Interesting because it didn’t start working for me until I did that. Wonder why? All my devices work now except my Nvidia Shield with Kodi and the plex add-on. Does anyone have any evidence of this being a problem with this particular setup?
Another quick question. What settings are needed to make Plexpy work again with this setup? I can’t figure that out just yet.
local address should still work. i think.
You might check the existing proxy config for Apache and plexpy to see if the address includes a base url, I can’t remember off the top of my head, but I think it does.
Just match the proxy pass and you should be good.
no using localhost works just fine with this setup just figured that out.
It seems the issue is resolved in version 17. I don’t know if you have much control over the Kodi version on shield, but you could try checking for updates.
so just learned/discovered doing this for a setup might not be ideal for sharing if you wish to log ip that people are using as it will log it as a local ip 127.0.0.1
using plexpy.
Hey guys, So it’s been a long time since I’ve done anything this technical and to be quite honest I’m very inexperienced when it comes to DNS and domains. I have my domain, have registered with cloudflare and moved the Name servers of domain over to cloudflare. How do I add my failover ip to subdomain ? Is this done through cloudflare, my host(Hetzner) or where I got my domain? Thanks for the help!
did you order the failover from hetzner? if so then you just add it to the cloudflare dns entries. then give it a subdomain so that you can set it up with the settings in this wiki.
I have finally gotten this to work. I can immediately tell a difference in speed from what I’ve been dealing with! Loading is significantly faster and the constant buffering issues I was dealing with seem non-existent. Thanks for the help and thanks for the wiki!
1 Like
My and my shares IPs are still being logged properly here.
Good to hear 
is there a way to change the button on the quickbox dashboard to go to the url? instead of ip:port which doesnt seem to work after doing this (im guessing its the part about blocking ports and changing access url)
thanks a bunch for this guide Liza, worked perfectly my first attempt and my peering is SO SO much better/quicker
1 Like
Hi Liza,
I followed the guide and everything works until I attempt to access Plex via https://plex.yourdomain.com. I set up my keys correctly and that test command to make sure everything works reported the test successful. When I enter https://plex.yourdomain.com on my browser, I get a “Connection Refused” error. When I go to plex.yourdomain.com it shows a “It Works!” Apache page. Any idea on what could be the problem?
I followed the guide and everything seems to work for Plex, except when I now go to the Quickbox home page at my domain I now get Privacy Error “Your connection is not private” If I proceed and open Rutorrent I get a lot of errors
[02.04.2017 19:55:46] WebUI started.
[02.04.2017 19:55:58] Bad response from server: (0 [error,portcheck])
[02.04.2017 19:55:59] Bad response from server: (0 [error,getintervals])
[02.04.2017 19:55:59] Bad response from server: (0 [error,setuisettings])
[02.04.2017 19:56:01] Bad response from server: (0 [error,setuisettings])
[02.04.2017 19:56:01] Bad response from server: (0 [error,gettotal])
I tried followed the steps in the install lets encrypt thread and everything seems ok but still get connection not secure and the errors
Also when I run sudo nginx -t I get this message “nginx: [warn] duplicate MIME type “text/html” in /etc/nginx/sites-enabled/plex.conf:58” But the test is successful.
If i remove iptables -A INPUT -p tcp --dport 32400 -j DROP I can see the server on my Samsung JS tv however when I reboot the rule comes back.
Could be a potentially incorrectly setup plex.conf but it could also be an issue through CloudFlare – did you make sure to change the SSL type in your CF panel to at least full or full (strict)?
Nothing should be affected at all in the apache configuration, all we do is change the IP we bind to nothing else. The “Connection is not Private” error is in relation to a self-signed certificate or a certificate for a domain that is assigned to another domain than the one in use.
That warning message is just a warning and wouldn’t affect anything in your setup.
The Samsung TV is a known issue with CloudFlare proxy (see the note in the top paragraphs), in order to remove the rule permanently edit the file /etc/iptables/rule.v4 to prevent the rule from being applied at start up.
Yep my apologies. Forgot to enter my actual domain name when producing the SSL certificate. All is well now!
One quick question: I noticed this does not work on my PS4 console. Is this a limitation due to using CF? If I wanted to use my PS4 to stream my media, what would be the process?
Thanks
There is a newer version of the conf on github which leaves port 80 default as http. If you remove the file /etc/nginx/sites-enabled/default and allow the server to connect to plex on port 80, it will start to work – you’ll also need to add http://plex.yourdomain.com:80 to the custom access urls. However once enabled, it will allow these clients to connect via unsecure connections
Thank you for your reply.
Is there any possibility of you walking me through it by chance? I can pay you for your time and effort if you’d like. This is just honestly way over my head and had to re-do the tutorial several times. Just don’t want to mess it up again
Thanks
The first thing to do is check whether or not your plex.conf contains a forward block so that all traffic to port 80 is redirected to port 443.
The old version of the conf has this block:
server {
listen IP.OF.FAIL.OVER:80;
server_name plex.EXAMPLE.COM;
#See notes below (SSLLabs likes this on http as well as https)
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
return 301 https://$host$request_uri;
}
If your file has this, we want to move the listen parameter in this block to the next (main) server block then remove this server block.
Cut
listen IP.OF.FAIL.OVER:80;
And paste it right above the line
listen IP.OF.FAIL.OVER:443 ssl http2;
Then remove the old server block entirely:
server {
server_name plex.EXAMPLE.COM;
#See notes below (SSLLabs likes this on http as well as https)
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
return 301 https://$host$request_uri;
}
Save the changes and exit.
Remove the file /etc/nginx/sites-enabled/default.
rm /etc/nginx/sites-enabled/default
Restart nginx
systemctl restart nginx
Finally in plex, add a second custom access url
http://plex.yourdomain.com:80
Make sure in network connections in Plex that SSL connetections are not set to required.
This should allow clients to access plex via http rather than https and will let clients such as Samsung SmartTVs and PS4s connect to the proxy (albeit insecurely)
I’m hesitant to add this to the main tutorial because I’m unsure of how this will affect future renewals of letsencrypt because we are effectively removing the webroot by deleting the default conf.
If this is too confusing, feel free to PM me and we can discuss options.