chipsenkbeil
commented
8 years ago Here's an example of what I am seeing in the browser logs.
Open chipsenkbeil opened 8 years ago
chipsenkbeil
commented
8 years ago Here's an example of what I am seeing in the browser logs.
wernight
commented
8 years ago You may want to check https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
Also check your Preferences.xml and if you want to autologin without accessing using the web UI specify X_PLEX_TOKEN or PLEX_LOGIN and PLEX_PASSPORT, and possible PLEX_EXTERNAL_PORT (see README).
chipsenkbeil
commented
8 years ago Opened all ports, set my X_PLEX_TOKEN (had it earlier), and set the PLEX_EXTERNAL_PORT to 80 and 443 to see if either worked. Cannot get it to connect. Getting a lot of unreachable and preventing fallback of insecure connection. Trying to allow insecure connections didn't seem to do anything.
wernight
commented
8 years ago I suggest you check your network step by step. I don't know how many layers you have etc. I also don't know your docker-compose (if you're using that) or if you've setup linking correctly. I didn't use nginx-proxy image myself; usually I do that myself.
Now from the log is says ERR_INSECURE_RESPONSE which is normal because its a self signed certificate. Given its in your browser, you may want to add nginx-proxy self-signed certificate if it generates any, to your browser. You can also type badidea if you're using Chrome.
chipsenkbeil
commented
8 years ago I don't think nginx-proxy is using self-signed certificates. I give it a directory to look for certificates to use when serving subdomains and I have a companion container that reaches out to Let's Encrypt for subdomain certificates and places them in that directory.
Of course, I don't know nginx that well, so maybe there are other certificates you are referring to? Couldn't seem to figure out how to use badidea (or the former danger). Was trying in the console. Not sure if there was somewhere else to use it. I'll double-check that the ports I specified are open and reachable later this week.
Thanks for all of the help so far!
wernight
commented
8 years ago Just type it in the page, even if nothing is visible. But understand the meaning: It'll just allow man-in-middle attacks so it's pretty much the same as if you had plain HTTP without TSL.
chipsenkbeil
commented
8 years ago So, tried typing 'badidea' and 'danger' into Chrome. Can't tell if it did anything and the only thing I can find online is that it should apply if the window is in focus.
Anyway, I selected the "use fallback" option as well, but it does seem to have helped with issues of cross-origin headers, the insecure response, and other errors.
Looks like it tries a mix of 172.17.0.9, the Docker container's IP, and my server's IP in the requests.
[EDIT]
I even ran it with --net=host without success. I used my domain name (using no-ip.org for dynamic IP support) and my server's current IP and couldn't get it to work.
Same issues regarding insecure response (badidea does nothing) and preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app.plex.tv' is therefore not allowed access. The response had HTTP status code 404.
wernight
commented
8 years ago May I ask why you're using nginx reverse proxy? Plex doesn't need to run behind Nginx.
chipsenkbeil
commented
8 years ago I'm using the Docker nginx-proxy project because it allows me to assign containers to different subdomains on my main domain. So, I can visit https://plex.example.com to reach my plex server.
I've got other containers like the Docker UI project running and accessible via https://ui.example.com, Gitlab via https://git.example.com, etc.
So, it's just a really handy setup for me to run different services all tied to the same address and port from the perspective of the user.
As a side note, I switched back to timhaak/plex and it works fine going directly to it (https://plex.example.com) and offers indirect streaming on my phone, just like before (does't work through plex.tv). So, not sure what is different. :/
wernight
commented
8 years ago I get that, but you can access via plex.tv and you don't need an accessible subdomain. You can use also another port.
Anyone have experience running Plex behind an nginx proxy: https://github.com/jwilder/nginx-proxy
I've got my site using SSL with the above proxy and companion container (https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) to get SSL certificates from Let's Encrypt. I've had no luck getting plex to work behind it. With timhaak's version, I could specify a redirect port (80 goes to 32400) for Plex via PLEX_EXTERNALPORT and that sort of worked.
I could access my server directly, but not via plex.tv or my mobile app. Without running using net=host (which breaks the proxy setup), I haven't been able to get anything to work with this one when running behind the nginx proxy. Even with net=host, I had to use a relay option on plex.tv and my mobile app last night and it stopped working today. Not sure what the problem is there.
I've got 32400 forwarded. I did notice last night that a different port was made public when running as net=host than 32400, when looking at the server settings. Can't get back to that point now, though.