bug accessing remote plex over https

[KingPin]

Setup: plex is on a remote machine and accessible via a proxied SSL domain only (https://somedomain.com) Gaps is setup via a local docker container.

initial conversation (everything from reddit is copied into this ticket): https://www.reddit.com/r/PleX/comments/dl0drh/gaps_v004_web_interface_release_app_that_searches/f4mc2s0/

when setting up gaps and trying to connect to plex we get an error

Something went wrong. Please make sure your connection to Plex is correct. You can navigate back to make changes and then retry connecting. Check the browser and Docker logs for more information.

when checking docker log I see the following error :

2019-10-21 16:49:36.445 ERROR 1 --- [nio-8443-exec-3] com.jasonhhouse.Gaps.GapsSearchBean : Error parsing XML from Plex: http://somedomain:443/library/sections?X-Plex-Token=XXXXXXXX

org.xml.sax.SAXParseException: The element type "hr" must be terminated by the matching end-tag "".

when accessing the URL via a browser it shows up fine, but the issue seems to be that plex is only on https and Gaps is accessing it via HTTP.

possible change: allow specifying https:// as part of the plex IP/URL field instead of hardcoding it.

[Knoxie]

Are you using the docker on Unraid?

[KingPin]

no docker is on windows 10

[Knoxie]

So docker is not setup on the Plex Machine?

[KingPin]

no

[JasonHHouse]

It's a known limitation right now for HTTPS plex. I'll move that to the front to fix.

[JasonHHouse]

You can use the no ssl version: docker pull housewrecker/gaps:latest-no-ssl

[jeffrey1681]

I just tried to use the latest-no-ssl image and I'm still having issues. It appears that Gaps is still attempting to connect via http instead of https.

2020-01-10 16:00:24.146 ERROR 1 --- [nio-8484-exec-9] c.j.gaps.service.PlexQueryImpl : Error connecting to Plex to get library list: http://192.168.2.1:32400/library/sections?X-Plex-Token=

[mtrolley]

I'm having this issue as well. My Plex server runs in a Docker container on the same system that I have the Gaps image running on. Plex is configured to only allow HTTPS connections, but Gaps tries to connect with HTTP:

2020-08-04T14:16:29.328683295Z 2020-08-04 10:16:29.326 ERROR 7 --- [nio-8484-exec-9] c.j.gaps.service.PlexQueryImpl           : Error connecting to Plex to get library list: http://<IP>:32400/?X-Plex-Token=<TOKEN>

If I try to visit that URL from a browser it fails, but if I use https instead it works. Is there any way to have Gaps use HTTPS to talk to the Plex server?

[mtrolley]

I see that the protocol is hard-coded to http: https://github.com/JasonHHouse/gaps/blob/c2a9be83867a6dc4153274ae235e04ff60d2c510/GapsWeb/src/main/java/com/jasonhhouse/gaps/service/PlexQueryImpl.java#L80

Should I log a new issue to request an option for https connections to Plex?

[JasonHHouse]

Right now you have to set Plex to allow insecure connections, as per the README. I will look into https support for Plex though.

[mtrolley]

@JasonHHouse I completely missed that in the README; thanks for letting me know, and thanks for reopening this issue.

I'd prefer to not have to allow insecure connections, but I know there will be an issue with certificate validation because the cert Plex uses won't be valid for the internal IP. An option to use HTTPS and a separate option to explicitly tell Gaps to ignore certificate errors may be needed.

[jeffrey1681]

I think Plex allows for login using Oauth, look at applications like Ombi that use logins via plex. Could you use that in order to get around the certificate validation issues? Like @trolley I'd prefer not to have insecure connections and will not use Gaps if I need to enable them.

[g4m3r7ag]

I was also having this problem. Since it's forcing the usage of http:// I just utilized my custom domain and a 301 redirect in NGINX. So for address I entered "plex.mydomain.com" and for port I used "80". Since I have an entry in pfSense DNS Resolver to send "plex.mydomain.com" to my NGINX proxy, the request hit NGINX which automatically redirected it to HTTPS:// before forwarding it onto my Server.

edit: I also don't see where the README mentions you need to allow insecure connections.

[onedr0p]

Wouldn't it be easy enough to add a checkbox for users to specify if they want gapps to connect to plex via SSL or not?

[JasonHHouse]

Wouldn't it be easy enough to add a checkbox for users to specify if they want gapps to connect to plex via SSL or not?

That's not how SSL connections work. It's not just adding https to the call. It requires a login to plex and a token to send. This is a non-trivial amount of work and there is limited documentation by Plex.

[onedr0p]

I am quite sure I know a bit how SSL (TLS) works. But anyways Radarr, Sonarr, Overseerr, Tautulli etc can all do this with just using the X-Plex-Token and connecting to https://plex.what-is-ssl-even.com on port 443. Your app already asks for the X-Plex-Token and the port from the user, you just need to allow the us to set the protocol lol

[Knoxie]

Pull requests are free. :)

This is a unique setup you have and hard to test and be sure is working without setting up a new environment, but if you could make the changes and test we'd be happy to accept the PR. Gap's is open source and we encourage others to help move the project forward.

[onedr0p]

Hi @Knoxie 👋🏼

Sorry I dare not touch Java, what would take me 5 hours to review the code and set up an development env, and implement the feature would take a maintainer here 5-10 minutes to implement since you already know the code base and have a dev env likely set up.

Anyways, I just wanted to be clear that there is no technical limitation of this feature being implemented other than updating the UI to include a checkbox to allow SSL, and then changing the logic in the backend to match that option. Which seems to be here:

https://github.com/JasonHHouse/gaps/blob/517053b29d8837361a9d1c8e4276579288fd41db/GapsWeb/src/main/java/com/jasonhhouse/gaps/service/PlexQueryImpl.java#L143

So if someone wanted to help out implementing this feature there is no other limitations like @JasonHHouse mentioned. There's no need to implement a username and password field in the UI and authenticate Plex that way since we already have the X-Plex-Token header.

Thanks for the project, I find it very useful!

[JasonHHouse]

So, I'm remembering this a bit more. I worked on it a while ago and got stuck. Gaps cannot work with a remote Plex. Gaps requires an API to read the libraries movies and APIs provided by Plex doesn't include viewing the movie list. You can view the libraries but the movies in the library. This is working off the unofficial API because like I said the APIs are not documented. https://github.com/Arcanemagus/plex-api/wiki/Plex.tv

A login is possible, though difficult, and would allow the removal of unsecure which is something I can work on. Either way it requires a non-remote Plex, I.e. logging in to Plex.tv.

[onedr0p]

I don't think we're asking for gapps to connect to a remote server over app.plex.tv.

I'm using Radarr, Sonarr, Lidarr, Readarr, Overseerr and Tautulli just fine over SSL pointing to a local Plex address (e.g. plex.lan) with Forced encryption turned on.

In the Sonarr source code you can see exactly this is like I described in my previous comment.

https://github.com/Sonarr/Sonarr/blob/ec62884649f7af5f0a29346741754590e6de99ce/src/NzbDrone.Core/Notifications/Plex/Server/PlexServerProxy.cs#L153

Please let me know if you are still not following... I'll try to explain further.

[JasonHHouse]

That's not what I said.

I said local would work and remove the insecure. Which would make the call https. This ticket is about a remote plex not a local one.

[onedr0p]

The OP said they have a custom Plex domain, it didn't seem like they are using app.plex.tv.

If using a custom domain, gapps will be able connect over SSL if the option was there just like in the apps I mentioned above

[JasonHHouse]

Gaps is a free and open source project. If you want a feature added, make a pull request.

[onedr0p]

I understand that, I am trying to explain to you that the request here is not as complicated as you are making it out to be. I am trying to collaborate on helping a maintainer here to implement a feature that was requested.

As I said above:

Sorry I dare not touch Java, what would take me 5 hours to review the code and set up an development env, and implement the feature would take a maintainer here 5-10 minutes to implement since you already know the code base and have a dev env likely set up.

and

Thanks for the project, I find it very useful!