Closed jbiatek closed 6 years ago
I did the same thing for https://github.com/Rycochet/PlexConnect-QNAP - but hadn't thought to disable ssl on PlexConnect so I guess an optimisation is required ;-)
Add to the wiki?
I can't find the httpd.conf, where is it normally located?
On my Mac it is in /etc/apache2/
. The ancillary config files are under extra/
in the same directory.
@jbiatek thanks for this! Your notes helped me figure out how to get something similar setup using Caddy server.
For future reference in case anyone else is looking for a similar solution, here's what I did:
enable_webserver_ssl = False
.port_webserver =
whatever port number you wish that is available.localhost
as the IP (thanks again to @jbiatek for his tip about this right at the beginning of this PR). I used the local LAN address of my Plex server (192.168.1.x). Not sure if 127.0.0.1 would work.Caddyfile:
trailers.apple.com:80, trailers.apple.com:443 {
proxy / http://PLEX_CONNECT_IP:PLEX_CONNECT_PORT_CHOSEN_BEFORE {
websocket
transparent
header_downstream Host {host}
header_downstream X-Real-IP {remote}
header_downstream X-Forwarded-For {remote}
header_downstream X-Forwarded-Proto {scheme}
header_downstream Connection {>Connection}
header_downstream Upgrade {>Upgrade}
}
tls LOCATION_OF_CERTS/trailers.pem LOCATION_OF_CERTS/trailers.key
}
Thanks for your proposed examples.
Wiki has been updated with apache and nginx examples.
@jbiatek thanks for this! Your notes helped me figure out how to get something similar setup using Caddy server.
For future reference in case anyone else is looking for a similar solution, here's what I did:
- Follow PlexConnect certificate generation guide, keep all 3 (.pem, .cer, .key) files.
- Continue setup of PlexConnect as usual.
- Once all setup (installed the certificate, confirmed PlexConnect is working etc) stop PlexConnect.
- In Settings.cfg, set
enable_webserver_ssl = False
.- In Settings.cfg, set
port_webserver =
whatever port number you wish that is available.- Start up PlexConnect.
- Use the following as your caddyfile, substituting values accordingly, start up server after.
- If your Caddy server is on same machine as PlexConnect, do not use
localhost
as the IP (thanks again to @jbiatek for his tip about this right at the beginning of this PR). I used the local LAN address of my Plex server (192.168.1.x). Not sure if 127.0.0.1 would work.Caddyfile:
trailers.apple.com:80, trailers.apple.com:443 { proxy / http://PLEX_CONNECT_IP:PLEX_CONNECT_PORT_CHOSEN_BEFORE { websocket transparent header_downstream Host {host} header_downstream X-Real-IP {remote} header_downstream X-Forwarded-For {remote} header_downstream X-Forwarded-Proto {scheme} header_downstream Connection {>Connection} header_downstream Upgrade {>Upgrade} } tls LOCATION_OF_CERTS/trailers.pem LOCATION_OF_CERTS/trailers.key }
Hi @vin047 Any chance you're still running Caddy with PlexConnect? I've tried to get it to run as I also am self hosting a few web services but I can't seem to get it to play nice with PlexConnect. Are you able to post your Caddyfile for Caddy2?
Hi @awb1015, sorry for my late response. I'm still running PlexConnect with caddy successfully, but its with the original version of caddy. My caddy file is as per my post above. I've yet to upgrade to caddy 2, so the syntax might be different for that. Sorry I can't be of much help, but good luck. If you do/have figured it out, do post here as it'll surely be helpful for myself and others in future!
It took me a little while to figure this all out, so I thought I'd write out how I did it. Some of this is alluded to in the wiki, but some critical pieces are missing. Maybe this could be turned into a page in the wiki?
One thing I'm not 100% sure of is why
localhost
doesn't work for the reverse proxy configuration. It seems like it should.PlexConnect and an existing web server
If you're already running a web server on the computer you want to run PlexConnect on, there's some work that has to be done. The problem is while PlexConnect can trick your Apple TV into thinking that your machine is
trailers.apple.com
, it can't trick the Apple TV into requesting data from a different port. Some configuration has to be done to have PlexConnect and your web server both share port 80 (and port 443 for SSL).This information is for the system Apache installation on OS X. Similar principles can probably be applied to other servers and OSes.
Enable SSL
First, you will need SSL support turned on if it isn't already. Enable
httpd-ssl.conf
inhttpd.conf
. You'll also need to follow the instructions found inhttpd-ssl.conf
, on my machine this was also enablingsocache_shmcb_module
andssl_module
.At this point, if you try to run Apache again it will probably complain that it doesn't have SSL certificates for your existing site(s). Go into
httpd-ssl.conf
and turnSSLEngine off
to disable SSL for the default web server.Configure PlexConnect
In the PlexConnect
Settings.conf
, you need to change 2 things:Follow the regular guide for PlexConnect to generate certificates and optionally install as a daemon. Copy
trailers.pem
andtrailers.key
into/etc/apache2
for the next step.PlexConnect virtual host
You will also need a virtual host for PlexConnect if you don't have any already. Find the line about
vhosts
inhttpd.conf
and uncomment it. Then go intohttpd-vhosts.conf
, delete or comment out the existing stuff, and replace it with something like this:The high level description is as follows:
trailers.apple.com
AppleTV
or else PlexConnect will complain..pem
one, not.cer
.Edited to add: Shortly after I posted this, I realized that this proxy was actually public: if someone outside your network opens a connection to your web server with the host set to
trailers.apple.com
, Apache would dutifully proxy the request. That'd never happen accidentally, of course, but an attacker could in theory use it to gain access to your Plex server outside of your network.I added a restriction to
LOCAL_IP_ADDRESSES
only. Apache accepts "partial" IP addresses, like192.168.1
to mean192.168.1.*
, so if that's the prefix that your local network uses, any client on your home network will be allowed to talk to the PlexConnect server, but nothing else will.