IP addresses: (All subnet is 255.255.0.0)
A: Public WAN IP
B: 192.168.1.1
C: 192.168.1.100
D: 172.19.0.2
E: 172.19.0.3
F: 192.168.1.105
Info:
letsencrypt/NGINX (reverse proxy) and Plex Media Server are running as docker containers.
my docker host is an Unraid server
on the router i have port forwarding 443 to letsencrypt/NGINX 443
letsencrypt/NGINX is using https on port 443
Plex Media server is using http on port 32400
i can successfuly connect from the internet to my Plex Server using https://plex.<mydomain>.com
LAN Networks is set to: 192.168.1.0/24
I have a windows 10 machine on the 192.168.1.0./24 subnet
Symptoms:
Plex player (that is acutally an Apple TV device) cannot start the move playback, and have difficulties displaying the metadata already.
In the Plex Media Server console i can see records like this when starting a movie on the win10: “Request: [172.19.0.2:50284 (WAN)] GET /video/:/transcode/universal/dash/i15atmaapuzw10q06idnroqc/1/3823.m4s (4 live) GZIP Signed-in”
It is transcoding, when it should not
It makes me think, that Plex Media Server cannot see the real IP of the Player and therefore the LAN Networks settings is useless?
If i place PLex Server into the 192.168.1.0/24 subnet directly, than everthing works like a charm.
Questions:
1, How should my configuration look like to work in the above described network diagramm so, that Plex Player can detect the server as “local” and use direct streaming?
2, If PLex Server is part of the 192.168.1.0/24 network, then Remote Access works fine (setting up the router to port forward 32400 to Plex 32400), but if Plex Server is behind letsencrypt/NGINX, than how should remote access be set up?
3, Is Remote Access important, if i can access it at https://plex.<mydomain>.com?
4, If Remote Access is disabled but https://plex.<mydomain>.com is available, than will other Plex player able to see it through the internet?
Add the 192.168.x.x network to Settings → Network (Show Advanced) → LAN Networks. This will tell Plex Media Server to treat it as local even though it is a different logical network. Here’s an example:
On the same page, there’s a setting named “Custom server access URLs.” You can use this to specify the URL to your custom domain so that Plex’s remote access knows how to reach it. More information on how to use this setting can be found in this support article.
Remote access is important, if you want remote clients to be able to find your server automatically and securely. Some clients allow you to manually specify a remote server, but it is far easier to use Plex’s remote access feature. If you configured the customer server access URL correctly, it should be no problem.
I have still some difficulties to set up the remote access.
I have already configured the “Custom server access URLs” to https://plex.<mydomain>.com.
But i still dont understand how to set up the remote access if im behind the reverse proxy.
On the Home—Remote Access tab the gui sais
Private ip is “E” (from my diagram)
Private port is 32400
Public ip is “A” (from my diagram)
Public port is either automatic or manuall, but …
there is something i dont understand here. In my mindset the Private ip should be the ip address of the letsencrypt/NGINX (reverse proxy) so ip address “C” or am i missing something?
You are indeed right, but that is only a type in my description.
The correct subnet mask is 192.168.1.0/24. I will fix immediately in my first post.
By the way, my plex installation is configured correctly.
About the screenshot. That is philipsw’s screenshot and not mine.
Oh funny, sorry. The screenshot looked “right enough”.
Are you familiar with how reverse proxies will “obscure” the original IP address of a client? By default every request will appear to come from the IP address of the reverse proxy now.
I know that Plex will use the X-Forwarded-For header in most places, and can display original client IP addresses correctly. I think NGINX adds that header by default - if not, make sure it is doing so.
What I’m not sure about is if Plex will use X-Forwarded-For when matching internal/LAN clients, or if Plex clients will recognize that it’s local and choose Direct Streaming themselves.
It’s possible that the Plex client will only recognize it as local if it’s on the same network as the client.
I haven’t investigated deeply. There are a few other threads on the topic.
In this context (remote access settings), the private IP address shows the local IP address of PMS. So that’s what it should be showing (E in your diagram).
Setting a custom server access URL informs PMS what to publish to MyPlex as your remote access URL. This should resolve to your public IP address (A). If you don’t specify a port with the URL (https://plex.customdomain.com:443, in your case) the default port of 32400 will be used. Your router should be configured to forward traffic destined for that port to your proxy ( C ).
Your proxy takes it from there. Knowing that the traffic was originally intended for plex.customdomain.com, it should proxy it to PMS (E).
Providing entries in “LAN Networks” tells PMS what networks it should treat as local (even if they’re technically remote). By default, PMS will only treat the logical network on which it resides as local. In your case, that’s 172.19.0.0/24 (presumably). Even though 192.168.1.0/24 is a local network, PMS needs to be told it is since it’s a different local network. You may also want to put your actual WAN IP address in here as well.
The reason this is important is that, given your configuration, traffic from your clients on the 192.168.1.0/24 could be NAT-hairpinned through your router (depending on how your router handles DNS rebinding).
Given what you’ve described as your current configuration, the missing piece may be the :443 at the end of your Custom server access URLs setting.
Thanks for your information. I was not aware of this plex bug, but i will keep that in mind.
In a first step im trying to solve the “remote access issue” i have mentioned. If i have fixed that then i will concentrate on what you have written.
@pshanew Chiming in here to try and better understand your suggestion to add the 192.x range into the LAN Networks field. Since this is only available to Plex Pass subscribers, this would essentially mean that any user leveraging Bridge networking via Docker are either…
Forced to purchase Plex Pass to get things working as expected locally (aka - not show local clients as remote when viewing media)
I don’t use Docker for Plex myself, but there is a network type (“host”) you can specify which will share the host’s IP address. As long as the host is the same network as your clients, this should work.
As for the bridge network driver, you can still use it; however, Plex will likely treat clients on other networks as “remote.” That is, it will apply bandwidth restrictions even though the actual traffic is on a local, physical network. You’ll need to set the clients’ remote bandwidth settings to account for this.
Different clients have different setting names to configure this; for example, on my iOS devices it’s “Remote Streaming” and on my Apple TV it’s “Internet Streaming.” But they all amount to the same thing: Setting the maximum quality when streaming from a remote server.
There are server-side bandwidth restrictions which can be set, but those settings are Plex Pass-only. The client settings are available to everyone.
There is in indeed a host networking type but in the event that one is using a given host for many different services, that option is really not an option from my personal opinion (I have never had great success with running multiple services on a given host with the host networking enabled).
The workaround is of course the requirement to manually set quality at each client level you mention.
I don’t know if the OP resolved his remote access to Plex issue but I’ve been using a reverse proxy to access Plex remotely for some time now. My configuration is:
ISP <–> plex..com:443
(Front End)
<–> [pfSense Router/Firewall with HA Proxy configured as Reverse Proxy] <–>
<—> Synology NAS PLEX Server
(Back End) 192.168.1.13:32400
That is a simplified view as many other devices are attached to my network.
Remotely I can enter plex.mydomain.com into a browser (eg on my iPhone) and that URL will send plex.mydomain.com:443 to my Home WAN IP address. Then the Reverse proxy will offload the SSL encryption and forward internally to my NAS Plex server (192.168.1.13:32400). That’s it. I can then go through my libraries and select what I want to view.
