own password.
Then enter the password twice; there will be no prompt for input.
Token and advanced configuration

Leave it blank and use defaults.
Check

Verify and save with 'y'.
Completion

Creation is complete; press 'q' to exit.

Run Rclone#

docker run -itd --name rclone \
  # Limiting CPU usage is not mandatory; if Rclone uses too much, you can apply limits.
  --cpuset-cpus="1" \
  -v /etc/rclone:/config/rclone \
  -v /mnt/rclone:/data:shared \
  --device /dev/fuse \
  --cap-add SYS_ADMIN \
  --security-opt apparmor:unconfined \
  rclone/rclone \
  mount Rclone:/ /data --umask 0000 --vfs-cache-mode full --default-permissions --allow-non-empty --allow-other --buffer-size 1G --dir-cache-time 6h --vfs-read-chunk-size 64M --vfs-read-chunk-size-limit 1G  --vfs-cache-max-size 20G

--vfs-cache-max-size 20G Maximum cache size should be modified according to your disk space.

Unmount#

Generally, running docker stop rclone will unmount by default. If unmounting fails, you can use: fusermount -qzu /mnt/mount_path to force unmount.

Video Sites#

Emby Installation#

docker run -itd \
  --restart always \
  --name emby \
  -v /etc/emby:/config \
  -v /mnt/rclone:/rclone \
  -p 8096:8096 \
  -e TZ=Etc/UTC+8 \
  --device /dev/dri:/dev/dri \
  linuxserver/emby:latest

Jellyfin Installation#

docker run -itd \
  --name=jellyfin \
  -e TZ=Etc/UTC+8 \
  -p 8096:8096 \
  -v /etc/jellyfin:/config \
  -v /mnt/rclone:/rclone \
  --restart always \
  --device /dev/dri:/dev/dri \
  linuxserver/jellyfin:latest

Configuration#

~~Basic configuration will not be elaborated~~
Mainly involves several automatic scanning functions that may cause cloud disk risk control and high network usage.

Brief Introduction Tag
Scheduled Tasks

These five will automatically generate scheduled tasks and consume resources for a long time; it is recommended to delete them manually.

Mapping Public Network#

It is recommended to use Nginx or other reverse proxy servers; using the internal HTTPS services of Emby and Jellyfin is not advised.

Apply for TLS Certificate#

Install acme.sh
Official Documentation

curl https://get.acme.sh | sh -s [email protected]

Use acme.sh to sign TLS certificate for Cloudflare version

export CF_Token="token"
export CF_Account_ID="ID"
export CF_Zone_ID="ID"
cd ~/.acme.sh
./acme.sh --issue -d ex.com -d *.ex.com --server letsencrypt --dns  dns_cf

Account_ID and Zone_ID are

Token can be directly used from the template: edit the DNS zone, and select your domain

Nginx#

Write Configuration File#

sudo mkdir /etc/nginx
sudo vi /etc/nginx/nginx.conf

Press i to enter edit mode

pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections 512;
}

http {
    ssl_certificate /etc/ssl/let/fullchain.pem;
    ssl_certificate_key /etc/ssl/let/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    resolver 8.8.8.8 1.1.1.1 valid=60s;

    # gzip
    gzip            on;
    gzip_vary       on;
    gzip_proxied    any;
    gzip_comp_level 6;
    gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2c0f:f248::/32;
    set_real_ip_from 2a06:98c0::/29;
    real_ip_header CF-Connecting-IP;
    real_ip_recursive on;
    
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name emby.ex.com;
        # server_name emby4.ex.com; # Not needed by default
        # server_name emby6.ex.com; # Not needed by default
        error_page 497 =301 https://$host:$server_port$request_uri;

        location / {
            proxy_pass http://127.0.0.1:8096/;

            proxy_set_header HOST $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

}

Press Esc, type :wq, and hit Enter to exit.

Installation#

sudo touch /etc/nginx/nginx.conf
docker run -itd --restart always  --name nginx --network host \
  -v /path/fullchain.cer:/etc/ssl/let/fullchain.pem:ro \
  -v /path/ex.com.key:/etc/ssl/let/privkey.pem:ro \
  -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
  nginx