懒人党的福音--顶级全自动化影音系统全方位深入剖析

johnrosen1

2022-03-21 21:42:40 +08:00

2022.3.21 更新：新增影片质量配置。

johnrosen1

2022-03-21 21:59:28 +08:00

2022.3.21 更新：补充 NZBGet 程序缓存及下载队列的图片。

johnrosen1

2022-03-22 12:58:32 +08:00

2022.3.22 更新：经测试 NZBGet 不支持 TLS1.3 协议，但支援 TLS1.2 ，因此 `Cipher` 建议设置为 `ECDHE-ECDSA-AES128-GCM-SHA256`(文档已修正)。

johnrosen1

2022-03-22 13:47:36 +08:00

2022.3.22 我扔了个 pr 过去，如果他们接的话 tls1.3 就可以用了

https://github.com/linuxserver/docker-nzbget/pull/144

johnrosen1

2022-03-22 16:32:27 +08:00

操，放弃了，手动编译了一遍 NZBGet , tls1.3 还是报错。openssl 确实是最新版本。

Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG getaddrinfo for news-us.newsgroup.ninja: 0 (Connection.cpp:599:DoConnect)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Starting TLS (Connection.cpp:993:StartTls)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Do disconnecting (Connection.cpp:861:DoDisconnect)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Destroying Connection (Connection.cpp:146:~Connection)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Disconnecting (Connection.cpp:187:Disconnect)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Response="Could not select cipher for TLS: error:1410F0B9:SSL routines:SSL_set_cipher_list:no cipher match" (XmlRpc.cpp:538:BuildResponse)

对端也支持 1.3 的

root@debian:~# openssl s_client -connect news-us.newsgroup.ninja:563 -ciphersuites TLS_AES_128_GCM_SHA256
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = news.sslusenet.com
verify return:1
---
Certificate chain
0 s:CN = news.sslusenet.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIqDCCB5CgAwIBAgISBLvFSa8Jk6lggwq6fPmwSIrWMA0GCSqGSIb3DQEBCwUA
···
bzBq56cGGykABTj3
-----END CERTIFICATE-----
subject=CN = news.sslusenet.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5716 bytes and written 375 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 2426EEC4692BCF9F8D32F5EBC160B965EF6D023EE50F5FDDF041022EBB3C8167
Session-ID-ctx:
Resumption PSK: 18A84FA1AA70A75ED939A6B794739177BFB8F2E2648737BC6F00B6F48309B33A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
···

Start Time: 1647937881
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 02BE66E7987ADFC7BE186E3100B099F98308BA5DFC57E3ADC8DBDA334AD6F006
Session-ID-ctx:
Resumption PSK: FB03F12785AB46C850CB131C049C35559C08FFB06BFAE8529AC96F333FC59E3A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
···

Start Time: 1647937881
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
200 Welcome

johnrosen1

2022-03-22 16:52:08 +08:00

2022.3.22 更新：新增手动保存 iptables 方法。

johnrosen1

2022-03-22 19:44:34 +08:00

测试通过了，真的就是因为 NZBGet 安全协议的锅，关掉就可以用了。

https://t.me/vpstoolbox/1367

我自己编译了个 Docker image ，想用 TLS1.3 的可以试试。

https://hub.docker.com/repository/docker/johnrosen/nzbget

YAFEIML

2022-03-23 09:47:15 +08:00

@johnrosen1 #38 冷门资源

THESDZ

2022-03-26 19:54:18 +08:00

码了，等有时间搞个部署脚本

huhhz

2022-03-29 14:36:19 +08:00

给懒人用的方式一个镜像两个端口（ emby 和 ombi 的端口）

huhhz

2022-03-29 14:41:05 +08:00

参考大佬的裁剪了下只下电影
下载群晖自带的
radarr prowlarr obmi jellyfin chinesesubfinder

beijiaoff

2022-03-31 16:58:07 +08:00

尝试过 radarr 等工具后，最后选择了半自动化，bt 助手里手动选择电影 /电视版本，之后自动就可以电视等全平台看了。
全自动化的缺点是还没有那么智能，自己的需求没有那么稳定。

johnrosen1

2022-03-31 19:00:53 +08:00

@beijiaoff bt 助手是什么？

2022.3.31 更新：博客评论区功能已上线。

beijiaoff

2022-04-01 08:29:17 +08:00

@johnrosen1 打错字了，pt 助手 plus 。我特别需求的是适配手机操作的“pt 助手 plus”，增加很多便利性。

johnrosen1

2022-04-02 10:12:57 +08:00

@beijiaoff 我去看看

lj0014

2022-04-09 22:20:38 +08:00

看到此贴后，去搜索一番发现 nas-tools 、movie-robot 这类集成工具用起来更方便些

dudulangjiao

2022-05-06 20:35:19 +08:00

Pulling radarr (cr.hotio.dev/hotio/radarr:latest)...
ERROR: Get "https://cr.hotio.dev/v2/": x509: certificate has expired or is not yet valid: current time 2022-05-06T20:34:28+08:00 is after 2021-09-30T14:01:15Z

楼主，用群晖的 docker ，是不是证书过期了？

johnrosen1

2022-05-09 21:33:57 +08:00

@dudulangjiao 你这网址我打得开啊，应该不是网站本身的问题。

懒人党的福音--顶级全自动化影音系统全方位深入剖析

最近写了一篇新文章,有没有大佬来帮我看看有啥可改进的地方