For now, internal clients just talk directly (I have my plex server IP in the “advertised clients” list, so that’s used, and https://plex.url.com:443 in there as second, so that’s used by external clients).
Just unfortunate that there’s an arbitrary block on RFC1918 addresses in x-forwarded-for. I guess I could hairpin NAT out my WAN back to my webserver, so requests look like they’re coming from my WAN IP. But that’s just as annoyingly complicated as anything else. Will probably just stick with my clients talking directly.
