New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
redirecting Plex without reverse proxy? (SOLVED)
I have searched and searched and cannot find the answer to this.
I setup Plex on Centos server and when I access the IP:32400/web works fine but if I access just IP:32400 (without the /web) I receive an XML file with my details (such as email address) in it. Searching around I only see people talking about using a reverse proxy to redirect / to /web but they are mostly wanting to use their own domain. I have been searching through the plex directories and cannot figure this out. Can anyone help? Or is reverse proxy my only answer?
[SOLVED] @NeoXiD message below solved the problem by adding the trusted network it blocked others without auth.
Thank you
Comments
If I'm not mistaken (and I might be) the xml you see on the index is needed when connecting to your server to your myplex account.
Reverse proxy is really they only way to remove that. I would suggest doing the proxy on a dedicated vhost so you can still have it function as designed using the ip or even a different vhost.
edit
Using a reverse proxy with vhost also allows you to get rid of the port requirement in the url
I'm no Plexpert
And make sure you change your plex password, they got hacked/penetrated couple days ago.
The root directory is actually required for MyPlex and various other applications (e.g. Plex for Android) which would like to gather information about your Plex server. As an example, /library/sections lists all your libraries. It's like some kind of XML API, you definitely can't change that behaviour without using a reverse proxy.
Thanks @joereid @NeoXiD I had a feeling that was the answer. Just seems odd that it would expose such information.
If you're just looking for the convenience of not having to type /web and/or a port number than nginx configured something like this should work just fine:
just replace [port] with the port you want to use, and [plexip] with the ip of your plex server
http { server { listen [port]; access_log off; error_log off; location / { proxy_pass http://[plexip]:32400/web/; } } }@tehdan I don't have an issue with having to type in the port:/web my problem was it exposing information in the public xml file.
Oh I see. Is this on a vps or a local server?
@tehdan dedicated box It also has a private Owncloud running (:443) - The box is not used for anything else.
There's even more information when you open URLs like /myplex/account, HOWEVER requests outside from your local network (non-RFC1918) require proper authentication, so that shouldn't be a problem at all.
If that mechanism should not work though, please follow this guide and start reading at Change Server Network Authorization Settings. By setting the list of allowed networks to 127.0.0.1/255.255.255.255 only, all connections not originating from the server itself require proper authentication over MyPlex and no sensitive data gets exposed.
Okay - the XML on the root directory should only show up on trusted networks (usually your internal network for a home server). If from /web you go into Settings -> Server -> Network and click 'Show Advanced' what does it say under 'List of networks that are allowed without auth' (don't post your IP if its in there...) ?
You can change this to 127.0.0.1/8. But then you'll find you get directed to authenticate via plex when you access /web (and the root XML will return a 401 error).
If you don't want to use plex auth, then you'd have to set up the reverse proxy (like my earlier example, and add some authorization), or set up a VPN. I think thats how people are doing it.
At a pinch, if you have a static IP I think you could reasonably add that to 'networks that are allowed without auth' to avoid reverse proxy / vpn setups.
@NeoXiD That worked by changing the Server Network Authorization Settings! Thank you!!
@tehdan I did that based on NeoXiD message.