search

pabloromeo / clusterplex

ClusterPlex is an extended version of Plex, which supports distributed Workers across a cluster to handle transcoding requests.
MIT License
452 stars 35 forks source link

Add sslSecret value for mounting custom certificate #330

Open AngellusMortis opened 1 month ago

AngellusMortis commented 1 month ago

This adds a new secret mount that lets you load a pkcs12 keystrore to use with Plex.

It would allow you to create and manage a cert with something like cert-manager:

apiVersion: v1
kind: Secret
metadata:
  name: pkcs-secret
  namespace: media
type: Opaque
stringData:
  password: somePassword
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert-plex
  namespace: media
spec:
  secretName: cert-plex
  duration: 2160h
  renewBefore: 360h
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: plex.example.com
  dnsNames:
  - plex.example.com
  keystores:
    pkcs12:
      create: true
      profile: Modern2023  # important as default profile will not work with Plex
      passwordSecretRef:
        name: pkcs-secret
        key: password

Then you can set sslSecret from above (cert-plex) and it will mount the keystore at /ssl/keystore.p12 so you can then use the following Network settings:

Custom certificate location: /ssl/keystore.p12
Custom certificate encryption key: somePassword
Custom certificate domain: plex.example.com
Custom server access URLs: https://plex.example.com

Pairs well with my other PR: https://github.com/pabloromeo/clusterplex/pull/329