Server Version#: 1.41.8.9834
Player Version#: 4.147.1
Hi there,
i have a quite specific network setup, to keep it short: network wide vpn and no port forwarding allowed from the vpn provider.
There are 2 servers, one on a Synology NAS, the other on a Windows 11 PC. Both have 2 IP addresses each. One IP has the VPN as gateway, the other doesn’t (WAN Gateway).
Now i understand that remote access via VPN can not work without relay, which is suboptimal since there might be quality/bandwidth restrictions (but it works though). I do have DDNS and Reverse Proxy which is all fine and works (although both servers have to have their own urls, which i don’t like too much) BUT Plexamp doesn’t seem to work with custom urls and also Plex app (on Android) doesn’t work with music libraries anymore. Custom url would be the nicest solution here, IF Plexamp could work with them AND both servers would be visible on plex.tv, no matter which url (from both mentioned) IP address.
Concerning port forwarding and remote access, Plex decides which IP it wants on its own. The ‘preferred network interface’ option in network settings only seems to be relevant for local clients, and not for remote access, since i can chose which one i want, remote access remains on the ‘wrong’ interface, gets the unwanted IP.
In Synology (or Linux in general) i guess one can set IPs and respective Gateways, but can also set a preferred/default Gateway, which would result in an interface being able to use both Gateways and replies to requests from the gateway it receives that request from. On Windows this seems to be a bit different (and to be honest there’s no second NIC here, only IPs configured on one NIC, with both Gateways and metrics to define the default Gateway).
I guess i need to be able to force Plex to use the specific route otherwise port forwarding wouldn’t work in this scenario. Again, custom url would be the preferred way, but why would Plexamp not work with this?
Yes, it does. As long as your custom URL has a domain name and a fitting, publicly trusted (i.e. not self-signed) security certificate for it.
And that certificate has to go into the Plex configuration. https://support.plex.tv/articles/200430283-network/
You can add several adresses for the same server into “Custom server access URLs”.
(just don’t insert a space character after the comma to separate them)
Each server has to have its own URL. And it doesn’t matter much, because the user only needs to open the Plex app.
There is no need to memorize server adresses.
The server is claimed into a plex.tv user account. The above configuration will ensure that plex.tv will store the URLs of each server.
The client is signed into a Plex.tv user account as well. That plex user account will tell the client which URLs are assigned for all servers, to which the user account has been granted access. All libraries from all servers are available at once in the client app.
Hey thanks for your quick reply, so yeah, this does make things way more complicated, i realize that ‘Custom server access URLs’ is not the same than and i need to use my let’s encrypt certificate explicitly in plex settings (i guess Custom server access URLs is for web only).
So i exported the cert and converted it to a pfx (which read somewhere how to do: openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert.pfx) and place it where exactly? I created a cert directory in Synology which should be /volume1/PlexMediaServer/AppData/Plex Media Server/cert on Synology and copied the cert.pfx there (chmod 600 and PlexMediaServer as owner), gave Plex that path. Entered the encryption key i just created and gave it the custom certificate domain that i previously had in Custom server access URLs, but that doesn’t work so i guess this isn’t as simple as just using a reverse proxy.
Ok, i seem to have problems setting this up, and i have to admit, searching for a bit, having tried all possible combinations, this doesn’t seem to work for Plexamp (won’t find the server on setup, reverse proxy works on the web though). My reverse proxy is working fine, but i have trouble understanding the Plex integration of the certificate. There doesn’t seem to be a proper documentation specifically concerning Synology and certificate integration. As posted in my comment above, i changed the command slightly but to no avail:
openssl pkcs12 -export -out name.synology.me.pfx -in RSA-cert.pem -inkey RSA-privkey.pem -certfile RSA-chain.pem -name “name.synology.me” -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256
I’m also having trouble understanding what exactly do i have to enter in ‘Custom certificate domain’ and ‘Custom server access url’..? Just to clarify, my reverse proxy is configured with port 443 and i have a synology provided ddns let’s encrypt certificate with wildcard *.name.synology.me as subject alternative name, and in that all my reverse proxy urls (like plex.name.synology.me).. i might just fundamentally misunderstand things and that’s why i’m here obviously..
EDIT: Ok, i think i figured it out, the commands seem to be correct, at least for the last one i mentioned, however, in the custom server access url field one needs to add the url woth https://xxx:443. The more you know.
