Plex Remote Access via NGINX Reverse Proxy results in Limited Connection (Relay)

Plex Media Server Remote Access
, ,
1

Server Version#: 4.12.13

TL:DR - I have been trying to get Plex to work via NGINX and am unable to get it to work reliably with apps (Android/Roku). It notifies me of “Limited Connection” and thus my streaming speed is limited as it is using the Plex relay feature. Access via the web addresses (both direct plex.mydomain.com and app.plex.tv appear to work properly).
When trying other recommended NGINX configurations I am also able to access only with a browser and not any apps.

More Detail:

I have had Plex working fine previously for remote access without NGINX. I had my own PFX certificate (self-signed) installed within Plex and had port 32400 forwarded with remote access enabled. This worked fine, but I am trying to utilize NGINX for all my remote services through the single 443 port. I mention the above mostly to show that I am familiar with what a properly functioning remote access should entail.

My specific setup is as follows:

  • NGINX running on an Asus-merlin router accepting connection on 443. Port 80 is actually blocked by my ISP so it is not possible for me to accept any connections on 80 and redirect. All connections must be able to hit 443 directly.
    IP Address (internal): 10.10.10.1
    External domain name: plex.mydomain.com
    SSL Certificate from Let’s Encrypt

  • Plex running on a Windows Server 2016 which is single-natted to the outside network.
    IP Address (internal): 10.10.10.102

I initially had a pretty straightforward NGINX configuration for Plex which I found somewhere on these forums. It had appeared to work under casual use but then I realized I was getting limited connection when using the Android app. It would sometimes notify me of this Limited Connection, but additionally it would not allow me to set my streaming quality above 1 Mbps (which indicates that I am indeed using the Plex relay instead of connecting direct).

It is worth mentioning that in that configuration I did have the Plex remote access enabled over port 443. Additionally I had the following Network configuration set:
Custom certificate domain: plex.mydomain.com
Custom server access URLs: https://plex.mydomain.com:443
Secure Connections: Preferred

When I realized I was getting limited connection I researched some other configurations and it seems most people are using a configuration based on this one.
I have modeled a new nginx conf based off of this one and the issue remains.
Additionally, the instructions for that configuration (and discussed elsewhere) state that you should actually disable remote access within Plex..

When I disable remote access within Plex I no longer get any connection at all using the Android or Roku apps. It simply shows my server as offline.

It is worth noting that in either configuration (my old config or new, and whether or not I enable or disable remote access from within Plex) I am able to access:

https://plex.mydomain.com
https://app.plex.tv

And in both cases I am able to play back without any indication of streaming limit/relay. So, it appears that my configuration is working to some degree as the browsers can access it, but it appears none of the apps are able to access it.

I am really at a loss as I have been troubleshooting this for a couple of days now and can’t find really any indications of other people having these problems. Of course, there are so many variations in other configurations, but most of the other posts I see people are running on VPS or within docker, etc. I would think that my configuration is actually a simpler one as I am simply running it on a box directly behind my router.

Would really appreciate assistance with this!

2

@kopfpilot I’ve seen you post in several places about NGINX access, hoping you might have some guidance?

3

I stopped using a reverse proxied setup, as I quite mit vps contract. Though, I can share my experience.

While my base configuration looked pretty much like the Github link you posted, it allowed flawless playback for PlexWeb, the old Android client and the Samsung for Smarthub client…

Even though the availability indicator always showed unavailability, the players could connect and playback without issues. In the first months, the limitedconnection indicator never showed up, which changed a couple of months ago. I assume Plex changed the way how it detects if a limited connection is present.

Sorry, that I can’t be of more help. I am just looking for some spare time to setup a kubernetes cluster in my homelab and migrate to unicorn plex. Though, it is more likely that I will use traefik instead of nginx then.

4

I am using Gooby on my VPS without any problems:

Maybe you can get something out of their config.

Edit:
Kopfpilot told me that GitHub repo doesn’t help a lot, so I should paste the respective conf for nginx, which I try to do here, I hope it is the right part:

# plex.host.de
upstream plex.host.tld {
                                ## Can be connected with "docker_default" network
                        # plex
                        server 172.18.0.2:32400;
}
server {
        server_name plex.host.tld;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
}
server {
        server_name plex.host.tld;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/plex.host.tld.crt;
        ssl_certificate_key /etc/nginx/certs/plex.host.tld.key;
        ssl_dhparam /etc/nginx/certs/plex.host.tld.dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/certs/plex.host.tld.chain.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        include /etc/nginx/vhost.d/default;
        location / {
                proxy_pass https://plex.host.tld;
        }

I obviously subbed host.tld where normally the respective domain is.

5

Thanks guys. Sorry for the delay in responding.

Yes, I see the edit now, I too when initially looking at your post got nothing from the repo, and wasn’t about to install the whole package to find the .conf file. Unfortunately the file is almost identical to the one I linked in my OP and what I am using.

I have had some success in getting this to work, but I am not sure why things are now working.
I have created a new post that I am hoping will get some responses explaining architecturally how the clients are working.

In short, I have switched over to using Cloudflare for my DNS. With Cloudflare you can serve your DNS entry as a standard/non-proxies entry, which will simply return your IP and allow a connection from the client. Alternatively, you can proxy the connection through Cloudflare. In this configuration the clients will connect to Cloudflare which will in turn connect to your server and proxy the stream.

The thread I posted has the complete details of my observations, but it doesn’t explain why this configuration is required. I suspect there is actually some additional check/component that the Android/Roku clients use which is probably causing the issue. It would seem to be a bug/oversight with the clients because there is no reason I should have to proxy a connection. Indeed, proxying the connection through Cloudflare should, if anything, add more complexity not less.

If you’d like to take a look at my post there and see if you have any knowledge to add, that would be great.

6

This topic was automatically closed after 90 days. New replies are no longer allowed.