I’ve got a script that runs to check if my home connection got a new DHCP lease and when that happens it updates several things, among them being allowedNetworks for my Plex service.
Happily this lease doesn’t rotate very often but that does make testing my changes rather difficult. Anyhow, I’m hoping this change is instant as plex doesn’t seem to have a “reload” function in the unitfile. I guess restarting isn’t that egregious, just more code to write.
So what’s the word? Is this an instant change or a restart-the-service change?
This is probably a stupid question, but isn’t allowednetworks for designating the networks that are permitted access your plex server without authentication? And if that is true, why would you change your setting if your isp assigned a new DHCP lease? Wouldn’t that mean you are opening your plex server to the entire world for access without authentication?
Or am I misinterpreting where the lease is coming from and it’s a LAN ip lease from your router, in which case you can simply specify your lan subnet there and not care about when the ip number changes (if it does).
Worth noting that my Plex server sits in a datacenter, so I’m trying to make sure devices at home can always access it even if the DHCP lease for my house expires and the ISP assigns me a new address. As mentioned I’ve got something set up to track that, and am wanting to get that change tracked in Plex as well. Sorry that I didn’t mention the part about the remote Plex server originally - that does add a bit to the discussion!
Ahh, understood. My mental picture of your setup was the complete opposite. I suspect you will need to restart the server from the command line. Needs to be done from root though, so you need root access on the remote machine.
I feel like there must be some kind of misunderstanding. I’ve got “remote access” disabled and beyond that host firewall rules prevent access anywhere I don’t want access - and that will (hopefully) follow my home IP as it rotates. The configuration setting that I’m referring to maps in the webUI as “List of IP addresses and networks that are allowed without auth” which is limited simply to the /32 that is the public IP of my house. And I am fine with anyone on the network at home accessing the server (that’s the point really).
So as I understand this configuration, nobody (at all) can access the Plex server from any address not:
Explicitly allowed through the firewall, and
Coming from the NATted IP address that’s at my house
If I wanted to expose the server to the Internet at large I’d probably be changing the port and definitely requiring auth (to anyone not at my house, as above), but I’m not there yet.
Help me understand the usage case you’re trying to achieve and
please re-iterate your question about “allowedNetowkrs” as it pertains to that configuration .
Sure. Plex server is in a datacenter. House is across town, using a dynamically-assigned IP address from an ISP. I wish to allow access to anyone in the house who is authed to wifi or plugged in (to a whopping two available ports) access to the Plex server. I have monitoring in place so that I know when my ISP rotates my home connection to a new IP address and I adjust firewall rules accordingly. My use of allowedNetworks is for the same purpose - I want my home to have access to the Plex server and not the next household to get my old IP address.
In your home, on your LAN (which is behind the NAT translation), can be made static or DHCP reservations in the router.
However, those IP addresses don’t mean anything outside the house.
Per RFC-1918, all of those LAN addresses are not publicly routable.
This means you will never see “192.168.0.10” show up as an IP in your Plex server.
You will see the WAN (ISP assigned) IP. The modem/router is performing the translation for you and keeping track of the connection.
Because the server is in the data center, its “LAN” is confined to those hosts in the same datacenter as it is. This serves no practical purpose because the Datacenter hosting provider isolates your host from the other hosts. To you, you are the only host in that datacenter.
The best you can hope to achieve is:
Obtain a staic IP from the ISP… Doing so will make all requests from your home always be from a never changing address.
You can then assign the static IP address as the only one allowed wtihout authentication. (a XXX.XXX.XXX.XXX/32 network mask)
Yesh, I know how NAT works (I work at that datacenter which is why I have my obscenely-loud server hosted there)
The IP address I’m talking about is public IP that my house sits behind. Thus any connection coming from the house will always show up as the public IP. So let’s say my public address at home is 1.2.3.4 and my Plex server is 9.8.7.6 (of course these aren’t really the addresses just examples). So I set allowedNetworks to 1.2.3.4/32
Two weeks later, the DHCP lease from my ISP expires and I end up with 2.3.4.5 (this ISP uses a contiguous /4 in its DHCP range haha not really but examples). My monitoring picks up the changes, an XML file in /etc/firewalld gets edited and firewall-cmd is called, and now my server only allows Plex and http and whatever to be accessed from 2.3.4.5. Same bit of code (I should write the next version in LISP just for torture’s sake and because I know where there are some Gandalf-level graybeards around who will tell me how to write it in COBOL if I don’t) also edits Preferences.xml in the (suspiciously Mac-looking with all the single-quotes because somebody put spaces in directory names) file path for the Plex server.
Thing is, the above was not my question. My question was do I need to restart the plexmediaserver service after editing the preferences file. Someone else has already linked to the page where the answer is documented as “yes” which also proves my Google-fu is lacking sometimes else I’d have found that link on my own. I’ll add a service restart to that code. I think what I should do is write the entire thing in zsh but backtick it into a Perl script that’s called by Python.
(I work at that datacenter which is why I have my obscenely-loud server hosted there)