Another approach to multi-users and sharing

sso
plexauth
sharing
nginx
multi-users

#1

After a few weeks of use, here is my feedback on this awesome tool.

For me, Quickbox is a great tool for anyone who wants to get a functional seedbox quickly and effortless. Thanks to its flexibility and simplicity, this tool is suitable for both beginners and experienced users. This is a good thing because the personal seedbox was so far not accessible to novices.

Here is my personal approach to what would be the perfect seedbox. Personally, I use the seedbox with my family and friends. Some of them do not practice much computers, so eventually all they want is to be able to stream the content of the seedbox on television and occasionally ask for specific content that they would like to watch/re-watch.

I don’t really understand all these seedbox management scripts that allow to make multi-users environment on rutorrent/transmission, Couchpotato, Rickrage, etc … It can indeed be useful when you wish to sublet a part of your server, but it does not make sense anymore when you just want to share it with friends. In this case I think it unnecessary to divide the server (own libraries, quota, etc …) while most of the downloaded content will be identical on the majority of users. It does not make sense to have the same content stored in the server several times, while its storage space is limited. And without forgetting the [precious] resources lost in unnecessary instances.

Personally, I see Quickbox as a tool for the management of our seedbox, which allows to manage it very easily.
But the multi-user part does not interest me at all. Users of my seedbox need only access to the web interface of Plex (for the stream PC), PlexRequest (for occasional requests) and to the download folders (for the content they want keep) ; and why not a small forum for exchanges between users.

I don’t want to clutter my users with multiple usernames/passwords. It is important that the way to access these services is as simple as possible. And since my users are forced to create a Plex.tv account to stream the content of the seedbox, the most elegant solution to access the other services of the seedbox would be to authenticate themselves with their Plex account. (as PlexRequest does)

By looking a bit on Internet, there are already some solutions that allow single authentication using the Plex account, but unfortunately these solutions are based on the nginx’s auth_request module. No solution is available for Apache.

I know that a Nginx version for Quickbox is being developed. I will be attentive in the evolution of Quickbox, but in the meantime I am constrained not to use Quickbox in this state and to restart on a personal solution:

  • Plex Media Server (already using Plex authentication)
  • PlexRequest (already using Plex authentication)
  • Transmission (admin only)
  • Pyload (admin only)
  • Couchpotato (admin only)
  • SickRage (admin only)
  • PlexPy (admin only)
  • Nginx in reverse proxy (with PlexAuth module)
  • h5ai (with PlexAuth module for users access)

As well as some automations:

  • Plex librairies refresh script when Transmission/Pyload has completed a download
  • Monit:
    • Restarting failed services
      
    • cronjob to restart services once a day, during the night (= better stability of services)
      
    • monitors free disk space and triggers a script to delete the oldest content (= FIFO mode)
      

Now, users of my seedbox have access only to the Plex Web Player, PlexRequest and h5ai; using a unique username/password, their personnal Plex.tv account. This was the goal :wink:

Do not pay attention to my poor English, sorry for that!


#2

So really, the only app you’re adding the PlexAuth for is h5ai, right? Everything else is either already using it or is admin only. I would probably build this with haproxy as my load balancer and then have that direct to apache or nginx depending on the request. This leaves the base quickbox as is except changing its ports to a non-standard port so that haproxy can listen on the 443.


#3

Yep, it’s the only app for now… according to my point of view, the services installed on the server can be classified into 2 main categories: “backend” services to drive the server and “frontend” services accessible to users. Using PlexRequests to handle user requests, I don’t think they need access to Transmission/Pyload, Couchpotato/Sickrage/Headphones, or even PlexPy. (my users do not care and they couldn’t use them anyway)

The method to authenticate to the backend services may be any one, since it is intended only for server administrators. On the other hand, the method to authenticate to the frontend services must be simple and unified. This is what PlexAuth allows and so in the future the new “frontend” services will use this method of authentication.

That is why I would like to stay with that.

What you propose: using HaProxy with Apache and Nginx to make work together is very tempting, I will look at this, more closely. But run two web servers and HaProxy, to use only one service occasionally, does not seem very optimized to me.

Anyway, thank you for the trick :relieved: