Plex + Traefik = not showing real IP address

plex_user_1230 · June 19, 2025, 10:18pm

Server Version#: 1.41.8.9834

I am pulling my hair out trying to solve this issue and would appreciate any help or guidance. I was previously using Nginx Proxy Manager as my reverse proxy and was able to get this working (not sure what I did differently) but now I am on Traefik and can’t figure out how to get the real client IP address to show in Plex dashboard. But for some odd reason, my Apple TVs show up correctly.

Here is a screenshot:

My current setup:

Plex’s remote access disabled
Plex’s LAN networks field: 10.14.1.0/24,172.14.1.0/24
Traefik handling domain certificates
Traefik labels:

- "traefik.enable=true"      
- "traefik.docker.network=proxy"      
- "traefik.http.services.plex.loadbalancer.server.port=32400"      
- "traefik.http.services.plex.loadbalancer.serversTransport=default@internal"      
- "traefik.http.services.plex.loadbalancer.server.scheme=https"      
- "traefik.http.routers.plex-external-secure.service=plex"      
- "traefik.http.routers.plex-external-secure.entrypoints=websecure-external"      
- "traefik.http.routers.plex-external-secure.rule=Host(plex.${DOMAIN_NAME})"      
- "traefik.http.routers.plex-external-secure.tls=true"      
- "traefik.http.routers.plex-external-secure.middlewares=websecure-external-middlewares@file"

Already have forwardedHeaders set to insecure to allow all headers to pass through while I try to debug this.

  websecure-internal:
    address: ":443"
    forwardedHeaders:
      insecure: true

plex_user_1230 · June 23, 2025, 5:46am

I dug a little deeper. In my compose file I still had the port 32400 binded:

    ports:
      - 32400:32400/tcp

Which is why I am assuming my Apple TVs were able to bypass Traefik somehow… once I remove the port binds, the Apple TVs showed as 172.14.1.2 as well.

Then I enabled access logs in Traefik and found something interesting. I see Matrix Synapse sending the request_X-Forwarded-For header (with correct IP address). But for Plex it sends request_X-Real-Ip instead (with correct IP address)… not sure what to make of it, any thoughts anyone?

plex_user_1230 · June 27, 2025, 4:41am

I did manage to make some progress… I found this error in the Plex logs:
ERROR - Illegal allowlist entry covers multiple WAN IPs

That led me to discover that my docker network subnet 172.14.1.0/24 was outside the supported Private Ranges (RFC 1918) which are:

10.0.0.0/8 – covers 10.x.x.x
172.16.0.0/12 – covers 172.16.x.x to 172.31.x.x
192.168.0.0/16 – covers 192.168.x.x

After moving my docker network to 10.255.0.0/24 I am finally able to see WAN IP addresses, both IPv6 and IPv4. That was a crazy thing to learn…

And for the crazy bit, I am now able to see the IP addresses of my devices connected via Unraid’s WireGuard plugin (subnet: 10.14.254.0/24) but when I use Ubiquiti’s WireGuard (subnet 10.14.255.0/24) on my Cloud Fiber Gateway, it doesn’t work.

Now for the bad news: devices on my LAN still don’t show the correct IP address.

system · September 25, 2025, 4:42am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Plex + Traefik 2.0/2.1: "Not available outside your network" Remote Access server-docker	11	10445	April 4, 2020
X-Forwarded-For and X-Real-IP not used when request is coming from tailscale IP (100.x.x.x) Remote Access server-linux , server-docker	4	251	June 28, 2025
Fix "Plex API - Sessions Status not honoring X-Forwarded-For & X-Real-IP with IPv6 clients" Remote Access	40	1855	October 30, 2025
[Help] setting up plex with reverse proxy traefik Plex Media Server server-linux , server-nvidia-shield , server-docker	3	234	August 15, 2022
Plex ignores X-Real-IP and X-Forwarded-For eventhough it has it in the logs Remote Access server-linux , server-docker , networking , plexdash	1	209	April 9, 2022

Plex + Traefik = not showing real IP address

Related topics