Server Version#: 1.15.5.994
Player Version#:
Custom server access URLs: [https://plex.mydomain.com:443,(http://192.168.x.x:32400/)
All services are in docker containers.
SSLH on 192.168.70.239
Openvpn-as on 192.168.70.238
Nginx on 192.168.70.242
Plex on 192.168.70.244
Plex is unable to distinguish between local and remote traffic.
My setup is SSHL forwards ssh traffic to Openvpn-as which then uses portshare to forward the ssh traffic to Nginx.
Plex shows the remote users as 192.168.70.242, which shows in the local lan graphs.
my nginx config is:
#######################################
# #
# PLEX #
# #
#######################################
#Must be set in the global scope see: https://forum.nginx.org/read.php?2,152294,152294
#Why this is important especially with Plex as it makes a lot of requests http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html / https://www.peterbe.com/plog/ssl_session_cache-ab
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#Upstream to Plex
upstream plex_backend {
server 192.168.70.244;
keepalive 32;
}
server {
listen 80;
server_name plex.mydomain.com;
return 301 https://$host$request_uri;
}
server {
#listen 80;
#Enabling http2 can cause some issues with some devices, see #29 - Disable it if you experience issues
listen 8443 ssl http2; #http2 can provide a substantial improvement for streaming: https://blog.cloudflare.com/introducing-http2/
server_name plex.mydomain.com;
#Faster resolving, improves stapling time. Timeout and nameservers may need to be adjusted for your location Google's have been used here.
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
send_timeout 100m; #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause (e.g. Chrome)
#Reuse ssl sessions, avoids unnecessary handshakes
#Turning this on will increase performance, but at the cost of security. Read below before making a choice.
#https://github.com/mozilla/server-side-tls/issues/135
#https://wiki.mozilla.org/Security/Server_Side_TLS#TLS_tickets_.28RFC_5077.29
#ssl_session_tickets on;
ssl_session_tickets off;
#Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven't encountered any yet)
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
#Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
#Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;
#Forward real ip and host to Plex
set_real_ip_from 192.168.70.239;
set_real_ip_from 192.168.70.238;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_set_header X-Forwarded-By $server_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
#Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#Disables compression between Plex and Nginx, required if using sub_filter below.
#May also improve loading time by a very marginal amount, as nginx will compress anyway.
#proxy_set_header Accept-Encoding "";
#Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
#Plex
location / {
#Example of using sub_filter to alter what Plex displays, this disables Plex News.
#sub_filter ',news,' ',';
#sub_filter_once on;
#sub_filter_types text/xml;
proxy_pass https://192.168.70.244:32400;
}
}
