White rectangle in top-left corner

Plex Media Server Remote Access
,
1

Server Version#: 4.51.1

Hi,
I just turned on reverse proxy in apache with SSL on port 443.
And now when I connect through the web interface a white rectangle appears

image

Here’s my configuration:

DEFINE plex_url 127.0.0.1
DEFINE plex_port 32400
DEFINE public_url plex.domain.com
DEFINE email webmaster@localhost
ServerTokens Prod
SSLStaplingCache “shmcb:{APACHE_LOG_DIR}/stapling-cache(150000)" SSLSessionCache "shmcb:{APACHE_LOG_DIR}/ssl_scache(512000)”
SSLSessionCacheTimeout 300

If you have Google’s Mod PageSpeed, disable it

#ModPagespeed Off
<VirtualHost *:443>
ServerName {public_url} DocumentRoot /var/www/offline ServerAdmin {email}
ErrorLog {APACHE_LOG_DIR}/{public_url}.error.log
CustomLog {APACHE_LOG_DIR}/{public_url}.access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/plex.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/plex.domain.com/privkey.pem
#Include /etc/letsencrypt/options-ssl-apache.conf

Forbid the http1.0 protocol

Protocols h2 http/1.1
#Options -Includes -ExecCGI
#LimitRequestBody 512000
#FileETag None
#TraceEnable off
Timeout 360
ProxyRequests Off
ProxyPreserveHost On
ProxyTimeout 600
ProxyReceiveBufferSize 4096
SSLProxyEngine On
RequestHeader set Front-End-Https “On”
ServerSignature Off
SSLCompression Off
SSLUseStapling On
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors Off
SSLSessionTickets Off
RequestHeader set X-Forwarded-Proto ‘https’ env=HTTPS
Header always set Strict-Transport-Security “max-age=15552000; preload”
Header always set X-Content-Type-Options nosniff
Header always set X-Robots-Tag none
Header always set X-XSS-Protection “1; mode=block”
Header always set X-Frame-Options “SAMEORIGIN”
Header always set Referrer-Policy “strict-origin-when-cross-origin”
Header always set Content-Security-Policy “default-src ‘self’ https:; font-src ‘self’ data: {plex_url} {public_url}; media-src ‘self’ blob: data: https: {plex_url} {public_url} *.plex.direct *.plex.tv plex.tv; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ {plex_url} {public_url} plex.tv *.plex.tv gstatic.com *.gstatic.com *.plex.direct; style-src ‘self’ {plex_url} {public_url} *.plex.direct; img-src ‘self’ data: blob: {plex_url} {public_url} plex.tv *.plex.tv *.plex.direct; worker-src *; frame-src ‘none’; connect-src ‘self’ wss: https: {plex_url} {public_url} plex.tv *.plex.direct *.plex.tv;”

If you want to be safer, remove the ‘unsafe-inline’ ‘unsafe-eval’ from above and use Chrome to get the sha-256 sums and input below (below was for Server version: 1.16.5.1488; Web version: 3.108.2)

#Header always set Content-Security-Policy “default-src ‘self’ https:; font-src ‘self’ data: {plex_url} {public_url}; media-src ‘self’ blob: data: https: {plex_url} {public_url} *.plex.direct *.plex.tv plex.tv; script-src ‘self’ ‘sha256-8yKKbip2qr14RHV8H1qDEbRAm9Mmf5ePeQh+wB5pMCw=’ ‘sha256-pKO/nNgeauDINvYfxdygP3mGssdVQRpRNxaF7uPRoGM=’ ‘sha256-mrLkgfrqAhdxc2TvIODT0I7QtvuQLMS9AgtfLL9eMXo=’ {plex_url} {public_url} plex.tv *.plex.tv gstatic.com *.gstatic.com *.plex.direct; style-src ‘self’ {plex_url} {public_url} *.plex.direct; img-src ‘self’ data: blob: {plex_url} {public_url} plex.tv *.plex.tv *.plex.direct; worker-src *; frame-src ‘none’; connect-src ‘self’ wss: https: {plex_url} {public_url} plex.tv *.plex.direct *.plex.tv;”
Header always set Feature-Policy “geolocation ‘self’; midi ‘self’; sync-xhr ‘self’; microphone ‘self’; camera ‘self’; magnetometer ‘self’; gyroscope ‘self’; speaker ‘self’; fullscreen ‘self’; payment ‘self’”

Use next two for very secure connections

SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Use next two for secure connections and supports more endpoints

#SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
#SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Actually proxy the traffic and really the only important part

ProxyPass / http://{plex_url}:{plex_port}/
ProxyPassReverse / http://{plex_url}:{plex_port}/
ProxyPass /:confused: ws://{plex_url}:{plex_port}/:confused:
ProxyPassReverse /:confused: ws://{plex_url}:{plex_port}/:confused:
ProxyPass /:confused: wss://{plex_url}:{plex_port}/:confused:
ProxyPassReverse /:confused: wss://{plex_url}:{plex_port}/:confused:
LimitRequestBody 512000
FileETag None
TraceEnable off
#Header edit Set-Cookie ^(.*) ;HttpOnly;Secure Timeout 60 <Location /:/websockets/notifications> ProxyPass wss://{plex_url}:{plex_port}/:/websockets/notifications ProxyPassReverse wss://{plex_url}:{plex_port}/:/websockets/notifications </Location> <Proxy *> Order deny,allow Allow from all </Proxy> RewriteEngine on RewriteCond %{REQUEST_URI} !^/web RewriteCond %{HTTP:X-Plex-Device} ^
RewriteCond %{REQUEST_METHOD} !^(OPTIONS) RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|) [OR]
RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
RewriteRule ^/$ /web/$1 [R,L]

Can anyone help me ?

EDIT:

I found this in the web page HTML

image

2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.