Skip to content

Instantly share code, notes, and snippets.

@spikegrobstein
Last active August 9, 2024 13:42
Show Gist options
  • Save spikegrobstein/4384954 to your computer and use it in GitHub Desktop.
Save spikegrobstein/4384954 to your computer and use it in GitHub Desktop.
nginx config for proxying requests for plex over a hostname-based virtualhost.
upstream plex-upstream {
# change plex-server.example.com:32400 to the hostname:port of your plex server.
# this can be "localhost:32400", for instance, if Plex is running on the same server as nginx.
server plex-server.example.com:32400;
}
server {
listen 80;
# server names for this server.
# any requests that come in that match any these names will use the proxy.
server_name
tv
plex
tv.example.com
plex.example.com;
# this is where everything cool happens (you probably don't need to change anything here):
location / {
# if a request to / comes in, 301 redirect to the main plex page.
# but only if it doesn't contain the X-Plex-Device-Name header
# this fixes a bug where you get permission issues when accessing the web dashboard
if ($http_x_plex_device_name = '') {
rewrite ^/$ http://$http_host/web/index.html;
}
# set some headers and proxy stuff.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
# include Host header
proxy_set_header Host $http_host;
# proxy request to plex server
proxy_pass http://plex-upstream;
}
}
@tafoya
Copy link

tafoya commented May 23, 2014

Woops...posted that in a plexpass only forum. Here is a better link. Cheers!

https://forums.plex.tv/index.php/topic/108070-cannot-play-media-from-wan/page-2?p=654460

@yrahcaz
Copy link

yrahcaz commented May 30, 2014

This works great so far! However, when I access my plex server from the LAN it requires me to login to an account rather than the typical LAN behavior of letting you go right in. I tried playing around and fixing it but was not successful. Anyway to make this happen?

@techmunk
Copy link

techmunk commented Jun 6, 2014

I think there was an update in plex recently which broke this for auto login. The below is the configuration I use that is working great for me.

The geo stuff allows me to say which IP address ranges are allowed "unrestricted" access, as I have plex configured to Require authentication on local networks. This means only 127.0.0.1 gets full access, but my local lan address of my plex box, needs to login. This means plex must be running on the same machine as nginx.

# Plex.
# Determine local or remote.
geo $geo {
  default           0;
  127.0.0.1/32      1;
  192.168.1.0/24    1;
}
upstream plex-upstream {
  server 127.0.0.1:32400;
}
upstream plex-remote-upstream {
  server 192.168.1.253:32400;
}
server {
  listen       80;
  server_name  plex;

  location / {
    set $test "";

    # If a request to / comes in, 301 redirect to the main plex page,
    # but only if it doesn't contain the X-Plex-Device-Name header or query argument.
    # This fixes a bug where you get permission issues when accessing the web dashboard.
    if ($http_x_plex_device_name = '') {
      set $test A;
    }
    if ($arg_X-Plex-Device-Name = '') {
      set $test "${test}B";
    }
    if ($test = AB) {
      rewrite ^/$ http://$http_host/web/index.html;
    }

    proxy_set_header    Host            $http_host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

    if ($geo = 1) {
      proxy_pass          http://plex-upstream;
    }
    if ($geo = 0) {
      proxy_pass          http://plex-remote-upstream;
    }

    # Plex proxy settings.
    proxy_redirect      off;
    proxy_buffering     off;

    ## Required for Websockets
    proxy_http_version      1.1;
    proxy_set_header        Upgrade         $http_upgrade;
    proxy_set_header        Connection      "upgrade";
    proxy_read_timeout      36000s;         ## Timeout after 10 hours
  }
}

@PlexSystemsInc
Copy link

Quick question is it possible to do the following:
After setting up a Plex for remote access and registering such server with plex.tv.
And after sharing the libraries on this server with another user
can I then set up and twin server with the exact configuration
register that second server with plex.tv
Setup a proxy load balancer and have the user sign in at plex tv and see any of the two servers behind the proxy as one? That is the short version. Remember BOTH server are mirror images of each other...

@HLFH
Copy link

HLFH commented Jun 22, 2014

Does somebody has the right configuration for Plex with HTTPS ?

@fliiiix
Copy link

fliiiix commented Aug 7, 2014

👍 thanks

@Caroga
Copy link

Caroga commented Oct 1, 2014

I'm very new to nginx and I've tried using this gist but to redirect traffic to plex when fetching from domain.tld/location instead of just domain.tld. E.g.: my.server.com/plex. I've tried the rewrite rule mentioned earlier but without success. Anyone has got this going, and if so, care to share the solution?

@alexgorbatchev
Copy link

If somebody wants to get /plex path to work, I have published my nginx configs for /plex and /deluge over at https://github.com/alexgorbatchev/nginx-plex-deluge-proxy

@g1lb3rt
Copy link

g1lb3rt commented Jan 6, 2015

I tried your conf file and it works great, however when I load my dashboard it can't reach my server. Could the NAT be causing the issue? Am currently Mapping a public IP to a private IP(Proxy) which then sends the request to the actual Plex server. Any help would be greatly appreciated.

@tolsadus
Copy link

Awesome <3

@james-d-hasselman
Copy link

Hey, thanks so much for this it really helped a lot! I had to modify it a little bit to get Plex working properly on my server so I'm dropping some information here in case anybody else runs into my problem.

OS: CentOS 7
Server version: 0.9.12.11.1406-8403350

Whenever I opened Plex in my browser and started clicking around I kept getting kicked back to the login screen and a notification would show saying

"<host> went away." 

This happened very frequently and would even interrupt shows I was watching and kick me back to the login page.

I checked the activity log and saw multiple instances of the same message.

Unable to listen for events on <host>

I looked in the nginx error log file (/var/log/nginx/error.log) and I found these error messages

2015/09/16 23:24:17 [error] 30117#0: *39 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.245, server: <host>, request: "GET /status/sessions HTTP/1.1", upstream: "http://[::1]:32400/status/sessions", host: "<host>", referrer: "http://<host>/web/index.html"
2015/09/16 23:25:14 [error] 30117#0: *88 upstream prematurely closed connection while reading response header from upstream, client: 192.168.1.245, server: <host>, request: "GET /:/websockets/notifications HTTP/1.1", upstream: "http://127.0.0.1:32400/:/websockets/notifications", host: "<host>"
2015/09/16 23:25:14 [error] 30117#0: *88 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.245, server: <host>, request: "GET /:/websockets/notifications HTTP/1.1", upstream: "http://[::1]:32400/:/websockets/notifications", host: "<host>"
2015/09/16 23:25:14 [error] 30117#0: *39 no live upstreams while connecting to upstream, client: 192.168.1.245, server: <host>, request: "GET / HTTP/1.1", upstream: "http://plex-upstream/", host: "<host>", referrer: "http://<host>/web/index.html"

After searching around for a long time with no results I noticed the config file posted by @techmunk and decided to take some pieces of it to see if they helped. The following is the resulting config file which solved my problem.

upstream plex-upstream {
    # change plex-server.example.com:32400 to the hostname:port of your plex server.
    # this can be "localhost:32400", for instance, if Plex is running on the same server as nginx.
    server localhost:32400;
}

server {
    listen 80;

    # server names for this server.
    # any requests that come in that match any these names will use the proxy.
    # replace <host> with actual server name (obviously).
    server_name <host>

    # this is where everything cool happens (you probably don't need to change anything here):
    location / {
        # if a request to / comes in, 301 redirect to the main plex page.
                # but only if it doesn't contain the X-Plex-Device-Name header
        # this fixes a bug where you get permission issues when accessing the web dashboard
        if ($http_x_plex_device_name = '') {
            rewrite ^/$ http://$http_host/web/index.html;
        }

        # set some headers and proxy stuff.
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # include Host header
        proxy_set_header Host $http_host;

        # proxy request to plex server
        proxy_pass http://plex-upstream;

        proxy_redirect off;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 36000s;
    }   
}

I no longer have any problems and the activity log shows the proper message

 Opened connection to <host>, listening for events.

Hopefully this helps someone else who is having the same issue I was.

@thejrose1984
Copy link

Getting errors trying to set this up in my existing nginx proxy...

Creating a new CONF for plex = http://pastebin.com/HUb8byv1
Creating a new CONF for plex-specific proxy = http://pastebin.com/TVb08q93
Output when restart nginx = http://pastebin.com/RNBZmm07

Please note using an IP address or resolved name makes no difference...

Any ideas?

@thanegill
Copy link

@james-d-hasselman solution worked for me with plex-pass version 0.9.15.1.

@jordancrawfordnz
Copy link

With redirecting to /web/index.html as above I had a problem connecting via the Plex.tv web app (with custom server access URL defined). I got a Response for preflight is invalid (redirect) message in the Chrome dev console.

If this happens to you, only redirect with its not an OPTIONS requests as below.

 # Redirect if not an options request.
    if ($request_method != OPTIONS ) {
        set $test A;
    }
    if ($http_x_plex_device_name = '') {
        set $test "${test}B";
    }
    if ($test = AB) {
        rewrite ^/$ http://$http_host/web/index.html;
    }

@thomasjwebb
Copy link

I had to add this for playing to work:

proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;

@alvaroaleman
Copy link

Wow this drove me absolutely nuts, thank you so much @thomasjwebb

@Subtletree
Copy link

Used @james-d-hasselman's code plus @thomasjwebb's header. worked perfectly. thanks guys

@BluSpoon
Copy link

I've managed to get the streaming working over the web in browser with the header from @thomasjwebb, but my Android clients fail to stream, the message recommends to restart the client and server.

iOS works fine.

Any suggestions?

Copy link

ghost commented Apr 23, 2016

I'm not sure what I'm doing wrong, this code doesn't seem to work. I tried Subtletree's combo of hasselman and thomaswebb's code and was met with this message:

nginx: [emerg] "upstream" directive is not allowed here in /usr/local/etc/nginxnginx.conf:1

I even went as far as copying the code directly from the zip and unzipping the file directly in it's place and get the same error message? I'm using nginx-1.8.1_2,2.

I don't know a terrible amount about reverse proxies except that I set up the first one for the majority of the services running in my Freenas box, and I wanted to get this to work for Plex to make it easier to access from everywhere. I will continue to read the documentation about nginx to see if I have something wrong or what have you until I see someone respond. Do I need to install additional packages to get this to work? Thank you for any insight into the matter!

update... got this to work. Problem was missing a lot of necessary code I think... I had to add some of the basic data like worker_processes 1; and some other code; is that code truly necessary for this to work? updated code below:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


upstream plex-upstream {
    # change plex-server.example.com:32400 to the hostname:port of your plex server.
    # this can be "localhost:32400", for instance, if Plex is running on the same server as nginx.
    server localhost:32400;
}

server {
    listen 80;

    # server names for this server.
    # any requests that come in that match any these names will use the proxy.
    # replace <host> with actual server name (obviously).
    server_name plex
                tv;

    # this is where everything cool happens (you probably don't need to change anything here):
    location / {
        # if a request to / comes in, 301 redirect to the main plex page.
                # but only if it doesn't contain the X-Plex-Device-Name header
        # this fixes a bug where you get permission issues when accessing the web dashboard
        if ($http_x_plex_device_name = '') {
            rewrite ^/$ http://$http_host/web/index.html;
        }

        # set some headers and proxy stuff.
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;

        # include Host header
        proxy_set_header Host $http_host;

        # proxy request to plex server
        proxy_pass http://plex-upstream;

        proxy_redirect off;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 36000s;
    }   
}
}

@doonga
Copy link

doonga commented May 6, 2016

I had to add a few things to get this all working:

        # Plex headers
        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
        proxy_set_header X-Plex-Device $http_x_plex_device;
        proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
        proxy_set_header X-Plex-Platform $http_x_plex_platform;
        proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
        proxy_set_header X-Plex-Product $http_x_plex_product;
        proxy_set_header X-Plex-Token $http_x_plex_token;
        proxy_set_header X-Plex-Version $http_x_plex_version;
        proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
        proxy_set_header X-Plex-Provides $http_x_plex_provides;
        proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
        proxy_set_header X-Plex-Model $http_x_plex_model;

The /web redirect was also a problem with the Fire TV, it doesn't send headers, it uses query strings so I had to make some tweaks there too otherwise the Fire TV would say that it couldn't connect.

                # Redirect if not an options request.
                if ($request_method != OPTIONS ) {
                        set $test A;
                }
                if ($http_x_plex_device_name = '') {
                        set $test "${test}B";
                }
                if ($arg_X-Plex-Device-Name = '') {
                        set $test "${test}C";
                }
                if ($test = ABC) {
                        rewrite ^/$ https://$http_host/web/index.html;
                }

Hopefully that helps someone.

@duntonr
Copy link

duntonr commented Sep 14, 2016

Doonga - helped me, thanks!

@shadycuz
Copy link

shadycuz commented Sep 20, 2016

I used Doonga's Headers but I'm not sure if it mattered. I used the orginal config in this gist but had to change proxy_pass http://plex-upstream; to proxy_pass http://plex-upstream/;

Notice the trailing / at the end? That made it work for me. Now when ever any one visits my URL they get plex and do not have to enter the port or the url.

@elvetemedve
Copy link

This configuration forces me to log into Plex account from LAN. So I can reach the Web GUI only from localhost. I'm running Plex Server 1.1.4.2757.
Am I the only one having this weird thing going on?

@Subtletree
Copy link

Had some problems setting this up for plex, couchpotato, sabnzbd etc.

Problems seem to have been fixed by changing:

upstream plex-upstream {
    server localhost:32400;
}

to:

upstream plex-upstream {
    server 127.0.0.1:32400;
}

@ometa
Copy link

ometa commented Jan 3, 2017

Hey all,

After a few hours of hacking and testing, I was able to get Plex Media Server v1.3.3.3148 working behind an NGINX reverse proxy on my local LAN, without it prompting for any authentication. Here is my gist with the configuration.

The key was the following configuration, which forces plex to see the request as coming from an IP in the whitelisted network:

    proxy_set_header        Host                      $server_addr;
    proxy_set_header        Referer                   $server_addr;
    proxy_set_header        Origin                    $server_addr; 

Hope this helps others!

Devin

@savahu
Copy link

savahu commented Feb 16, 2017

Having some problems with downloading (not streaming) movies from Plex, using this Nginx configuration.
The downloads stop after exactly 1024MB.
Any else tried to download something from their Plex server behind Nginx?

Edit: This is a Plex bug, I think.

https://forums.plex.tv/discussion/256039/download-stopping-at-exactly-1024mb#latest
https://www.reddit.com/r/PleX/comments/5ulg53/downloading_stops_after_1024mb/

@andrewm659
Copy link

So I am having this same problem on latest version of plex and version 1.10.2 of nginx.

Here is my code:

`upstream plex-upstream {
# change plex-server.example.com:32400 to the hostname:port of your plex server.
# this can be "localhost:32400", for instance, if Plex is running on the same server as nginx.
server asm-tv-pc01.me.local:32400;
}

server {
listen 80;

    # server names for this server.
    # any requests that come in that match any these names will use the proxy.
    server_name
            tv
            plex
            tv.example.com
            plex.me.local;

    # this is where everything cool happens (you probably don't need to change anything here):
    location /plex {
            # if a request to / comes in, 301 redirect to the main plex page.
            # but only if it doesn't contain the X-Plex-Device-Name header
            # this fixes a bug where you get permission issues when accessing the web dashboard
            if ($http_x_plex_device_name = '') {
                    #rewrite ^/$ http://$http_host/web/index.html;
                    rewrite /plex(/.*) $1 break;
            }

            # set some headers and proxy stuff.
            # Plex headers
            proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
            proxy_set_header X-Plex-Device $http_x_plex_device;
            proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
            proxy_set_header X-Plex-Platform $http_x_plex_platform;
            proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
            proxy_set_header X-Plex-Product $http_x_plex_product;
            proxy_set_header X-Plex-Token $http_x_plex_token;
            proxy_set_header X-Plex-Version $http_x_plex_version;
            proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
            proxy_set_header X-Plex-Provides $http_x_plex_provides;
            proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
            proxy_set_header X-Plex-Model $http_x_plex_model;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_redirect off;

            # include Host header
            proxy_set_header Host $http_host;
            proxy_set_header        Host                      $server_addr;
            proxy_set_header        Referer                   $server_addr;
            proxy_set_header        Origin                    $server_addr;

            # proxy request to plex server
            proxy_pass http://plex-upstream;
    }

}
`

Getting this in my logs:

2017/03/15 19:37:37 [error] 65282#100149: *1 open() "/usr/local/www/nginx/plex" failed (2: No such file or directory), client: 10.150.1.192, server: localhost, request: "GET /plex HTTP/1.1", host: "nginxtest.me.local"
2017/03/15 19:40:37 [error] 65944#100248: *2 open() "/usr/local/www/nginx/plex" failed (2: No such file or directory), client: 10.150.1.192, server: localhost, request: "GET /plex HTTP/1.1", host: "nginxtest.me.local"
2017/03/15 19:42:21 [error] 66013#100268: *1 open() "/usr/local/www/nginx/plex" failed (2: No such file or directory), client: 10.150.1.192, server: localhost, request: "GET /plex HTTP/1.1", host: "nginxtest.me.local"

@jeaber
Copy link

jeaber commented Dec 6, 2017

thanks

@BeyondEvil
Copy link

Did you ever get it working @andrewm659 ?

@dsculptor
Copy link

dsculptor commented Aug 24, 2021

Update: The original gist without the proxy_set_headers as mentioned in follow-ups works well.
Thanks @spikegrobstein.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment