Server Version#: 1.29.2.6364
Player Version#: 4.96.2
Hello everyone,
I’ve been playing with setting up external access to my plex server in my own ‘weird’ way. Instead of port forwarding on my local network I have my plex server using a point to site VPN up into a cloud service and then it is exposed through the magic of the cloud. That all surprisingly works perfectly, and I get to avoid exposing my public IP address… or so I thought. (This also minimizes cloud costs because I am hosting the compute locally)
I have my plex server set up with a letsencrypt SSL certificate and a custom domain. I also have a local DNS server set up for routing to my plex server locally. I’d prefer if the Plex players ONLY use DNS resolution when attempting to connect to my plex server, but it appears they always try connecting directly to the local and public IP addresses (even though those will fail externally).
Using a browser DevTools session, using the app.plex.tv interface, on the networking tab I can see that the /media/providers api request always includes several attempts even if the DNS attempt is successful. I cannot seem to find where these IPs are stored for the client’s use to remove them.
For example in my environment there are three endpoints it is attempting to access.
https://192-168-x-x.{RANDOM_ID}.plex.direct:32400/media/providers | Local IP Address of Server (I do not want this exposed, but not the biggest deal)
https://55-55-xx-xx.{RANDOM_ID}.plex.direct:32400/media/providers | Public IP Address of my home network (I do not want this exposed at all, and it will never work because I am not port forwarding on my home network)
You can’t. It will always advertise your local server’s IP address. This should not be problematic as none of those addresses are publicly-routable.
However, you can prevent it from advertising your public IP address. Disable remote access in Settings → Remote Access. This will not prevent your custom server access URL from being advertised.
After doing the above, you will only have your private IP address and custom server access URL published.
In the cloud! Plex Media Server registers them with the Plex Cloud.
Is the Custom Server Access URL pointing to the same IP address as the internal 192-168-x-x.GUID.plex.direct hostname? If so it’s possible you don’t need the Custom Server Access URL at all.
Welp… this is one of those “Why didn’t I think of that…” moments.
Yup disabling the “public access” setting worked to remove my public IP from the list of API calls I was seeing. Still wish I could eliminate the local IP for OCD reasons… but I agree with you it is not a huge deal since it is not publicly routable.
I am now up and running with external access through a public IP that is disposable (not my home) like I wanted!
Is the Custom Server Access URL pointing to the same IP address as the internal 192-168-x-x.GUID.plex.direct hostname? If so it’s possible you don’t need the Custom Server Access URL at all.
The Custom URL is pointing to a cloud provider’s public IP exposed for me, so I do want (obviously not a need), the custom server access URL.
Overall, my solution is an over-engineered and ‘expensive’ way to do things since it does add some cloud spend… but I also academically wanted some experience setting up a hybrid network (cloud + local) from scratch which is why I did it.
I also get the benefit of not exposing my home IP, though exposing to whom is a question since I don’t really share access to my plex server :D.
Anyway… Thanks for the reply! I appreciate the help!
Oh I follow! I thought you were setting up a VPN-mesh-only system.
If you’re willing to share, what are you using?
Some of the Plex behavior isn’t very intuitive. Remote Access really means “try to port forward” and “discover the apparent public IP and register it”.
This feels a lot like a “roll your own Plex relay.” I like it. I’d be interested in hearing additional details as well. It might be useful for those who are stuck behind carrier-grade NAT and are unable to take advantage of the “native” remote access which Plex provides. I’ve only ever spoken about it in general terms: Build a proxy in “the cloud” and; implement a reverse proxy there; establish a tunnel to that proxy from the Plex server; point the custom server access url to that proxy, tunneling to the real Plex server.
A real world implementation would be interesting to see.
Haha I’ll throw together a network map of how I have it working and post it here. Seems to work really well so far, but who knows if bugs will show up over the long term.
It might be useful for those who are stuck behind carrier-grade NAT and are unable to take advantage of the “native” remote access which Plex provides.
This is also practical if you have an IPv6 Plex server, but need legacy clients that don’t have IPv6 to connect to it over IPv4.
