Hello there,
I’m currently setting up a proxy for plex (and other things) based on node-http-proxy so thank you for this topic and your reasearch on the subject.
For now I’ve only put added X-forward headers and Host-rewriting and it’s working as it is.
I have an issue though, when I’m trying to change the basepath from /web to /plex and getting a 401 while trying that, any idea about why ?
Thanks a lot.
Actualy, i never tried to rewrite the context…
Sorry for jumping in on this thread.
Is this config still working fine? On nginx reverse proxy is it just the back-end PMS or is it also the remote connection to content as well?
Thank you,
~Jinx13
I am not sure if I understood the question.
All traffic to and from PMS is send thru the reverse proxy.
All clients I use work so far (PlexWeb, Android, Plex for Smarthub).
Thank you for that. Currently I have access to plex backend via http://my.ext.ip:32400 does that mean all the other applications connect through the same port ie plex for android and my daughters smart TV away from home?
I’m obviously looking to change that by setting up nginx reverse proxy does it effect quality at all?
I’m also looking at wanting to connect to plex via https://plex.example.com
Thanks again
@Jinx13 said:
Thank you for that. Currently I have access to plex backend via http://my.ext.ip:32400 does that mean all the other applications connect through the same port ie plex for android and my daughters smart TV away from home?
Yes, as long as you met following conditions:
Plex will handle the publication of the CSA on plex.tv and Clients will query the information from there.
I’m obviously looking to change that by setting up nginx reverse proxy does it effect quality at all?
No it does not. (Unless your Client has a Bug, e.g. the “old” Samsung for Smarthub Client version 2.008 allways transcoded due to a bug). Though, if the remote access is setup incorrect, a marker for “indirect connections” can appear in plexWeb, resulting in terrible quality.
I’m also looking at wanting to connect to plex via https://plex.example.com
If you own the domain and are able to provide ssl certificates for that domain (letsencrypt certs do work!), carry on and start your reverse proxy.
One of the most beautiful parts of this solutions is, that you can enforce secure connections for remote access, while keeping the ability to establish unsecure connections inside your lan.
Thank you so much your post is very informative 
Thanks for these instructions.
Just a quick comment, the mapping $connection_upgrade is not really used in the config as later on “proxy_set_header Connection” is set to “upgrade” instead of $connection_upgrade
Other than that, everything seems to work.
One more comment, one can even disable remote access in the settings. As long as “Custom server access URLs” is filled in with the RP address, plex will advertise that and the clients will be able to connect
Initial sign up of the plex media server using reverse proxy is not working however. You have to access your plex media server using local url (http://192.168.1.x:32400 etc.) to sign it in, then you can access it using your reverse proxy URL.
Just a heads up as I struggled with this for a while. This just means that Plex isn’t fully supporting the use of custom urls.
It’s not really about reverse proxy or plex supporting it. It’s a security feature of plex.
You can only access the wizard by going to the local ip, AND you have to connect from a machine that is on the same network subnet.
That becomes an issue when you try to set it up on a remote machine. But there is a workaround. They talk about it in the install guide on the plex website.
I enabled this tonight for my Plex server so that it will work on networks where the admins block outbound traffic to ports other than 80/443. I’m getting the same error that Plex claims it can’t be accessed remotely, but it seems to work on every remote client I try it on. I do have my custom access URL set up as well.
The only nuisance really seems to be the remote access indicator - which flashes green at first and then back to failed - as well as Tautulli’s reporting on uptime which seems to depend on that indicator.
