Server Version#: 1.32.1.6999 (official plex docker)
Player Version#: 4.100.1
Setup:
Unraid Server with Plex container in bridge network
Nginx Proxy forwards media.example.com to the Plex container on port 32400
Router forwards all traffic on port 80/443 to Proxy’s 80/443
The “Custom Server Access URL” setting contains my domain:
Remote access check is broken for Reverse Proxy setups
Since years, the remote access menu claims that my server is not accessible:
But remote access works absolute perfectly,.
I think the problem is that Plex’s remote check tries to connect to my server through my public IP + Port 443 and not through my domain + Port 443 as shown in the status:
This can’t work as public IP + Port 443 hits my Proxy and the Proxy does not know where to forward the traffic as the domain is missing.
plex.direct is broken for Reverse Proxy setups
Another thing, same problem: Plex tries to connect to my server through public-ip.plex.direct::
/config/Library/Application Support/Plex Media Server/Logs/Plex Media Server.log:May 21, 2023 19:01:22.346 [22524977843000] WARN - [HttpClient/HCl#25c] HTTP error requesting GET https://93-184-216-34.1234567890abcdef.plex.direct:443/identity (35, SSL connect error) (OpenSSL/3.0.8: error:0A000458:SSL routines::tlsv1 unrecognized name)
This can’t work, too, as the reverse proxy does not control the SSL certificates of those domains.
Conclusion
If the list of custom server access urls contains a domain, Plex must use this instead of the public IP or plex.direct domains. Or Plex needs a new option “Reverse Proxy Domain”. which overwrites them if set.
Also the ios app then uses as hostname ‘media.example.com:443’ (needed extra rule in my revers proxy (haproxy)).
Furthermore i disabled remote access in the gui, as far as i have understood, it the the remote access via their certificates.
So far all is working (ios client (besides the bug with only can transcode to 2MBit or play original quality), webclient (via own url or plex.tv) and android … the other apps i did not test so far)
For what? To connect to my server? If this would be the case, then how is it possible that my remote access worked in the past years. PS: I’ve added the port and it changes nothing.
If you don’t need to access your content when away from home and won’t be sharing your content, it isn’t necessary to enable Remote Access.
I’d say Plex does not really support Reverse Proxy setups.
PS I’ve tested a stream host on my Proxy, which forwards all the traffic on port 32400 to Plex (of course I change the Remote Access Ports to 32400, too). By that the Remote Access becomes valid, but then I’m not able to use my own domain as I’m not able to provide the Let’s Encrypt certificate through the Plex Docker Container itself.
So my conclusion is that Plex does not really support Reverse Proxy Setups. It kinda works, but technically it was never implemented well.
The “Remote Access” setting enables plex.direct domains + port forwarding. If you’re using a proxy, PMS doesn’t do remote access, the proxy does. The traffic between the proxy ↔ PMS is all local.
The Remote Access connection check is a bit wonky indeed - it gives a lot of false negatives, for example it also only checks IPv4, if you have Remote Access working over IPv6, the check will say you have no remote access, while in fact you do.
did not see that, so port 443 was used in your case.
As i understand (reading through the forum) and i have tested, this applies only for the plex.direct certificates.
In my setup with an HAProxy, everything works like a charm, every app or webapp, besides the online check which implies that the plex.direct domains are used. So they fail but remote access through the revers proxy still works. The only side effect i have seen with disabling the remote access is that the plex relays are not used any more in the case no direct connection can be stablished.
If wanted i can show you my working HAProxy config.
It does for me, too. But the remote access page provides wrong information, which was the main reason to open this bug report.
And finding only in the forums information of the behavior of plex.direct is strange, too. Why isn’t this mentioned in the documentation. I mean I’m using Plex since 10 years or so and there isn’t still an information regarding custom domains with reverse proxy setups which should be the most used scenario I think.
PS it seems plex.direct has been disabled since I disabled Remote Access. Now I’m waiting for feedback of my users if this has any downside for them.
