New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Plex is like 60% self hosted. They have a relay service that they're throttling.
Relay service for the servers which can't accept direct connections, aka behind NAT? How is it related to Hetzner then?
From what I heard it's not just the relay service. Most people that I know access Plex via the app.plex.tv web interface or use their apps. Both rely on Plex's auth servers and APIs to work. Naturally, any server that can be accessed outside LAN also rely on the auth servers and APIs.
Two people I know that have their Plex servers at Hetzner told me that their server just disappeared from the server list on app.plex.tv and apps.
I probably would've had the same issue if I didn't set my Plex server to go through a VPN before the blocks came into place. Any connections for media playback still go directly to the Hetzner server, so it's practically just any connection from the Plex server for auth/API/calling home etc, where using a VPN doesn't affect much at all since those requests don't use much bandwidth or anything.
probably a legal reason they can't block it entirely so by keeping it slowed down is not breaking neutrality laws or something similar?
I can confirm that mine has also dissapeared now.
yeah, this works
really easy to circumvent using gluetun and your own wireguard server hosted literally anywhere else, for example
I think Plex uses direct connection when 32400 port is accessible from outside, or when Plex remote access is disabled and custom server URL is being used instead. Plex relay is forced only when server can't accept direct connections, this behavior is enabled by default but can be turned off. Looks like first it happened on the 12th for some, but after that Plex servers just started disappearing in clients.
Looks like even when remote access feature of Plex is disabled and custom server access URL is being used instead, it will still be blocked: https://forums.plex.tv/t/plex-server-blocked-at-hetzner-custom-hosting-not-using-plex-remote-services/856558
It does feel like there is some kill switch, maybe it was there for a long time since I've heard plex shares being banned before (but looks like they used to ban accounts instead). I did not see any info yet about server version correlation with the blocks.
It seems like Plex checks IP at the moment the server is claimed. Person with local Plex used VPN to Hetzner and noticed it when his server disappeared, he reset the claim (probably by removing PlexOnline* from Preferences.xml), then lost access right after claiming manually, but can continue to use when unclaimed. Looks like Plex makes a similar IP check for the already claimed servers at some point, which makes a server become inaccessible even on LAN. Some say it happens during auth on plex.tv and if it’s coming from a Hetzner IP, it will be blocked.
Also Plex uses their plex.direct domain redirect trick to use their SSL, and puts external server IPs as part of their URLs, which can be witnessed in the network requests when using the web ui. Not sure if it plays a part in the current block. It was discussed at length, for example here and here, and also in this post.
Currently the block can be successfully circumvented by using some tunnel (gluetun with either a VPN provider or custom wireguard/ovpn on VPS) and, at least with VPN providers due to poor port forwarding, also using a reverse proxy put in custom server URLs in Plex, otherwise it forces the relay. I wonder if more effective ways exist, but it requires more knowledge on how Plex communicates with its servers.
You can avoid the poor port forwarding problems of VPNs and forced relay use by routing thru cloudflare's proxy for the custom server URL. I got mine setup where plex sees both the VPN and cloudflare's proxy IP addresses.
Surprisingly I get better peering this way than previously with a direct connection to hetzner