Plex behind Reverse Proxy

General Discussions
1

I am thinking of putting my Plex Media Server behind a reverse proxy (where I will terminate SSL), and only reach the server via this proxy.

In that case, can/should I disable Remote Access in my Plex server settings?

Can I also set Secure Connections to Disabled, or is there any reason to keeping it set to Preferred/Required?

1 Like
2

The remote access in Plex Settings is just to publish your server into plex.tv.
This allows you to connect to Plex server just by logging into your account, from any device.

You will still be able to reach your server with that option disabled, but you would need to configure the client to connect to that server in the client’s settings.

No, you won’t need to configure “Secure Connections” to required, as the SSL connection will end at the reverse proxy, then be forwarded to your local server, port 32400, with or without encryption.

3

Thank you for your reply.

Are you sure that clients would need to manually configure the server IP if I disable Remote Access? I just tried it and am still able to connect to the server. Maybe only new clients need to be configured manually?

4

You will be able to connect to it, but it won’t be a direct connection to the server.
You are going to connect to it through a relay.

To connect directly to it and don’t be bandwidth limited, or you publish it in plex.tv through the plex server, or you make a direct connection to it through the client’s configuration, specifying the server address and port.

5

I have unchecked “Enable Relay” in the settings also, so I’m pretty sure the clients are connecting directly.

6

that is strange…

Note, if you don’t enable “Remote access”, to publish your server in Plex.tv, how the users will be able to know the server IP address and port to connect to?
You need to enable remote access, so users can reach your server directly, by just logging into the plex account.

Let’s suppose you change the port from 32400 to 32401, how the users would know that, if it’s not published?

There is something weird happening there, or things changed since I checked it…

7

I guess I should note that I have filled in my custom domain (https://plex.domain.com) under “Custom server access URLs”, so maybe this URL gets announced to plex.tv - even though I have Remote Access disabled?

1 Like
8

hmm…

https://support.plex.tv/articles/200430283-network/

Custom server access URLs

A comma-separated list of URLs (either HTTP or HTTPS), which will be published to plex.tv for server discovery. This can be very useful in a few cases: if you’re using a VPN to get back home, if you’re using a reverse proxy in front of the media server, or if your networking configuration is otherwise unique. For instance, if you have your own custom domain with subdomain, you might add:

https://plex.mycustomdomain.com:32400

Tip! : If you don’t specify a port, the port from your Remote Access page will automatically be used.

1 Like
9

Edited to confirm a few things:

I believe:

  • Plex always obtains a *.plex.direct SSL certificate.
  • When Remote Access is disabled, Plex doesn’t try to use UPnP/NAT-PMP to establish an inbound port mapping.
  • When Remote Access is disabled, Plex disables the Relay. (Confirmed)
  • When Remote Access is disabled, Plex doesn’t perform (some) remote connectivity tests.
  • When Remote Access is disabled, Plex doesn’t register discovered connectable Internet IP addresses with the Plex Cloud.

I’m (was) unsure about (but I’ve now confirmed):

  • When Remote Access is disabled, does Plex still register LAN addresses with the Plex Cloud for LAN discovery purposes? (Answer: Yes)
  • When Remote Access is disabled, does Plex still register the Custom Server Access URLs with the Plex Cloud? (Or to put it another way, are the Custom Server Access URLs always published?) (Answer: Yes)

Curious. Following. :slight_smile:

1 Like
10

From my testing so far, it seems so.

1 Like
11

I suppose that statement is correct…

Custom Server Access URLS publishes even with the Remote Access feature disabled…

1 Like
12

Now that you said it, I’ll have to perform a test to find out…

I’ll disable my remote access to confirm it…

Edit:

https://support.plex.tv/articles/216766168-accessing-a-server-through-relay/

It seems that you don’t need to enable remote access to get the proxy relay working…

14

I’ve verified a couple of things by looking at what Plex is registering with the Plex cloud.

If Remote Access is not enabled, Relay is also not enabled.

  • When Remote Access is enabled, Plex attempts to register the Public IP & Port with the Plex cloud.
  • When Remote Access and Enable Relay are both enabled, Plex also registers a Relay connection with the Plex cloud.

However:

  • When Remote Access is not checked, even if Enable Relay is checked, Plex does not register a Relay connection.
  • Plex also ignores attempts to access the Relay, and the Relay service isn’t started.

I agree, like y’all said: Remote Access is NOT a prerequisite for Custom server access URLs. Custom server access URLs are always registered with the Plex cloud, whether they’re reachable or not.

If you configure an accurate Custom server access URL for your reverse proxy configuration, remote clients will be able to discover your server.

3 Likes
15

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.