Server Version#: 1.41.0.8994
Player Version#: 10.22.1.1607 b108dc3f
I can only give you this: https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/
For some more technical background, read this: How Plex is doing HTTPS for all its users
(though Plex has now swapped out DigiCert for LetsEncrypt)
Unfortunately I cannot tell you anything about how to configure nginx.
Basically, each Plex client must be able to resolve the FQDN of your server – be it inside or outside your home network. Using a domain name is required for encryption to work. If you use your own domain name, you will need a publicly trusted certificate for it. (Remember: plex clients run on all sorts of platforms, including those where it’s a nightmare or nearly impossible to import your own certificate.) Which rules out all self-signed certificates.
Plex clients query the Plex’s servers via the api command https://plex.tv/api/resources?X-Plex-Token=<plextoken> which returns details of the Plex Media Servers that you have registered with your account.
Your Plex clients then convert the PMS’s IP into a plex.direct domain name which resolves to the PMS’s IP. Plex also issues a Let’s Encrypt wild card certificate to your PMS which corresponds to the server’s plex.direct subdomain so that your clients can verify it is your server and connect securely.
All of this happens automatically without your intervention when using a Plex client or accessing via https://app.plex.tv/.
To use your own DDNS you would need to configure the PMS Network settings:
Why do you want to go to the extra hassle and effort to use your own domain name rather than letting Plex handle all of the magic?
Because my area is blocked by a firewall, I cannot access it normally through plex automatic resolution, so I need to use my own ddns domain name to access it. At the same time, the pmp client in Android cannot directly enter the domain name, only the ip. At present, the use of my area has been seriously affected, and even the login verification will be blocked. This is why I am looking for a solution.
In addition, I have tried to configure the ddns and certificate of pms, but I don’t know if it works, because it is always stuck at the login mark. Now all users in my area are in this situation. We are completely blocked by the firewall. I don’t know if plex officials can help us solve this problem.
I sincerely hope that plex officials can pay attention to the access problem in China. From some aspects, at least there are still many Chinese users, and many people have given up plex for this reason. Some people have come to the forum to reflect this problem before, but the replies they got were that other regions can access it normally, and there is no problem in our area, so this problem has not been solved.
I understand your situation now.
If you can’t log into Plex then a custon domain may not assist as you will still need to login to Plex so that it can verify your client has access.
I experimented with using a DDNS with my Plex server and could get it working, however I’m in Australia so not subject to the same potential firewall restrictions.
You need to generate a custom certificate that is signed by a certificate authority which the plex media player will recognise. I used Let’s Encrypt but I don’t know whether you have access to them in China. I don’t know what other CAs are recognised by Plex.
The certificate and key need to be in a PKCS12 file format.
Install it in a location where your PMS can read it.
Go to the PMS Network settings.
Under Custom certificate location in the network settings enter the full path to the PKCS12 file.
Under Custom certificate encryption key enter the password for the PKCS12 file. I don’t know whether Plex accepts a blank password.
Under Custom certificate domain enter the full qualified DDNS domain name of your Plex server.
My example is below.
Still in network settings go down to the bottom and set the Custom server access URLs to the full URL of your PMS (e.g. https://plex.myddns.com:32400 based on an external port forward of 32400)
Go to Remote Access and make sure you Disable Remote Access. This will stop the creation of an external plex.direct domain name for your PMS, and prevent the registration of your WAN IP up to the Plex servers. Your DDNS will still be registered and provided the port forwarding is set up your plex clients should be able to access your PMS.
If you need to use a different external port for PMS then you will need to:
Custom server access URLs has the correct portOK, I have time to try what you said. Thank you very much. At the same time, this is my reply in another post, which describes the problem faced by our area. This problem is currently very fatal, causing you to be forced to leave the plex forever until it returns to normal, which is very painful for us to use. We have also been trying to find a solution, but we can’t do anything.
If you have time and can read it patiently, you will understand what I am trying to do now.
Thanks for the link. My understanding from your posts is that plex.tv is blocked in China.
I’m not sure whether the steps I’ve listed will work for you as I believe it still requires PMP and PMS to talk to plex.tv to find the DDNS name for your plex server, and also authenticate and handle the login for the remote users.
Your analysis should be correct. I still cannot get rid of plex.tv after logging in, but at least the solution you provided can connect directly to the video library. As long as I log in, other problems can be solved slowly. This is the only way for now.
关闭plex服务器的远程访问,用nginx一类的软件反代plex(用http,而非https),在plex服务器的设置界面
自定义服务器访问 URL
填入你的plex的自定义域名。
在plex服务器所在的网络里面,将 “plex.tv”加入翻墙名单,服务器向plex.tv宣告你的服务器地址时,仅会用你自己填写的域名。
这样操作后,你的客户端会忽略掉 *.plex.direct ,仅用你的自定义域名访问你的plex服务器。
客户端之类的都有登陆缓存信息,如果在外面没翻墙环境,会显示为离线模式,但是不影响使用。
如果是第一次登陆,则翻墙登陆一次即可。
实际上,很年前tvdb被墙了后,我一直用的这个方法,另外plex.tv加入翻墙名单不会影响国内直连你的服务器,而且刮削不会收到网络影响。
提供一个我自用的nginx配置给你
server {
listen 443 ssl;
http2 on;
server_name plex.xxx.com;
ssl_certificate /home/iviso/certs/public.crt;
ssl_certificate_key /home/iviso/certs/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
send_timeout 24h;
location / {
proxy_pass http://192.168.2.6:32400;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 24h;
proxy_read_timeout 24h;
proxy_send_timeout 24h;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
}
}
这几天抽出时间我配置一下试试,你这方案很好。之前就像这么操作一直没弄。我一直想的是用plex 里面的 那个 https方法
我已配置完毕 只是登录需要链接一下代理 其他的 确实可以直连 效果非常好目前以满足代理登录直连影库的需求 非常感谢您给出的解决方案。希望他能帮助到更多的人我会将这个方法记录并跟您一样提供给更多有需求的人。
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
