How to Setup an SSL Certificate for Plex using Nginx Proxy Manager
HTML-код
- Опубликовано: 6 сен 2024
- ✅ Written Instructions: www.wundertech...
🔔 Subscribe for more tech related tutorials and overviews: link.wundertec...
🚀 Product Recommendations: link.wundertec...
❤️ Check out our website: link.wundertec...
This tutorial will show you how to expose Plex to the internet and create an SSL certificate for it! Securely access Plex anywhere! DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
Good video and nice point at the end about Plex showing it’s not accessible.
Couple ideas for future videos if you are looking for topics: updating and dynamic IP if you have a purchased domain (not with duck ddns or no-ip for example) and bonus if you use Cloudflare, securing servers you expose to the internet past reverse proxy (fail-to-ban, changing ssh ports, block lists, etc).
Keep up the great content!
Thanks a lot! I will add these to my list! I use, and love Cloudflare. I will try and incorporate Cloudflare a little more than I currently do since it's truly a great service.
Thanks again, and if you ever have any other tutorial requests, please let me know! Always looking to make content that people actually want to see!
Tried all the steps here, but kept coming up with an Internal Error when requesting a new SSL cert. Basically stuck at this step. Also tried looking around for a workaround/solution but nothing seems to work.
Those errors are generally related to communication failures on port 80/443 or domain name issues. I wish I could be more specific, but that's what I've come across.
This was a good start to improve the security on my server but I am kind of lost when it comes to using the domain as a means to have mobile users connect to it. When I turn remote access off I can use my domain to log in just fine but on mobile apps the server gets lost and I have no idea how to point the clients to my domain instead of through Plex. Got any pointers?
If you're using this (and you use the default 443 port), you would basically give your clients your domain name and tell them to use port 443. It will be the exact same as if you were using the "remote access" except the port is different and you're using a different domain name.
Let me know if that helps or if you have any further questions!
@@WunderTechTutorials I understand which info is required to connect to the service but my question is where do I use it? Plex doesn't give an option on the client to connect to something else or anything, you gotta do that on server level. I dont know where I would use my domain instead of the Plex relays. Just to be clear, I specifically mean to use the Plex application on phones to connect to my server using this method NOT a browser(which is working perfectly on mobile or desktop).
@@SuperMari026 Sorry, I think I initially misunderstood your problem.
Can you try and go to the Plex app (on the server), then Settings -> Network. In the "Customer Server Access URL's", can you add your domain name and retry?
@@WunderTechTutorials We did it! It seems to work perfectly and I've did some research on the option as well and its almost required to be used if a reverse proxy is in play to connect plex. I think this might be valuable information to add to your vid!
How can i get email for let's encript ? I don't follow... I am newbie...
update from 23 min ago i just needed to go into plex remote acess setting and un tick Manually specify public port after setting everything up works awsome now
How do I get on the panel screen on Nginx Proxy Manager? is that a synology package I can install? or a remote website? I can't find it
Nginx Proxy Manager is a docker application that can be installed on just about any device running Docker.
Thanks for your videos, I have NGINX set up on a Raspberry Pi 4 and its working well, but how do I set up my plex devices to talk to my domain? For example the Plex App in iOS it only lest you enter an ip address!
u do not need to go into each device and set ur domain on them just untick Manually specify public port
and leave remote acess enabled
Is using Plex via a reverse proxy not risky since you could unwillingly expose private movies and photos to the Internet? Is the reverse proxy secure enough to avoid the bad guys from accessing private movies and films? Or is strong password with MFA the answer? Thanks, I really appreciate your videos. I would appreciate a video on securing existing docker containers. E.g. what if you have a docker container running as root? Or mutliple docker containers running as an administrator account? How can you fix that? E.g. create a new user dedicated for the exection of that container and only with access / ownership to the docker folder. Kind regards, Christophe
There's always a risk when allowing any internal application access to the external world. You can limit access using access profiles or a firewall, but there will forever be a risk. If you'd like to mitigate that risk, I'd suggest using a VPN to access Plex, though it's not always possible for everyone. Other than that, strong passwords and 2FA is a great next step.
I too am getting an internal error when I try to save the ssl cert. I see someone else had this problem but you didnt say how to fix it. Could you let me know what to try? Im using a noip account with duc and have specified my noip host name, and the plex machine static internal ip and port in nginx manager. My external IP is also a static IP that does not change.
Is there any way to set up plex through a proxy and preserve the normal remote access functionality, so that the app versions of plex can Automatically connect?
Hi there! Thank you for the video! what is not clear to me is if I should create new Docker containers using the npm_bridge. I tried using the regular bridge and the reverse proxy does not find the source upstream, and when I try using the npm_bridge from the other video I get an error at container creation saying "no available IPv4 addresses on this network's address pool" . I ask here after googling, but is getting hard to find out. Any ideas might help. Thanks!
When you say new docker containers, do you mean containers outside of NPM? You should be able to use the host networking for those containers and connect to them using the npm_bridge IP address.
one of my new users, their ISP blocks my plex server and I was trying to find a way to make it work for them. Would this work?
I can't say for certain unfortunately. I'm not exactly sure what is blocked, but it can't hurt to try.
How would users outside my network access plex if they are using a player? (Roku, Firestick, Apple TV, ...). Would it work? From my understanding, their sub account that I have created is getting the information from the Remote Access in my plex settings. How will their account get my subdomain to access my server?
If you exposed it using a reverse proxy, you will have to give them the domain name and port (most likely 443 if you're using HTTPS). From there, they will have to connect using the account that you created, but they should be good after doing that!
I'm trying to use my custom domain for OMV5 on port 90 with Cloudflare and its giving me a 523 error. Do i need to forward ports if I am using Nginx proxy manager? I have installed NPM on docker/portainer over OMV5 if that helps!
Are you using the proxied DNS entry? Have you successfully retrieved the Let's Encrypt certificate? You do need to port forward ports 80/443 to your Nginx Proxy Manager server if you haven't done that yet.
This looks so easy, I have plex setup, I have my webservice running on ubuntu, it has apache and nginx, I'm having to learn Linux as I do this and it's been nothing but a pain in the ass so far and my familiarity with the Amiga CLI from yesteryear is the only reason I'm able to stumble through most of this. Does Nginx proxy manager have a GUI that exists for Ubuntu or Linux? You can request an SSL by just clicking buttons? I've been having a hard time getting an SSL to work because my ISP blocks port 80 and all the automated tools use port 80 so they all fail for me.
I will be the first to say that Linux is an absolute pain when you first start using it, but it DOES get easier as you start to understand how everything works.
NPM has a web GUI interface, so the goal is to get it set up and running, then access it through the web interface. If your ISP blocks ports 80/443, you will NOT be able to get this to work. With that said, if 443 is available, you should be able to get it to function. I have a video on how to set up NPM on a Raspberry Pi, but not one on Ubuntu - though it should be fairly similar.
which ports do i have to forward? 443 -> 443 and 80->80 with both of them having the nginx ip?
That is correct!
@@WunderTechTutorials can I close Port 80 If I only want plex to Connect securely via HTTPS?
@@Naddel81able Sure!
So this method is as secure as the normal Plex ssl encryption they already have?
I always have an internal error when trying to apply SSL.
On my DNS (Cloudflare) i've created a A record with the IP of the Plexserver. Is that wrong?
That is the correct way of doing it, as long as you have a static external IP address. If it's dynamic, you will have to create a CNAME record and set up DDNS. Overall from a security standpoint, this is just as secure as using Plex's SSL.
Could this be possible or useful to access plex from remote behind a Carriare Grade NAT? I just have plex on my Desktop PC and want to access it from remote, my ISP has a CG-NAT system and I don't want to switch with a public static IP address.
Unfortunately, not that I know of. CG-NAT's are...not ideal for hosting services out of your house. They really hinder what you can and cannot do.
@@WunderTechTutorials Thank you anyways!
love your website man
Thanks a lot, I really appreciate it!
Hi bro. I want to add another port. For example 8096 is for emby but still uses the same domain. Is there a way to deploy. Thank you. Sorry my english is not good
Unfortunately, if you're using a reverse proxy, no. The idea would be that you would use a subdomain (emby.yourdomain.com and plex.yourdomain.com) and the reverse proxy would simply forward to the internal port (8096 in your example). I have a few videos up on reverse proxies that might help, but let me know if I can answer any other questions!
How do u add the domain to a Plex client such as the Android app?
Inside of the app, you should have the option to connect to a custom domain.
Everything seems to work but now the server status takes ages to show that someone is watching something. Yes, I did make sure not to use Cloudflare's proxy.
When you say server status, you mean on Plex?
would one use this method if Plex is being blocked on a work pc
That would depend on whether the business network's firewalls were simply blocking port 32400 or if they were using a "next gen" firewall (aka layer-7 firewall or application-aware firewall). This would probably get by network firewalls that were only blocking outbound port 32400. This would not fool application aware firewalls that actually inspect the packets to see what kind of application is being used. If the firewall was configured to block "plex" traffic, then this would still be blocked.
Will the App work from behind a reverse proxy?
Yes - you will have to update your Plex settings (on the server side) to use your domain, but as soon as you do, everything should work! Thanks for watching!
Does nothing to help you actually setup plex on a personal domain it doesn't even explain certs at all he even says this is not the typical way. Well no crap its not any way total waste of time.
I am getting ERR_CONNECTION_TIMED_OUT with sometimes 504 errror. I did all steps form your Nginx Proxy Manager videos, do you know a solution when you cant access your docker and normal services with this ?
Are you using a firewall by any chance? If you are, did you allow traffic on that port?
@@WunderTechTutorials I opent the ports for Nginx Proxy Manager container 4443->4443 and 8088->8088 tried also 443->4443 and 80->4443 and still not working with the synology nas. Did the same setup on a raspberry pi with portainer, what works. Must be something related to synology I am still figuring out why
Found a workaround, for some reason Nginx Proxy Manager is not longer working with the synology device it's ip to reverse proxy your synology app and docker requests , I needed to use my 172.*.*.* docker gateway ip inside Nginx Proxy Manager for the destination to fix the problem
@@faba002 I think this is the same issue im currently struggling with. NPM gets me a ERR_CONNECTION_TIMED_OUT page and its quietly added :5001 onto the address. Whatever DSM uses for HTTP/HTTPS access, thats whats appended each time, depending on whether you try for http or https. This suggests that NPM isnt even being asked for its input, DSM-RP is the bouncer and if it doesnt have my name on the list, it aint letting me in and points me to 5000/5001.
When you say you found a workaround by using the 172.x.x.x IP from docker, i dont seem to be getting any luck, but if try and visit those addresses myself in a browser or with ping, it timed out too, so im not sure if its inaccessible (172 addr) or the same underlying issue (DSM Bulldozing).
@WunderTech Anything here make any sense? Firewall is off (temp) & port forwarding should be working (its obviously arriving at the machine if DSM is influencing it). DSM-RP works if i set something up in there, but i'd like to try an use Authelia, and that needs more control than DSM-RP offers (it seemingly has Variable=Value, but nothing more complex).
Could I have Plex and Nginx installed on the same computer?
Yes, the setup would be different based on the type of device you're using, but you can set both up!
@@WunderTechTutorials This is great! Thanks for the quick reply. Ima try this. Wish me luck.
I keep getting 401 unathorized
When you try and access the domain name?
"Internal error" is all I get when I try to enable SSL as shown in the video. Can you give me a hint?
Do you have ports 80/443 open?
@@WunderTechTutorials works like a charm now. Started from scratch. Thanks. Great tutorial btw!
@@Naddel81able Hello, do you how to solved it?
@@WunderTechTutorials These should be opened on the router and not the server, correct? I feel like this is my very last step for the SSL cert that I can't get past.
@@doddsnow4714 Yes, that is correct. However, if you have a firewall on the server, you'll need to ensure those ports are opened as well.
Is this the same way for Emby as well or is it a different way?
It won't be the exact same, but 90% of it is similar.
@@WunderTechTutorials Ok, cause I was having issues with it.
Routing Plex through Cloudflare its against Cloudflare TOS. And can get you baned."Use of the Service for serving video (unless purchased separately as a Paid Service) or a disproportionate percentage of pictures, audio files, or other non-HTML content, is prohibited."
Thanks for letting me know. I'll look into this and update the video description.
This only applies if you're actually using them to hide your IP. If its just a DNS entry you're fine
ur video stopped at the part i was stuck on lol