Plex Web behind reverse proxy on SSL

Plex Media Server NAS & Devices
1

Hi ppl,

 

I succesfully putted plex behind a reverse proxy, and everything seems to work fine on Internet Explorer.

When using google chrome, I can browse Plex web just fine on plex.domain.nl, but when clicking a video it simply doesn't do anything. Since internet explorer works fine, I think it has something to do with rewrite or the POST request. My Proxy config is as follow:

 

ServerName plex.domain.nl
 
AuthType Digest
AuthName "Plex Media Server"
AuthUserFile "/etc/httpd/passwd/.htpasswd"
Require valid-user
 
ProxyPass wss://127.0.0.1:32400/:/websockets/notifications
ProxyPassReverse wss://127.0.0.1:32400/:/websockets/notifications
 
Order deny,allow
Allow from all
 
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/web
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
RewriteRule ^/$ /web/$1 [R,L]
 
LogLevel notice
ErrorLog /var/log/httpd/error_plex.log
CustomLog /var/log/httpd/ssl_access_plex.log combined
 
SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLCertificateFile /usr/syno/etc/ssl/ssl.crt/certificateplex.crt
SSLCertificateKeyFile /usr/syno/etc/ssl/ssl.key/certificateplex.key
SSLCertificateChainFile /usr/syno/etc/ssl/ssl.intercrt/server-ca.crt
ErrorDocument 403 "/webdefault/sample.php?status=403"
ErrorDocument 404 "/webdefault/sample.php?status=404"
ErrorDocument 500 "/webdefault/sample.php?status=500"
ProxyPass / http://127.0.0.1:32400/
ProxyPassReverse / http://127.0.0.1:32400/
 
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
 
 
When I use Internet Explorer, everything plays and seems to work, the following POST request is being sent to Plex when clicking 'Play' on a Video:
 
- Sinned [22/Jan/2015:09:39:17 +0100] "POST /playQueues?type=video&uri=library%3A%2F%2F469974e0-581b-4a57-9fdc-382ff560a534%2Fitem%2F%252Flibrary%252Fmetadata%252F12821&shuffle=0 HTTP/1.1" 200 1165 "https://plex.domain.nl/web/index.html#!/server/5b302154d873ea88dee33697cfd3bdd70c034f29/details/%2Flibrary%2Fmetadata%2F12821""Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
 
When I use Google Chrome, I get the following in my log:
 
- Sinned [22/Jan/2015:09:40:04 +0100] "POST /playQueues?type=video&uri=library%3A%2F%2F469974e0-581b-4a57-9fdc-382ff560a534%2Fitem%2F%252Flibrary%252Fmetadata%252F12821&shuffle=0 HTTP/1.1" 400 81 "https://plex.domain.nl/web/index.html""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36"
 
 
Does anyone have a clue what is going wrong here? The POST from IE seems to be alot longer then Chrome does, why is that?
 
2

When I put Debug on I get the following result when using Chrome:

 "type": "warning",
    "message": "NAS is unavailable at http://10.0.0.10:32400/(Status 0)",
    "time": "2015-01-22T10:53:17.444Z"
  },
  {
    "type": "ajax",
    "url": "http://10.0.0.10:32400/?X-Plex-Product=Plex+Web&X-Plex-Version=2.3.8&X-Plex-Client-Identifier=2i6groggr01f9a4i&X-Plex-Platform=Chrome&X-Plex-Platform-Version=39.0&X-Plex-Device=Windows&X-Plex-Device-Name=Plex+Web+(Chrome)&Accept-Language=nl",
    "status": 0,
    "statusText": "abort",
    "response": "undefined",
    "time": "2015-01-22T10:53:17.445Z"
  },
 
Where with Internet Explorer I get this:
 
 {
    "type": "ajax",
    "status": 200,
    "headers": {
      "X-Plex-Product": "Plex Web",
      "X-Plex-Version": "2.3.8",
      "X-Plex-Client-Identifier": "knhe83ftvd1u",
      "X-Plex-Platform": "Internet Explorer",
      "X-Plex-Platform-Version": "11.0",
      "X-Plex-Device": "Windows",
      "X-Plex-Device-Name": "Plex Web (Internet Explorer)",
      "X-Plex-Token": "TOKEN",
      "X-Plex-Username": "pnxsinned",
      "Accept-Language": "nl"
    },
    "responseLength": 0,
    "time": "2015-01-22T10:54:17.569Z"
  },
 

The difference I see is that Chrome is trying to connect to 10.0.0.10 instead of using the hostname?

Why is that? Anyone knows?

Please help ^^

3

Hi ppl,

Just want to let you all know that I solved it by doing the following;

To above Virtual host I changed 

ProxyPass / http://127.0.0.1:32400/
ProxyPassReverse / http://127.0.0.1:32400/
to
ProxyPassReverse / https://127.0.0.1:32443/
 
and added SSLProxyEngine On
 
 
Now it seems I got plex 100% running on HTTPS/SSL + Authentication, and no special ports are open besides 80/443 :)  Me is happy.
4

Hi ppl,

Just want to let you all know that I solved it by doing the following;

To above Virtual host I changed 

ProxyPassReverse / http://127.0.0.1:32400/
to
ProxyPassReverse / https://127.0.0.1:32443/
 
and added SSLProxyEngine On
 
 
Now it seems I got plex 100% running on HTTPS/SSL + Authentication, and no special ports are open besides 80/443 :)  Me is happy.

This is great. Thanks for sharing, going to try it out myself.

5

Meh, can't seem to get it working on my setup.

Can login and I get the interface but it can't see any servers. I also don't have the 32443 ssl port open, think they've disabled it on the new builds (maybe on on Linux)?

6

Meh, can't seem to get it working on my setup.

Can login and I get the interface but it can't see any servers. I also don't have the 32443 ssl port open, think they've disabled it on the new builds (maybe on on Linux)?

It should be open by default, it's the new SSL port they introduced. On your local network if you connect to https:32443/web that should work to enter your plex locally.

7

It should be open by default, it's the new SSL port they introduced. On your local network if you connect to https:32443/web that should work to enter your plex locally.

I think they removed it a while ago, at least that's what I read somewhere.

Plex isn't using port 32443 at all on my system:

[root@home www]# netstat -taup | grep Plex
tcp        0      0 *:32401                     *:*                         LISTEN      6329/./Plex Media S 
tcp        0      0 *:38392                     *:*                         LISTEN      6658/Plex Plug-in [ 
tcp        0      0 *:54041                     *:*                         LISTEN      6651/Plex Plug-in [ 
tcp        0      0 *:53273                     *:*                         LISTEN      6578/Plex Plug-in [ 
tcp        0      0 *:39644                     *:*                         LISTEN      6581/Plex Plug-in [ 
tcp        0      0 *:52355                     *:*                         LISTEN      6648/Plex Plug-in [ 
tcp        0      0 *:33158                     *:*                         LISTEN      6503/Plex Plug-in [ 
tcp        0      0 *:35753                     *:*                         LISTEN      6505/Plex Plug-in [ 
tcp        0      0 *:12555                     *:*                         LISTEN      6505/Plex Plug-in [ 
tcp        0      0 *:42988                     *:*                         LISTEN      6337/Plex Plug-in [ 
tcp        0      0 *:32400                     *:*                         LISTEN      6329/./Plex Media S 
tcp        0      0 home.local:32400            192.168.1.12:52627          ESTABLISHED 6329/./Plex Media S 
tcp        0      0 home.local:50085            li695-30.members.lino:https ESTABLISHED 6329/./Plex Media S 
tcp       70      0 home.local:43091            lon3-weblb-a6.lon3.sp:https CLOSE_WAIT  6505/Plex Plug-in [ 
udp        0      0 localhost:50229             *:*                                     6329/./Plex Media S 
udp        0      0 home.local:51393            *:*                                     6329/./Plex Media S 
udp        0      0 localhost:42947             *:*                                     6329/./Plex Media S 
udp        0      0 home.local:41737            *:*                                     6329/./Plex Media S 
udp        0      0 *:32410                     *:*                                     6329/./Plex Media S 
udp        0      0 *:32413                     *:*                                     6329/./Plex Media S 
udp        0      0 *:32414                     *:*                                     6329/./Plex Media S 
8

I think they removed it a while ago, at least that's what I read somewhere.

Plex isn't using port 32443 at all on my system:

[root@home www]# netstat -taup | grep Plex
tcp        0      0 *:32401                     *:*                         LISTEN      6329/./Plex Media S 
tcp        0      0 *:38392                     *:*                         LISTEN      6658/Plex Plug-in [ 
tcp        0      0 *:54041                     *:*                         LISTEN      6651/Plex Plug-in [ 
tcp        0      0 *:53273                     *:*                         LISTEN      6578/Plex Plug-in [ 
tcp        0      0 *:39644                     *:*                         LISTEN      6581/Plex Plug-in [ 
tcp        0      0 *:52355                     *:*                         LISTEN      6648/Plex Plug-in [ 
tcp        0      0 *:33158                     *:*                         LISTEN      6503/Plex Plug-in [ 
tcp        0      0 *:35753                     *:*                         LISTEN      6505/Plex Plug-in [ 
tcp        0      0 *:12555                     *:*                         LISTEN      6505/Plex Plug-in [ 
tcp        0      0 *:42988                     *:*                         LISTEN      6337/Plex Plug-in [ 
tcp        0      0 *:32400                     *:*                         LISTEN      6329/./Plex Media S 
tcp        0      0 home.local:32400            192.168.1.12:52627          ESTABLISHED 6329/./Plex Media S 
tcp        0      0 home.local:50085            li695-30.members.lino:https ESTABLISHED 6329/./Plex Media S 
tcp       70      0 home.local:43091            lon3-weblb-a6.lon3.sp:https CLOSE_WAIT  6505/Plex Plug-in [ 
udp        0      0 localhost:50229             *:*                                     6329/./Plex Media S 
udp        0      0 home.local:51393            *:*                                     6329/./Plex Media S 
udp        0      0 localhost:42947             *:*                                     6329/./Plex Media S 
udp        0      0 home.local:41737            *:*                                     6329/./Plex Media S 
udp        0      0 *:32410                     *:*                                     6329/./Plex Media S 
udp        0      0 *:32413                     *:*                                     6329/./Plex Media S 
udp        0      0 *:32414                     *:*                                     6329/./Plex Media S 

Weird, it is open at mine.

What version of Plex are you running? It is on synology right? My version is 0.9.9.10.459-008ea34 

I tried to find the version which removed it, but cannot seem to find it in the changelog? Any source for that mate? Else I don't think I will ever update this version lol.

9

Weird, it is open at mine.

What version of Plex are you running? It is on synology right? My version is 0.9.9.10.459-008ea34 

I tried to find the version which removed it, but cannot seem to find it in the changelog? Any source for that mate? Else I don't think I will ever update this version lol.

No, mine is Linux (0.9.11.7). The reverse proxy config should be the same for me though and it does work partially. I don't know enough about this to try and figure out how to get it to work on my setup. I know smarter people than me have tried and failed, so I don't feel too bad :D

11

Can anyone confirm if this still works? I tried this configuration, and most things worked. Only thing that didn’t was getting access to Server Settings. I had to be on the local network to get to it.

I’m mainly interested in closing port 32400 and using my reverse proxy only (seems more secure). But it seems that Plex chokes on it with the way it determines remote access.

12

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.