Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy and Plex, help to understand

    Scheduled Pinned Locked Moved
    pfSense Packages
    4
    4
    3.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury
      last edited by mcury

      I'm currently using portforward with an alias permit (pfblockerng) in my NAT rule and its working great.

      However, when I need to renew my certificates, I have to renew in pfsense (acme), then download the files and import to plex folder, lastly restart Plex service.
      I have to do this for all my stuff here, not only Plex, so acme (cron) with haproxy would be able to do it automatically for everything and no service would need to be restarted.

      Have someone successfully implemented a Plex Server behind HAproxy?

      Action plan based on my research so far:

      • Install haproxy, not the devel version.
      • Change pfsense GUI port as its currently listening on port 443, so I can use it for haproxy, or probably use a different port for HAproxy.
      • Configure haproxy frontend to use my certificate when I call myplex.mydomain.org
      • Configure haproxy backend to forward it to my Plex server and port.
      • Unbound private-domain: "plex.direct" in Unbound (DNS Resolver) custom options is already set, so no changes here.
      • In Plex server, disable bandwidth limits under Remote Access as they wouldn't work anymore.
      • Not sure if its required - In Plex server, enable Treat WAN IP As LAN Bandwidth.
      • Not sure if its required - In pfsense, NAT reflection w/ PURE Nat.
      • Not sure if its required - In Plex app, set clients to Allow Insecure Connections to Always, and on the server, ensure that Settings -> Network -> Secure connections is set to Preferred.
      • Not sure if its required - In Plex Server custom server access URLs, add myplex.mydomain.org.
      keyserK 1 Reply Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @mcury
        last edited by

        @mcury said in HAproxy and Plex, help to understand:

        I'm currently using portforward with an alias permit (pfblockerng) in my NAT rule and its working great.

        However, when I need to renew my certificates, I have to renew in pfsense (acme), then download the files and import to plex folder, lastly restart Plex service.
        I have to do this for all my stuff here, not only Plex, so acme (cron) with haproxy would be able to do it automatically for everything and no service would need to be restarted.

        Have someone successfully implemented a Plex Server behind HAproxy?

        Action plan based on my research so far:

        • Install haproxy, not the devel version.
        • Change pfsense GUI port as its currently listening on port 443, so I can use it for haproxy, or probably use a different port for HAproxy.
        • Configure haproxy frontend to use my certificate when I call myplex.mydomain.org
        • Configure haproxy backend to forward it to my Plex server and port.
        • Unbound private-domain: "plex.direct" in Unbound (DNS Resolver) custom options is already set, so no changes here.
        • In Plex server, disable bandwidth limits under Remote Access as they wouldn't work anymore.
        • Not sure if its required - In Plex server, enable Treat WAN IP As LAN Bandwidth.
        • Not sure if its required - In pfsense, NAT reflection w/ PURE Nat.
        • Not sure if its required - In Plex app, set clients to Allow Insecure Connections to Always, and on the server, ensure that Settings -> Network -> Secure connections is set to Preferred.
        • Not sure if its required - In Plex Server custom server access URLs, add myplex.mydomain.org.

        Well, I gave it throrough shot a couple of years back, and there was some non-standard HTTP going on in the Plex client to Plex server coms, that HAproxy could not handle. The PLEX Web gui worked fine, but not iOS clients.
        I don’t know if this has gotten better - i seem to remember part of the issue back then was that PLEX had MAJOR issues with personal certificates instead of the built-in certificate solution done by plex themselves.
        So I will be following your thread for progress. Your plan is sound if it can be made to work.

        Love the no fuss of using the official appliances :-)

        1 Reply Last reply Reply Quote 0
        • W
          waffull
          last edited by

          Were you ever able to get this working? I've been struggling for a few weeks on this. HAProxy has been easy to configure for everything else, just not plex :(

          Thanks.

          M 1 Reply Last reply Reply Quote 0
          • M
            madbeefer @waffull
            last edited by

            @waffull
            I've been trying tot HAproxy to work how I want as well but I think I am missing a step.

            I can get it to work so long as I include the port number with the address. Which is what I was trying to avoid. I think the problem is that if youre using a port other than 80 or 443 it doesn't forward to those ports (e.g. 5055). The problem I seem to have is that I have a linux box with a handful of apps that all run on different ports. I could set one of them to 443 or another to 80 and I think HAproxy would work how I want, but that would really limit how many apps that box would be able to run. Unless I am missing some step.. With my understanding if plex is on its default 32400 then you couldn't go to plex.myhouse.com without adding the port to the end.. If I am wrong I would be happy to know where I am wrong and what I can do to fix it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post