HAproxy and Plex, help to understand
-
I'm currently using portforward with an alias permit (pfblockerng) in my NAT rule and its working great.
However, when I need to renew my certificates, I have to renew in pfsense (acme), then download the files and import to plex folder, lastly restart Plex service.
I have to do this for all my stuff here, not only Plex, so acme (cron) with haproxy would be able to do it automatically for everything and no service would need to be restarted.Have someone successfully implemented a Plex Server behind HAproxy?
Action plan based on my research so far:
- Install haproxy, not the devel version.
- Change pfsense GUI port as its currently listening on port 443, so I can use it for haproxy, or probably use a different port for HAproxy.
- Configure haproxy frontend to use my certificate when I call myplex.mydomain.org
- Configure haproxy backend to forward it to my Plex server and port.
- Unbound private-domain: "plex.direct" in Unbound (DNS Resolver) custom options is already set, so no changes here.
- In Plex server, disable bandwidth limits under Remote Access as they wouldn't work anymore.
- Not sure if its required - In Plex server, enable Treat WAN IP As LAN Bandwidth.
- Not sure if its required - In pfsense, NAT reflection w/ PURE Nat.
- Not sure if its required - In Plex app, set clients to Allow Insecure Connections to Always, and on the server, ensure that Settings -> Network -> Secure connections is set to Preferred.
- Not sure if its required - In Plex Server custom server access URLs, add myplex.mydomain.org.
-
@mcury said in HAproxy and Plex, help to understand:
I'm currently using portforward with an alias permit (pfblockerng) in my NAT rule and its working great.
However, when I need to renew my certificates, I have to renew in pfsense (acme), then download the files and import to plex folder, lastly restart Plex service.
I have to do this for all my stuff here, not only Plex, so acme (cron) with haproxy would be able to do it automatically for everything and no service would need to be restarted.Have someone successfully implemented a Plex Server behind HAproxy?
Action plan based on my research so far:
- Install haproxy, not the devel version.
- Change pfsense GUI port as its currently listening on port 443, so I can use it for haproxy, or probably use a different port for HAproxy.
- Configure haproxy frontend to use my certificate when I call myplex.mydomain.org
- Configure haproxy backend to forward it to my Plex server and port.
- Unbound private-domain: "plex.direct" in Unbound (DNS Resolver) custom options is already set, so no changes here.
- In Plex server, disable bandwidth limits under Remote Access as they wouldn't work anymore.
- Not sure if its required - In Plex server, enable Treat WAN IP As LAN Bandwidth.
- Not sure if its required - In pfsense, NAT reflection w/ PURE Nat.
- Not sure if its required - In Plex app, set clients to Allow Insecure Connections to Always, and on the server, ensure that Settings -> Network -> Secure connections is set to Preferred.
- Not sure if its required - In Plex Server custom server access URLs, add myplex.mydomain.org.
Well, I gave it throrough shot a couple of years back, and there was some non-standard HTTP going on in the Plex client to Plex server coms, that HAproxy could not handle. The PLEX Web gui worked fine, but not iOS clients.
I don’t know if this has gotten better - i seem to remember part of the issue back then was that PLEX had MAJOR issues with personal certificates instead of the built-in certificate solution done by plex themselves.
So I will be following your thread for progress. Your plan is sound if it can be made to work.