Remote acces from Kubernetes and NGINX as a proxy

Greetings everyone,

I’m currently working on enabling remote access to a Plex Media Server hosted in a Kubernetes cluster deployed on a Virtual Private Server within a cloud provider.

Utilizing the impressive Helm Chart, I effortlessly deployed the container. A single server is currently handling the Kubernetes cluster (1 master node), and I opted for a straightforward host network configuration for the ingress controller. This involves host ports directly bound to the controller, which forwards requests with the Host header or uses SNI inspection for TLS. For details, refer to the baremetal Nginx configuration.

My DNS records and SSL certificate are managed by Cloudflare. I’m also leveraging cert-manager and Let’s Encrypt to secure the connection, and everything is functioning seamlessly. I can access https://play.mydomain.com/web/index.html#! securely, with the Nginx controller forwarding connections to the container on port 32400.

However, there’s a catch – I’m facing issues with remote access. I’ve thoroughly explored resources such as the Support Network Article, Forum for Remote Access Troubleshooting, Support for Remote Access Troubleshooting, Blog on Certificates and PLEX, and How to Secure Server Connections.

I’ve attempted using manual ports 80 and 443 (as the ingress controller is listening on these ports), but neither seem to work:

• Port 80: When attempting to connect to https://app.plex.tv/desktop/#!/settings/server and clicking on Retry, I observe incoming packets in the host server using a packet sniffer. However, the controller trace shows a 400 Bad Request error.

myIP - - [11/Feb/2024:11:05:33 +0000] "\x16\x03\x01\x02\xBC\x01\x00\x02\xB8\x03\x03:4\xC1\xD5/[\xB3\xD6k\xE2\xB8\xEE\x8D1o\x19\xBF\xF0\xB4\xCE\xEF\xB0\xD3\xF5U\x8Ftcl\xA6jR \x94\xC8\x89^\x8D\xE8\x9Bq\xDC\xBEvd\xF1\x22\x91\xAAiY" 400 150 "-" "-" 0 0.023 ] ] - - - - 47be32947ce485c05e36271faf19cd63

• Port 443: No logs are visible in the Nginx controller. I’m unsure if the client sends the Server Name Indication (SNI) in the ClientHello message (in this case, play.mydomain.com). The requests return NS_BINDING_ABORTED, and I suspect Nginx might need host information for load balancing to the Plex server.

I’m at a loss on where to look next and would appreciate any guidance or insights into what might be missing. It’s perplexing why remote access isn’t working when I can access the endpoint https://play.mydomain.com/web/index.html#! securely from anywhere.

To provide a visual representation of the infrastructure, I’ve created this diagram:

If anyone has a clue about what might be happening, your assistance would be greatly appreciated!

I have a very similar setup and also the same issue. The only way I can get a connection is through the relay which is a terrible workaround for now.
I really wish they would provide some proper deployment options for kubernetes. It’s out there for so long and more and more people are using it but for some reason it’s still not really supported.

Somehow when I had my TrueNAS Scale setup this worked somehow miraculously with k3s beneath.
There’s so many posts on reddit and co that have a similar issue… I fear I’ll have to switch over to jellyfin if I cannot find a solution to this anytime soon.

Unfortunately, I had to switch to Jellyfin because the integration is much easier with Kubernetes. Simply exposing the pod with a service is sufficient, as it should be. In contrast, Plex adds a layer with the server sending packets to connect to the personal remote. Due to this configuration and without more information about the packets sent by the server or documentation about it, I couldn’t get it to work with the nginx ingress controller.

What actually wasn’t working? Being able to access the endpoint from anywhere sounds like it was working fine.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.