Configure Plex TLS with Tailscale on macOS

macos-plex-tls.sh

#!/bin/sh

DOMAIN='______.ts.net'
PASSWORD="____"

tailscale_cert="$HOME/Library/Containers/io.tailscale.ipn.macos/Data/${DOMAIN}.crt"
tailscale_key="$HOME/Library/Containers/io.tailscale.ipn.macos/Data/${DOMAIN}.key"
plex_cert="$HOME/Application Support/Plex Media Server/https.p12"


# 1. Generate a certificate for your Tailscale domain
tailscale cert "$DOMAIN"

# 2. Convert the above certificate to PKCS#12 as expected by Plex
openssl pkcs12 -export \
	-certpbeAES-256-CBC \
	-keypbe AES-256-CBC \
	-macalg SHA256 \
	--inkey "$tailscale_key" \
	-certfile "$tailscale_cert" \
	-in "$tailscale_cert" \
	-out "$plex_cert" \
	-passout "pass:$PASSWORD"

# 3. Configure Plex
defaults write com.plexapp.plexmediaserver -string customCertificateDomain "$DOMAIN"
defaults write com.plexapp.plexmediaserver -string customCertificateKey "$PASSWORD"
defaults write com.plexapp.plexmediaserver -string customCertificatePath "$plex_cert"
defaults write com.plexapp.plexmediaserver -string customConnections "https://${DOMAIN}:32400"