Hey Peeps
Quick Q.
Trying to reverse proxy Plex using plex.direct link, just refuses to work. Looking at Caddy error log it says the link cannot be resolved. I am obviously being a dumbass.
Caddy file
domain.com {
reverse_proxy https://192-168-1-74.redacted.plex.direct:32400
}
I got the plex.direct link from api, see below
redacted
</resource>
</resources>
This is the page that inspired me Clearing up Plex networking internals - scholz.ruhr
Solved.
I don’t know why but the above started working after I defined;
Settings > Network > LAN Networks
Settings > Network > List of IP addresses and networks that are allowed without auth
See below
Would still appreciate any feedback about this, would love to understand what’s actually going on lol
Giving everyone admin access to your server.
Huh? No.
You’ve (presumably) added your local network to the list of networks allowed to connect with no authorization. If not configured correctly, external connections through your reverse proxy may be seen as coming from 192.168.1.0/24. Therefore, this could potentially allow external users to access your server without auth, thereby allowing them full admin access to your server.
That particular setting is a convenience feature and should never be necessary for normal operation of the server.
If I may add?
Using the Plex.direct URL is problematic. It will change every time your certificate updates.
The purpose of the No-Auth is for use in your home or camper when there is no internet service. ( I live in an area where internet is on telephone poles and does go out in the winter )
Tying a proxy to the No Auth url is dangerous at minimum. It would mean that Anyone could go into your server as if you and do whatever they wanted. PMS is designed such that nobody can access your server without you expressly sharing your server via the Sharing mechanism.
EDIT
I’ll take a bow to that, both of you.
I’ve removed the local auth setting. 
Not following this? Do you mean when the cert on lolwtf renews or the plex.direct one?
When the plex.direct cert (the one specific to your PMS server) renews.
That’s the one which changes every 90 days
The URL is based on the certificate ID.
When the certificate updates, its ID will change. The downstream effect is the URL will change as it tracks the new cert ID.
That’s really handy to know! I appreciate you sharing that.
I am slowly transitioning away from Plex but it’s easy enough to update the caddyfile until then.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
