Problem connecting to Plex from the Internet Error 502/500

Plex Media Server NAS & Devices
1

Hello everyone

I’m new to Pley but pretty fascinated with the possibilities. I have set up the server at home and streaming is working via plex.tv but I’m having trouble with direct connection to my homelab.

You see, I have a hardware server running KVM (Ubuntu 16.04) on which I run an untangle firewall and a DMZ vm.

I have an apache server running on DMZ that should redirect port 80 requests to https 443 and from there proxy to my internal server at port 32400.

At first I had trouble with the proxying but since using this config I get a login prompt when I go to plex.mydomain.tld.

ServerSignature Off ServerTokens Prod

<VirtualHost *:80>
ServerName plex.glavas.ch

This VirtualHost redirects everything to HTTPS on port 443.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

ServerName plex.mydomain.tld ServerAdmin name@mydomain 
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.2.100:32400/
ProxyPassReverse / http://192.168.2.100:32400/

RewriteEngine On
RewriteCond %{REQUESR_URI} !^/web
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteRule ^/$ /web/$1 [R,L]

<Location />
    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /etc/apache2/basic_passwords
    Require user name
</Location>

<Location /:/websockets/notifications>
    ProxyPass wss://192.168.2.100:32400/:/websockets/notifications
    ProxyPassReverse wss://192.168.2.100:32400/:/websockets/notifications
</Location>

LogLevel warn
ErrorLog /var/log/apache2/error_plex.log
CustomLog /var/log/apache2/ssl_access_plex.log combined

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /etc/letsencrypt/live/plex.mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/plex.mydomain.tld/privkey.pem

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

As you can see the hardware server with plex installed and containing the media data has IP 192.168.2.100 while the DMZ host has 192.168.3.100. I have opened ports 80, 443 and 32400 from the internet to DMZ.

I also have a bypass rule for 32400 from DMZ to Plex.

Does anyone have an idea what I am missing here?

Regards and thanks in advance,

Marco

2

Well, idiot me. I uncommented the authentication part in the apache config and now I’m getting

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /web/.

Reason: Error reading from remote server

Furthermore, when connecting from the local network, /web seems to work but I get authentication required when connecting to the root. My plex account won’t do there. Do you know where I can set the credentials for that login?

3

Well, since nobody cares and I’ve just found out there’s a major bug on Android with writing to SD Card (for which I paid 60 Hamburgistan Pesos), I just went ahead and cancelled my subscription. This software is obviously almost garbage and support fully so.

4

I have the same issue with it I migrated from running it Docker to running it on another machine running Ubuntu and since then the reverse proxy is broken.

5

Alright I found the problem for me.
Plex seems to be listening to https only as that is set in the settings to Secure Connections: Required
But because my reverse proxy has a SSL it should not be set to Required but instead set it to Preferred then it will start listening to http as well and then you should not have problems.

Just in case here is my virtual host so you can set it up if you still feel like:


    <VirtualHost *:443>
        ServerName DOMAIN

		SSLEngine On
		SSLCertificateFile PATH
		SSLCertificateKeyFile PATH
		SSLCertificateChainFile PATH

		SSLProxyEngine on
		SSLProxyVerify none
		SSLProxyCheckPeerCN off
		SSLProxyCheckPeerName off
		SSLProxyCheckPeerExpire off

		ProxyRequests Off
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode
		
		<Location /:/websockets/notifications>
			ProxyPass wss://127.0.0.1:32400/:/websockets/notifications
			ProxyPassReverse wss://127.0.0.1:32400/:/websockets/notifications
		</Location>
		

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass / http://127.0.0.1:32400/ retry=1 acquire=3000 timeout=600 Keepalive=On
        ProxyPass / http://127.0.0.1:32400/ retry=1 acquire=3000 timeout=600 Keepalive=On
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
    </VirtualHost>```

Just make sure to replace PATH with your SSL path and DOMAIN with your domain