-2

I'm running the latest version of Plex Media Server: Version 1.31.2.6810. Under my Plex server's Network settings, I specified my custom domain names:

Custom server access URLs: https://plex.mydomain.com,https://mediaplex.mydomain.com

However, in Plex's console log, I keep getting the below message; which I don't my plex clients to be treated as 'non-local'

"Request came in with unrecognized domain / IP 'plex.mydomain.com' in header Referer; treating as non-local"

SOLUTION:

Thanks to @patriotyk's answer, I was able to finally make the ultimate nginx plex reverse proxy for custom domain names; assuming the plex network configuration settings are correct. I also posted my gzip settings; to get the fastest possible Plex client performance if you have enough spare CPU horsepower. I also did NOT disable proxy_buffers (like most online Plex nginx config examples) since I'm consistently getting noticeably faster performance with it enabled (in combination with Gzip compression level=9 [max] and gzip_min_length=256). All TV/Movie posters just display at the same time in short bursts.

nginx.conf

http {
    gzip on;
    gzip_vary on;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_comp_level 9;
    gzip_disable "MSIE [1-6]\.";
    gzip_types
        text/css
        text/xml
        text/plain
        text/javascript
        text/cache-manifest
        text/x-cross-domain-policy
        application/javascript
        application/x-javascript
        application/json
        application/manifest+json
        application/xml
        application/xml+rss
        application/xhtml+xml
        application/rss+xml
        application/rdf+xml
        application/atom+xml
        application/atom_xml
        application/geo+json
        application/ttf
        application/x-ttf
        application/x-font-ttf
        application/x-font-otf
        application/x-font-truetype
        application/x-font-opentype
        application/x-web-app-manifest+json
        application/vnd.ms-fontobject
        font/eot
        font/otf
        font/ttf
        font/opentype
        image/svg+xml
        image/x-icon
        image/bmp;
    geo $lan {
        default 0;
        192.168.1.0/24 1;
    }
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    upstream plex_backend {
        server 192.168.1.2:32400;
        keepalive 32;
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name plex.mydomain.com mediaplex.mydomain.com;
        client_max_body_size 0;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root html;
        }
        location / {
            if ($http_x_plex_device_name = '') {
                rewrite ^/$ /web/index.html;
            }
            proxy_pass                          http://plex_backend;
            proxy_set_header Host               192.168.1.2;
            proxy_set_header Referer            https://192.168.1.2:32400;
            proxy_set_header Origin             192.168.1.2;
            proxy_http_version                  1.1;
            proxy_cache_bypass                  $http_upgrade;
            proxy_set_header Upgrade            $http_upgrade;
            proxy_set_header Connection         $connection_upgrade;
            proxy_set_header Accept-Encoding    "";
            proxy_set_header X-Real-IP          $remote_addr;
            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_set_header X-Forwarded-Host   $host;
            proxy_set_header X-Forwarded-Port   $server_port;
            proxy_set_header Sec-Websocket-Extensions $http_sec_websocket_extensions;
            proxy_set_header Sec-Websocket-Key $http_sec_websocket_key;
            proxy_set_header Sec-Websocket-Protocol $http_sec_websocket_protocol;
            proxy_set_header Sec-Websocket-Version $http_sec_websocket_version;
            proxy_connect_timeout               300;
            proxy_send_timeout                  300;
            proxy_read_timeout                  300;
            proxy_buffers                       512 512k;
            proxy_buffer_size                   512k;
            proxy_busy_buffers_size             512k;
            proxy_redirect off;
        }
    }

}

After using this configuration, instead of getting the below message repeated over and over again in the Plex console log:

"Request came in with unrecognized domain / IP 'plex.mydomain.com' in header Referer; treating as non-local"

I get:

Request: [192.168.1.2:31997 (Allowed Network (Subnet))] GET /status/sessions (14 live) #dc855 Signed-in

enter image description here

MKANET
  • 573
  • 6
  • 27
  • 51
  • 1
    Bountied questions cannot be closed but this question SHOULD be closed because it has absolutely nothing to do with programming. This question may belong on serverfault.com or superuser.com. See https://stackoverflow.com/help/on-topic. – anothermh Apr 10 '23 at 04:22
  • Thanks. But, there are plenty of similar questions on StackOverflow on this topic. None of them were closed; and, considered acceptable questions. I just wanted to see if I could get a definitive answer via a bounty. – MKANET Apr 10 '23 at 15:42
  • There are plenty of off-topic questions on StackOverflow, you're right. This is one of them. It has nothing to do with programming. It has to do with how to manage a web server. – anothermh Apr 10 '23 at 15:43
  • I use plex v1.32.0.6918 and I see no option to Treat WAN as LAN bandwidth, but otherwise your config works for me. Do you see any `Using X-Forwarded-For: 171.59.141.63 as remote address` in your logs? What IPs can you see there (local or public)? – GChuf Apr 11 '23 at 11:47
  • Thanks. I think you're confusing 2 different things. What I'm talking about is a message that appears in Plex server's console, it's not a setting.My config "works" for me too. However, if you look in the Plex server console, you will see the same message as I get. – MKANET Apr 11 '23 at 15:24

2 Answers2

1

As you said that 192.168.1.2 works well for you. You can pass it to the plex. So in your nginx config file replace

proxy_set_header Host $host;
proxy_set_header Referer $host;
proxy_set_header Origin $host;

with:

proxy_set_header Host 192.168.1.2;
proxy_set_header Referer https://192.168.1.2:32400;
proxy_set_header Origin 192.168.1.2;
patriotyk
  • 497
  • 3
  • 13
  • Thank you for your help. I wish it were that simple. Currently, when I ping plex.mydomain.com directly on the server (or anywhere else in the world) it resolves to my public IPv4 address. If append my HOSTS file to associate the server's internal/private IP address with plex.mydomain.com (adding `192.168.1.2 plex.mydomain.com` to the HOSTS file), then, restart Plex server, the problem is still there. – MKANET Apr 12 '23 at 20:58
  • How do you run plex server? In the docker? where you change /etc/hosts? – patriotyk Apr 13 '23 at 14:00
  • Plex runs on a Windows 11 PC, no docker. hosts file: `C:\Windows\System32\drivers\etc\hosts`. After I added `192.168.1.2 plex.mydomain.com` to hosts file, I could ping `plex.mydomain.com`; and, it would resolve to 192.168.1.2. However, it didn't make any difference in Plex console... still getting that message over and over again. – MKANET Apr 13 '23 at 16:01
  • Okey I got you. Do you see such error when you open plex by IP http://192.168.1.2:32400 and http://127.0.0.1:32400 ? – patriotyk Apr 13 '23 at 16:48
  • When I try 127.0.0.1:32400 locally on the server, I see the messages in my Plex log: `Request came in with unrecognized domain / IP 'mydomain.net' in header Host; treating as non-local` – MKANET Apr 13 '23 at 23:55
  • what about 192.168.1.2:32400 ? – patriotyk Apr 14 '23 at 07:58
  • Yes, Plex treats 192.168.1.2:32400 as a local connection. But, not sure how that would help me prevent that from happening when using plex.mydomain.com – MKANET Apr 14 '23 at 23:36
  • Good, than you can configure NGINX to pass this ip address in Host header instead of real host. I will update my answer in 5 minutes. – patriotyk Apr 15 '23 at 18:28
  • I was excited to try this. Unfortunately, it made no difference. I am still seeing the same message. It looks like something else is triggering this message that we are not considering. – MKANET Apr 15 '23 at 22:23
  • But now it says about Referer header, right? So looks like it additionally checks Referer header too. You need to update it to. just replace with `proxy_set_header Referer 192.168.1.2;` And also do this with Origin header, replace with `proxy_set_header Origin 192.168.1.2;` – patriotyk Apr 16 '23 at 08:34
  • I think we're completely missing something fundamental. I used the 3 lines you suggested in your latest answer using 192.168.1.2 instead of $HOST. However, it's not making any difference. Please see the full debug log when I go to `https://plex.mydomain.com` with my MS Edge web browser: https://pastebin.com/KjSvKi2F – MKANET Apr 16 '23 at 21:05
  • I think this issue is caused by the hostname of the PC hosting Plex does not match the DNS name. Per the reddit post here: https://www.reddit.com/r/docker/comments/cktrya/request_came_in_with_unrecognized_domain_ip_xpost/ it says: EDIT: For anyone that is having the same issue, change "hostname: plex" to "hostname: plex.${DOMAIN}. Is there any way I can fix this without actually changing the hostname of my Windows PC? – MKANET Apr 16 '23 at 21:16
  • from the logs I see that you have not changed Referer header because it says that domain is plex.mydomain.com. – patriotyk Apr 17 '23 at 08:26
  • Also I have updated my amswer because Referer should be url. Make sure you are applying your changes. Also if NGINXs config is incorrect, NGNIX may use old one – patriotyk Apr 17 '23 at 08:49
  • I just tried your latest suggestion. Unfortunately, it didn't make a difference. See log: https://pastes.io/rhyu2pigx3. Not sure what else to try. – MKANET Apr 21 '23 at 00:02
  • Logs are very clear here. It says that Plex receives "Referer: plex.mydomain.com" but it should be "Referer : https://192.168.1.2:32400". I believe you have broken nginx config. Could you show you main errors.log from NGINX server? – patriotyk Apr 21 '23 at 18:34
  • There are no errors at all in the nginx `error.log` file during Plex client authentication. However, please find the respective NGINX.log entries during Plex client authentication: https://pastebin.com/Zf9HCmjD Maybe, this will help. – MKANET Apr 21 '23 at 22:10
  • Ok, then the only way to see what PLEX receive is sniffer. Install wireshark and start sniffing loopback interface. Then open in browser https://plex.mydomain.com then stop sniffing and find in list http request to 127.0.0.1:32400 and in context menu click 'follow tcp stream' It should show data that NGINX send to plex. – patriotyk Apr 22 '23 at 19:13
  • I didn't install Wireshark. But, I did the next best thing.. I enabled NGINX debug logging for plex (see link). I obfuscated my Plex token. https://1drv.ms/u/s!Ao1OD_Zte2lpobJtLCqpf4-TJA6qKg?e=S3ytfz – MKANET Apr 23 '23 at 00:42
  • I am not able to open this link. Maybe you should give some permissions. – patriotyk Apr 23 '23 at 08:46
  • Sorry, I just fixed it: https://1drv.ms/u/s!Ao1OD_Zte2lpobJtd5GrnhZbzLxEYA?e=2U9IYP – MKANET Apr 23 '23 at 09:00
  • PS: I noticed in the debug log I just posted, it keeps saying `http2 output header: "access-control-allow-origin: app.plex.tv"` Maybe "app.plex.tv" needs to be changed to "plex.mydomain.com" somehow? – MKANET Apr 23 '23 at 09:12
  • No, logs are clear, look: ` GET /web/index.html HTTP/1.1 Host: plex.mydomain.com Referer: plex.mydomain.com Origin: plex.mydomain.com X-Real-IP: 192.168.1.1 X-Forwarded-Proto: https X-Forwarded-For: 192.168.1.1 ..... ` Do you see? Host, Referer and Origin headers are old. Like in your initial configuration. So you didn't apply configuration I suggested. – patriotyk Apr 23 '23 at 10:06
  • I had reverted back to my original settings since your settings didn't actually fix the issue. Anyway, I just put your suggested settings back while running the debug log. Here it is: https://1drv.ms/u/s!Ao1OD_Zte2lpobM9B80dkrpMzjUyXA?e=za7M4q – MKANET Apr 23 '23 at 18:56
  • And where is error here? – patriotyk Apr 25 '23 at 07:19
  • I couldnt find an error either. – MKANET Apr 25 '23 at 09:07
  • I tried this again; this time I started from, scratch.. only adding lines I actually needed. This time it was successful! Your answer here was what ultimately helped me to do what I want. Thank you so much for your patience. I will make your answer the correct answer to my question; and give you the claim to this bounty. However, I will post my fully working nginx code in my original question for others to use in the future. – MKANET Jul 20 '23 at 19:43
  • I just realized that the bounty is no longer active.. not sure what I can do. Anyway, I'm very grateful for @patriotyk's help with this. – MKANET Jul 20 '23 at 20:52
0

As per your questions the error message says:

"Request came in with unrecognized domain / IP 'plex.mydomain.com' in header Referer; treating as non-local"

In your nginx config you are explicitly passing the $host variable to this header.

proxy_set_header Referer $host;

From the Nginx docs here the host variable will hold:

$host

in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request

It would appear that the value being passed here does not match your configured domain names in the plex config.

You could investigate the value by adding a location block and browsing to it.

    location = /showhost {
        default_type text/html;
        return 200 "Host: $host" ;
    }

If this variable is not set to an appropriate value it might be to worth trying a different var for example $host_name

You could just explicitly pass localhost or one of your configured server names as the header value.

Stephen Dunne
  • 419
  • 1
  • 5
  • 13
  • When I browse to `/showhost`, it shows: `Host: plex.mydomain.com`. Sorry I'm not sure what you mean by "You could just explicitly pass localhost or one of your configured server names as the header value." Could you please give me an explicit example as a solution? – MKANET Apr 13 '23 at 16:21
  • @MKANET ok, so the host variable is set as would be expected. It seems plex is not reconciling this setting with your configured server names. You could change the nginx config to pass localhost explicitly by changing the line to `proxy_set_header Referer "localhost";` That may force plex to recognise the traffic as local. – Stephen Dunne Apr 13 '23 at 16:26
  • Changing `proxy_set_header Referer $host;` to `proxy_set_header Referer "localhost";` doesn't make any difference, unfortunately. Still getting the same message. If I were to post my entire NGinx conf file, do you think you would be able to figure out what's wrong? – MKANET Apr 13 '23 at 16:49
  • Is there a way to figure out what Plex is actually expecting if it's not `plex.mydomain.com`? – MKANET Apr 13 '23 at 16:54
  • Looking at the Plex documentation it suggests the custom server URLs should include the port number. Have you tried that? – Stephen Dunne Apr 13 '23 at 21:59
  • Alternatively the request from nginx to Plex could be configured not to forward the headers. And then it should be treated as any request to localhost. So remove # Forward real ip and host to Plex proxy_set_header Host $host; proxy_set_header Referer $host; proxy_set_header Origin $host; proxy_set_header X-Real-IP $remote_addr; – Stephen Dunne Apr 13 '23 at 22:05
  • I changed custom server urls to: `https://plex.mydomain.com:443,https://mediaplex.mydomain.com:443` in Plex settings. I also removed `proxy_set_header Host $host;`, `proxy_set_header Referer $host;`, `proxy_set_header Origin $host;` , and `proxy_set_header X-Real-IP $remote_addr;` from nginx config. Still no difference. – MKANET Apr 13 '23 at 23:20
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/253144/discussion-between-mkanet-and-stephen-dunne). – MKANET Apr 14 '23 at 02:39