search

anandslab / docker-traefik

Docker media and home server stack with Docker Compose, Traefik, Swarm Mode, Google OAuth2/Authelia, and LetsEncrypt
https://www.smarthomebeginner.com/
MIT License
2.86k stars 628 forks source link

Plex remote access "not available outside your network" #81

Open louisgarciasr opened 4 years ago

louisgarciasr commented 4 years ago

Having a hell of time trying to figure out the plex remote access. I have traefik2 running using oauth and working great with sabnzbd, radarr, sonarr, portainer, organizer. For plex, I have set it to basic auth (not oauth). Plex works for me, but I cannot get it to be available outside my network. In Plex settings, I have set the following:

Plex Settings - Enabled remote access Manually specified public port: 32400 (I have also tried 443) Internet upload speed: 300 Custom access urls: MYSERVER:32400 Networks allowed without auth: 172.18.0.0/24

Plex docker-compose:

plexms: container_name: plexms restart: always image: plexinc/pms-docker volumes:

I've noticed while searching for a solution that this is a common problem. Unfortunately, I've not been able to get it resolved. Any guidance would be greatly appreciated.

Louis

1josh13 commented 4 years ago

Can you access the plexms container by going to your host_ip:32400 ?

If yes, then you also need to port forward on your router 32400 to host_ip:32400

This is what fixed plex external for me.

shawnthompson commented 3 years ago

shouldn't you use the no-auth for Plex?

- "traefik.http.routers.plexms-rtr.middlewares=chain-no-auth@file"

What did you set as your $SERVER_IP variable your host ip or something else?

dphildebrandt commented 3 years ago

You need two custom access urls: http://<server_lan_ip>:32400/,https://<plex.yourdomainname>:443/

You can actually turn off Remote Access at this point.

If you have a PlexPass you can set Network -> LAN Networks as appropriate (probably just 192.168.0.0/16)

Probably should use no-auth middleware for Plex, as it'll be login-protected by your plex account. It's annoying to sign in with oauth, then with plex. Plus it makes it easier to share with whoever you want, they just need a plex account.

robflate commented 3 years ago

You can actually turn off Remote Access at this point.

Just to clarify, will disabling Remote Access only allow access from the LAN and https://plex.yourdomainname.com? If for example you were on a 4G network or a friends Wi-Fi and logged into your account using the Plex app or https://app.plex.tv/desktop, it won't work without Remote Access enabled? Is that right?

dphildebrandt commented 3 years ago

No, it will work without Remote Access enabled. Because you set a custom URL as https://plex.yourdomain.com when you sign in to Plex it will use that URL. As long as you have port forwarding 443 on your router, traefik will catch it and route it like usual.

I use it on cellular, lan; friends and family use it connected to their wifi etc.

shawnthompson commented 3 years ago

@dphildebrandt Thanks. I'm trying all that but I can't figure out why it's not working, I'm getting the UI but it's giving me the option to start a server.

Here's my compose file:

### Variables set in my .env
PLEX_PORT=32400
PLEX_WEB_TOOLS_PORT=33400
PUID=1000
PGID=134
TZ="America/Montreal"
SERVER_IP=xxx.xxx.xxx.xxx (Home ISP IP)

  # Plex - Media Server
  plexms:
    image: plexinc/pms-docker
    container_name: plexms
    restart: unless-stopped
    # network_mode: host
    networks:
      - t2_proxy
      # t2_proxy:
      #   ipv4_address: 192.168.90.230
    # devices:
    #   - /dev/dri:/dev/dri # for harware transcoding
    security_opt:
      - no-new-privileges:true
    ports:
      - "$PLEX_PORT:32400/tcp"
      - "3005:3005/tcp"
      - "8324:8324/tcp"
      - "32469:32469/tcp"
      - "1900:1900/udp" # conflicts with xTeVe
      - "32410:32410/udp"
      - "32412:32412/udp"
      - "32413:32413/udp"
      - "32414:32414/udp"
      - "$PLEX_WEB_TOOLS_PORT:33400"
    volumes:
      - $DOCKERDIR/plexms:/config
      - $DOWNLOADDIR:/Downloads
      - $VIDEODIR:/media
      # - /dev/shm:/transcode # Offload transcoding to RAM if you have enough RAM
      - $DOCKERDIR/plexms/plex_tmp:/transcode
    hostname: "plex.domain.com"
    environment:
      TZ: $TZ
      # PLEX_ClAIM: $PLEX_CLAIM
      PLEX_CLAIM_FILE: /run/secrets/plex_claim
      PLEX_UID: $PUID
      PLEX_GID: $PGID
      ADVERTISE_IP: https://$SERVER_IP:$PLEX_PORT/
      # ADVERTISE_IP: http://192.168.86.100:$PLEX_PORT/
      # ADVERTISE_IP: https://plex.domain.com:$PLEX_PORT/
      ALLOWED_NETWORKS: http://192.168.86.100:$PLEX_PORT/,https://plex.domain.com:443/
    secrets:
      - plex_claim
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.plexms-rtr.entrypoints=https"
      - "traefik.http.routers.plexms-rtr.rule=Host(`plex.$DOMAINNAME`)"
      ## Middlewares
      - "traefik.http.routers.plexms-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.plexms-rtr.service=plexms-svc"
      - "traefik.http.services.plexms-svc.loadbalancer.server.port=32400"

I can connect to the Plex UI from Plex.domain.com, IP of my ISP and my internal IP but no server only the Plex TV.

robflate commented 3 years ago

I'm getting the UI but it's giving me the option to start a server.

Is there no Sign In button in the top right of the Plex webui? Maybe there's a problem with your Plex claim token? You could try a new token or you could just SSH tunnel into Plex.

ssh -L 8080:localhost:32400 user@dockerhost e.g. ssh -L 8080:localhost:32400 change-to-your-host-username@192.168.86.100. Once done you can browse to localhost:8080/web/index.html and set up your server.

ideally I would like to set a static IP for Plex so other containers can view it, like Sonaar.

Plex will be on the t2_proxy network. Any other container on the t2_proxy network can communicate with plex via plex:32400. No need for a static IP on Plex.

shawnthompson commented 3 years ago

Thanks @robflate. I was signed in, I just couldn't see my server. I got it to work / setup by running docker compose in the plexus folder itself with network_mode: host variable, setting up a new server, shutting down the container, then running my main docker-composer with all the settings above. Now I see my server and I'm able to add to it. YAY

As for the static IP, I tried connecting to to my Plex from my Sonaar container but I couldn't without using a static IP.

I tried plex, plexms, plex.domain.com with and without ssl...

robflate commented 3 years ago

Glad you got it working. You definitely have something wrong in your setup if you can't connect to Plex from another container in the same network, using in your case, plexms:32400. Specifically, in Sonarr > Settings > Connect > Plex, it should be;

Host: plexms
Port: 32400

If you docker network inspect t2_proxy, can you see Sonarr and Plex in the list?

Also, hardware transcoding works if you use;

devices:
      - /dev/dri:/dev/dri

and have a Plex Pass and an Intel processor with QuickSync.

shawnthompson commented 3 years ago

I'm running AMD on ubuntu, I'll looking into Video Core Next once I'm up and running.

As for my network, it worked now without a static IP!!!! Awesome. I swear I tried it before and it didn't work but maybe because I had the static IP set on Plex or maybe I spelt it wrong...

1josh13 commented 3 years ago

here is my Plex config from the docker-compose-t2.yml

   # Plex - Media Server
  plexms:
    image: linuxserver/plex:latest
    container_name: plexms
    restart: unless-stopped
    depends_on:
      - traefik
    networks:
      - t2_proxy
    devices:
      - /dev/dri:/dev/dri # for harware transcoding
    security_opt:
      - no-new-privileges:true
    ports:
      - "$PLEX_PORT:32400/tcp"
      - "3005:3005/tcp" # controlling Plex Home Theater via Plex Companion
      - "8324:8324/tcp" # controlling Plex for Roku via Plex Companion
      - "32469:32469/tcp"
      - "1900:1900/udp" # access to the Plex DLNA Server
      - "32410:32410/udp" # GDM network discovery
      - "32412:32412/udp" # GDM network discovery
      - "32413:32413/udp" # GDM network discovery
      - "32414:32414/udp" # GDM network discovery
      - "$PLEX_WEB_TOOLS_PORT:33400" 
    volumes:
      - $DOCKERDIR/plexms:/config
      - /mnt/media/TV:/tv
      - /mnt/media/Movies:/movies
      - /dev/shm:/transcode # Offload transcoding to RAM if you have enough RAM
    environment:
      - TZ=$TZ
      - PLEX_CLAIM=lolnowaybruh
      - PUID=$PUID
      - PGID=$PGID
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.plexms-rtr.entrypoints=https"
      - "traefik.http.routers.plexms-rtr.rule=Host(`plex.$DOMAINNAME`)"
      ## Middlewares
      - "traefik.http.routers.plexms-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.plexms-rtr.service=plexms-svc"
      - "traefik.http.services.plexms-svc.loadbalancer.server.port=$PLEX_PORT"

Also I should note that I also port forwarded port 32400 to my docker host IP.

sudo-kraken commented 3 years ago

No, it will work without Remote Access enabled. Because you set a custom URL as https://plex.yourdomain.com when you sign in to Plex it will use that URL. As long as you have port forwarding 443 on your router, traefik will catch it and route it like usual.

I use it on cellular, lan; friends and family use it connected to their wifi etc.

Hey, I have got this working with the above, it now works with app.plex.tv and locally on the LAN however whenever I go to https://plex.mydomain.com it flashes a 401 error then show the index.html page with the big plex logo but doesnt prompt for a login. Have you ever seen this before?

My Plex YML 

  # Plex - Media Server
  plexms:
    image: plexinc/pms-docker:plexpass
    container_name: plexms
    restart: "unless-stopped"
    networks:
      - proxy_net
    runtime: nvidia
    security_opt:
      - no-new-privileges:true
    ports:
      - "32400:32400/tcp"
      - "32400:32400/udp"
      - "3005:3005/tcp"
      - "8324:8324/tcp"
      - "32469:32469/tcp"
      - "1900:1900/udp"
      - "32410:32410/udp"
      - "32412:32412/udp"
      - "32413:32413/udp"
      - "32414:32414/udp"
    volumes:
      - $MEDIADIR:/data
      - $PLEXDIR:/config
      - /dev/shm:/transcode # Offload transcoding to RAM
    environment:
      TZ: $TZ
      HOSTNAME: "JPH-ESX-DOCKER"
      PLEX_CLAIM_FILE: /run/secrets/plex_claim
      PLEX_UID: $PUID
      PLEX_GID: $PGID
      NVIDIA_VISIBLE_DEVICES: all
      NVIDIA_DRIVER_CAPABILITIES: compute,video,utility
      ALLOWED_NETWORKS: 10.0.10.0/24,10.0.20.0/24
      ADVERTISE_IP: "http://$SERVER_IP:32400/,https://plex.$DOMAINNAME:443/"
    secrets:  
      - plex_claim
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.plexms-rtr.entrypoints=https"
      - "traefik.http.routers.plexms-rtr.rule=Host(`plex.$DOMAINNAME`)"
      ## Middlewares
      - "traefik.http.routers.plexms-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.plexms-rtr.service=plexms-svc"
      - "traefik.http.services.plexms-svc.loadbalancer.server.port=32400"

My cutom URLs in Plex are

http://10.0.10.40:32400/,https://plex.mydomain.com:443/

Remote access was enabled and mapped to specific port 443 but that didnt work and now remote access is disabled.

So I have no idea why I cant get in via the plex.domain.com but it works for all other access methods.

Any ideas?

sudo-kraken commented 3 years ago

DONT TURN ON CLOUDFLARE ROCKET LOADER!! disabling this fixed it.