[PHP] PlexAuth - Authentication for your domain using Plex

Awesome work @xxrazorxx !

thanks hjone72 for this awesome software. got it up and running without problems, but i can’t figure out how to restrict the admin access. do i need plex pass to set photo filters? if not where do i set them?

@anon3nts said:
thanks hjone72 for this awesome software. got it up and running without problems, but i can’t figure out how to restrict the admin access. do i need plex pass to set photo filters? if not where do i set them?

Glad you like it!

Unfortunately Plex seem to have removed the ability to set photo filters via the web GUI. There is a way you can do it via their API but I haven’t investigated it very much. At this stage there are basically two options, you could modify the code to work with a DB or use the Music filters.

I’ve created a couple of threads here asking why they removed it and how to set the filters but I’ve had no responses.

https://forums.plex.tv/discussion/237989/filterphoto-options-are-missing#latest
https://forums.plex.tv/discussion/226624/filterphoto-options-are-missing#latest

i thought i was going crazy while looking for it

after some sleep and looking at the code again i made it easy for myself and handle the admin users in the code. i added the following functions before PlexAuth/PlexUser.class.php at c7015de64245d7d9f1448354817cff6ca33d088a · hjone72/PlexAuth · GitHub

 $custom_admin_users = array('user1','user2','user3');
 if (in_array($user['username'], $custom_admin_users)) {
             $auth = true;
             $this->groups = array("admin");
             break;
 }

i guess url specific filtering could also be handled directly in the code, but since i don’t need it this works perfectly for me. thanks for your fast reply and work hjone72!

@hjone72 did you get anywhere with a fork of plexrequests.net/ombi for SSO?

@anon3nts said:
@hjone72 did you get anywhere with a fork of plexrequests.net/ombi for SSO?

Unfortunately, time hasn’t really permitted me to spend much time on it. It is still something I plan on revisiting.

Thanks for the write up @xxrazorxx! It’s working great! But could you maybe explain how to create the cron job? I didn’t quiet get that part figured out.

@xxrazorxx said:
2. Enable php-openssh - docker exec -it letsencrypt apk add --no-cache php5-openssl
- Note, you may want to add this as a cron job, I am unsure if this will be wiped out when the docker updates ( there is a cron folder in the config dir)

Just go into the /mnt/user/appdata/letsencrypt/cron edit the root file and add this to the end
@reboot apk add --no-cache php5-openssl

Works like a charm, thank you!

@xxrazorxx, I followed your instructions and there are a couple corrections you should make to renaming the footer and nav files not to include ‘sample’.

That being said, I’m a bit stuck. My domain successfully redirects to https://my.site/plexauth, but I get a 502 Bad Gateway error. Looking at the site config is see a loopback to port 9000. I have Portainer running in a different container on that port if that matters:

location /plexauth {
auth_request “off”;
index index.php;
root /config/www/;
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
proxy_ignore_client_abort on;
}
}


After further googling this seems common when php-fpm isn’t set to listen to 127.0.0.1:9000, but after speaking to aptalca who informed me that setting is located in /etc/php7/php-fpm.d/www.conf within the container, it seems that is already correct. I’ve gone back and followed @xxrazorxx 's instructions and site-conf sample multiple times, but I can’t seem to get passed this… considering @Legolars99 and others have recently had success, I’m at a loss. Is there any further configuration required of plexauth to just get the page to load? I haven’t even bothered to go that far since the issue seems to be before plexauth even loads.

Could you post some logs please?

Hi @hjone72. After playing with user groups and setting the container to use a standard account with sudo permissions, I managed to get an http 500 error. What logs would be helpful in this case? I don’t see any logs kept within PlexAuth. It’s worth noting that at this point I have filled out the config.ini.php.

Container log:

      _     _ _
     | |___| (_) ___
     | / __| | |/ _ \ 
     | \__ \ | | (_) |
     |_|___/ |_|\___/
           |_|

If you are now getting a 500 error, the best logs will be your nginx logs.

More than likely you are getting an error with php7. The old container used php5 and worked fine. I didn’t have time to figure out what needed fixed to get the new container working, so I just used an old version with the following tag
linuxserver/letsencrypt:32

There are a few places in the nginx config that require changing if you’re
using php7.

Nice catch @xxrazorxx!

That’s it! It’s working! Sorry I didn’t get back with those logs, other things came up. Thank you so much.

Maybe I spoke too soon. Successful login just reloads the login page. Even if I plug in my URL to Ombi in the site:conf, it doesn’t let me pass through. I verified unsuccessful login results in prompt so it is authenticating.

Make sure you follow step 8 in my instructions

Lastly open up /plexauth/inc/include.php and comment out line 20 -
//session_regenerate_id($bool);
NOTE!!! removing the session regeneration reduces security and is a workaround until a permanent solution can be found.

Jeez, i must have done that a dozen times now and just forgot after the last reset. Ok, one more step forward. Now it sends me on, but I face another 502 error when I go to my.site/requests for ombi.

nginx log:
[error] 315#0: *7 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: client.ip, server: my.site, request: “GET /requests HTTP/1.1”, upstream: “https://host.ip:3579/landing”, host: “my.site”

site-conf entry:
location /requests {
auth_request /auth/;
proxy_pass https://host.ip:3579/landing;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}