Plex behind IIS reverse proxy
Plex Media Server is ideal free replacement for out-dated Microsoft home media stack. To be honest it’s even more powerful and has some nice features we only dreamed about back in days. One example: remote access to home media. Plex in home network can be available also from public internet and this blog post covers some scenarios where Plex is running behing IIS reverse-proxy.
Before you start. This blog post expects from reader at least basic knowledge about computer networks, web servers and communication protocols used in web. Also skills on configuring routers and Microsoft Internet Information Server (IIS) are must-be. If you are not sure what these things are then instead of trying to do everything by yourself ask help by some good friend who knows computers better.
Introduction
Running Plex at home network and making it public from home network are supported scenarios. Making Plex available through reverse proxy can be challenging. On the following illustration there is Home Server that takes all HTTPS traffic forwarded by router, makes HTTPS offloading and based on rewrite rules proxies request to Plex Server running Plex and Tautulli or File & Download server that hosts some browser based download systems.
There are some scenarios where power users want to go with reverse proxy:
- One entry point to home network. There are multiple different web servers in home network but there’s only one point to access them. It can be the fact that user has regular SSL certificate for secure connections to web server hosted at home. Also it may come down to limits set by ISP.
- Features of big web server. Some users want to use powerful features provided by big servers like Apache, nginx and IIS. This is must be with Tautulli that doesn’t seem to ask any authentication. When exposed to public web then big web server takes care of authentication.
Servers in network
From this point on this writing uses following network addresses:
- 192.168.1.14 – Home Server with IIS installed and configured (media.mydomain.com)
- 192.168.1.22 – Plex server running in default port
Preparing IIS
On IIS we need the following things (IIS 8.0 or higher):
- URL Rewrite extension
- Application Request Routing (ARR) extension
- Valid SSL certificate
- SSL site ready and configured
It’s possible to skip ARR and SSL but I don’t recommend it due to security reasons. SSL certificates doesn’t usually come free, I know. But there are some providers who give free SSL certificates. Often these certificates expire after few months and need renewing. But, of course, security is optional, as we all know.
Enable Anonymous authentication. Plex server uses it’s own authentication and on server level we don’t need to involve here.
Configuring ARR
Open IIS Manager and click on server name in left pane. Click on ARR icon shown in red square.
From right pane select Server Proxy Settings shown in red rectangle.
Here are proxy settings to configure.
Save settings and close ARR settings pages.
Options for external access
Now it’s time to decide how to make Plex available for public. There are two options:
- Plex under domain root. Plex is available directly from https://plex.mydomain.com/. Choose this option if Plex is the only web that is accessible from internet.
- Plex under subfolder. Plex is available from https://home.mydomain.com/plex/. Choose this option if there’s one domain for home network but multiple web sites in that are made accessible from internet.
These two are sample decisions. I expect reader to know his or her home network enough to make some analysis and decide which way to go.
Plex bugs with subfolder! It seems like Plex is not very well prepared to run under subfolder. If user is not authenticated to Plex and root folder is password protected then password dialog prompts for three or four times. Closing it with pressing Escape works and nothing is really broken afterwards. When successfully logged in these prompts go away.
Plex under root domain
In IIS Manager open URL Rewrite settings of site that accepts requests from public web. Register the following server variables:
- HTTP_ACCEPT_ENCODING
- HTTP_X_ORIGINAL_ACCEPT_ENCODING
- Sybsystem
For this click on URL Rewrite icon and select View Server Variables.
Using Add link on right pane it’s possible to add allowed server variables. Without these rewrite rules will not work as all allowed server variables must be registered here.
On hard disk create web.config file to web server root. Copy and paste following XML to web.config and save it.
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" /> </system.web> <system.webServer> <rewrite> <rules> <clear /> <rule name="ReverseProxyInboundRule1" stopProcessing="true"> <match url="(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false" /> <action type="Rewrite" url="http://192.168.1.22:32400/{R:1}" /> <serverVariables> <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" /> <set name="HTTP_ACCEPT_ENCODING" value="" /> </serverVariables> </rule> </rules> <outboundRules> <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding"> <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="true" /> <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" /> </rule> <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1"> <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.1.22:32400/(.*)" /> <action type="Rewrite" value="http{R:1}://media.mydomain.com/{R:2}" /> </rule> <preConditions> <preCondition name="ResponseIsHtml1"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" /> </preCondition> <preCondition name="NeedsRestoringAcceptEncoding"> <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" /> </preCondition> </preConditions> </outboundRules> </rewrite> <urlCompression doStaticCompression="false" doDynamicCompression="false" /> </system.webServer> </configuration>
Try out if Plex is available through external URL of home network.
Plex under subfolder
On hard disk create subfolder under web root for Plex. Add web.config file and paste following XML to it.
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" /> </system.web> <system.webServer> <rewrite> <rules> <clear /> <rule name="ReverseProxyInboundRule1" stopProcessing="true"> <match url="(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false" /> <action type="Rewrite" url="http://192.168.1.22:32400/{R:1}" /> <serverVariables> <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" /> <set name="HTTP_ACCEPT_ENCODING" value="" /> </serverVariables> </rule> </rules> <outboundRules> <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding"> <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="true" /> <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" /> </rule> <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1"> <match filterByTags="A, Form, Img, Link, Script" pattern="^http(s)?://192.168.1.22:32400/(.*)" /> <action type="Rewrite" value="http{R:1}://home.mydomain.com/plex/{R:2}" /> </rule> <rule name="ReverseProxyOutboundRule2" preCondition="ResponseIsHtml1"> <match filterByTags="A, Form, Img, Link, Script" pattern="^\/web\/(.*)" /> <action type="Rewrite" value="https://media.mydomain.com/plex/{R:0}" /> </rule> <preConditions> <preCondition name="ResponseIsHtml1"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" /> </preCondition> <preCondition name="NeedsRestoringAcceptEncoding"> <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" /> </preCondition> </preConditions> </outboundRules> </rewrite> <urlCompression doStaticCompression="false" doDynamicCompression="false" /> </system.webServer> </configuration>
Save web.config file. In IIS Manager add new application under root web and point it to folder created before. Add same server variables in URL Rewrite settings as shown in previous point. Try out if Plex is available from public web.
Buggy URL-s! Like previously mentioned then due to Plex bugs some URL-s are not generated correctly. My list here:
- web/common/img/backgrounds/preset-dark.64cc1c942221cd2c153244bd8ecfb67a.png
- web/translations/en.json
- web/common/img/backgrounds/noise.8b05ce45d0df59343e206bc9ae78d85d.png
It’s possible to add additional rewrite rule for these URL-s in root site settings and avoid password prompts this way. If all users are known and the number is not big then there’s actually not much reason to bother about it.
Configuring Plex
Under Plex settings there are few things to configure:
- Settings => Remote Access: Set public port to 443 if you are using SSL
- Settings => Network: Set Custom server access URLs to either https://media.mydomain.com/ or https://home.mydomain.com/plex/ depending on which configuration you went.
Troubleshooting
If something goes wrong then information is in one of these places:
- Windows Event Log
- Trace files of IIS (usually c:\inetpub\logs ????)
If trace files are turned on but doesn’t appear then run iisreset.exe from command line as administrator.
I feel like you have taken the simplest piece of software available for home media access and done the most complicated thing possible to get it working. Just buy a plex pass – – if lots of clients are transcoding media from your server you will likely need hardware acceleration to handle the load, and you only get that with the pass anyway. It also comes with user management features that let you easily handle media sharing and permissions for both internet friends and internal users. They handle secure proxying for you through their servers to access yours, all you have to do is enable remote access.
I have enough power for transcoding and I’m sure Plex cloud has at least some annoying limits on this. It was horror experience to watch video when Plex cloud was on the way. It was slow, very laggy, connections timed out etc. After going with direct access these issues disappeared.
Thanks for this article I plan on using this with Emby media server. I thought about wap (web application proxy but I think I’m going with ARR.
If you know how WAP works and it’s good then go with it instead. I’m running Plex on my yesterday’s powerful laptop and it has Windows 10 Pro. So IIS + ARR is my only option when going with Microsoft solutions.
I have read your very helpful article at https://gunnarpeipman.com/various/plex-iis-reverse-proxy/
I run plex on my Windows Server Essentials 2016 with IIS installed.
Something doesnt work… after having finished your instruction, i CAN access
http(s)://www.mydomain.com:32400/plex. If I do not specify the port, I get a 404 not found.
If I set the port in plex to 443, it is no longer reachable. Port 443 and port 32400 are both forwarded to my server inside my router.
Can you help me to figure out what I am missing?
Thanks a lot!
Do you have port 443 allowed in your Plex machine firewall and can you access Plex through 443 when making direct request with no IIS on the way?
Does Plex have more bugs running under subfolder as of 2022?
Using your config results in some odd issues, on a server running Emby through a proxy with no issue, so it has ARR and URL rewrite
Suggestions?
It’s still problematic to get Plex running through reverse proxy. Not much has changed.
Great article, many thanks for that. Since your are an Azure fan and Microsoft MVP, maybe you can give a thought to my setup :-)
I am currently using the Azure AD Application proxy to make Plex available outside my network. From my perspective this has several advantages:
– with the Azure App proxy there is no need to open any port on my router, the app proxy connects outbound to the Azure backend. All external request to plex arrive in the Azure backend and are directed to the proxy server in my network through an open connection initiated by the proxy server itself
– I can use AAD authentication for plex as pre-authentication and could also use other security features like conditional access
So far so good the theory. I set everything and it works fine. I access the external address for plex, have to sign in to AAD and I am. Video streaming works as well in browser. Yet, there is a small but…
In browser it works fine but I would like that also the app works (and not rely on the plex builtin remote access). Yet, when i use the app externally the server is not found (you basically just have the plex.tv online stuff). I tried adding my external Plex DNS name to the plex server config “Custom server access URLs” but that didn’t help. I assume it is the AAD pre-authentication that the app cannot handle (but works of course in the browser) and thus shows the server to be not online/available when I am not in my local network.
Maybe you have an thoughts on that setup
Best regards
I have no experiences with hosting Plex behind app proxy. If it required AAD authentication then mobile apps probably can’t do it as they want to communicate with Plex API-s. AFAIK Plex apps are not wrappers around HTML+JS+CSS.
If there’s some URL pattern that API end-points follow then maybe it’s possible to make separate rules for apps?
I blog оften аnd І genuinely thank yoᥙ for your іnformation. The article һas trulʏ peaked
my interest. I will taкe book a car service near me note ᧐f үouг blog and keep checking for new details аbout οnce a week.
I opted inn ffor y᧐ur RSS feed too.
Great post but I was wanting to know if you could
write a litte more on this subject? I’d be very grateful if you could elaborate a
little bit further. Appreciate it!
Hi friends! This platform is definitely beneficial.
I suggest you purchase sidebar backlinks from virgool.io.
If you want to rank better, just text me on Telegram
@myd_80 or check out my SEO group @seoprem. The best telegram seo group
is there, and the magic of internal seo is for mehran yousefi.
We also have the best SEO backlinks services.
Hello folks! This discussion taught me a lot.
If you want to rank better, obtain sidebar backlinks from virgool.io.
You can DM me on Telegram @myd_80 or visit my SEO group
@seoprem. Remember, the magic of internal seo is for mehran yousefi, and
the best telegram seo group link is: https://virgool.io/@yousefimehran2001/گروه-تلگرام-سئو-j7scgevxnkxx. We’ve
also got guest posts for sale.
Greetings dear friend! This post guided me a lot. If you want to rank better, get sidebar backlinks from virgool.io.
You can DM me on Telegram @myd_80 or visit my SEO group @seoprem.
Remember, the magic of internal seo is for mehran yousefi, and the best telegram seo group link is: https://virgool.io/@yousefimehran2001/گروه-تلگرام-سئو-j7scgevxnkxx. We’ve also got guest posts for sale.
Greetings everyone! This piece was top-notch.
For better SEO, purchase sidebar backlinks from
virgool.io. If you seek top results, talk to me on Telegram @myd_80 or
stop by my SEO group @seoprem. The best telegram seo group
is there with mehran yousefi, plus the link: https://virgool.io/@yousefimehran2001/گروه-تلگرام-سئو-j7scgevxnkxx. We have guest posts for sale.
Hey SEO enthusiasts! This information was so thorough.
I suggest you get hold of sidebar backlinks from virgool.io.
If you want to rank better, text me on Telegram @myd_80 or come join my SEO group @seoprem.
Also, the best SEO backlinks services can be found with mehran yousefi.
The link is: https://virgool.io/@yousefimehran2001/گروه-تلگرام-سئو-j7scgevxnkxx. We
have guest posts for sale too.
https://www.youtube.com/channel/UCyt2dGrKTf9KpBk1jdUl3oA
روز بخير همه عزيزان، اين گزارش كاملاً منو تحت تأثير قرار
داد. يه پلتفرم خبري شگفتانگيز دارم كه اطلاعات معتبر و روزانه داره.
نگاهي بهش بنداز تا خبرهاي بهروز رو
از دست ندي.
سلام دوستان، اين پست كاملاً خاص بود.
يه منبع خبري معتبر پيدا كردم
كه خبرهاي هيجانانگيز و دقيق داره.
اگه دنبال اخبار جديد هستي، برو ببين.
Hello dear pals! This content was so valuable. I suggest you get sidebar backlinks from
virgool.io. If you want to rank better, contact me on Telegram @myd_80 or visit my SEO group
@seoprem. We have guest posts for sale. Also, the best telegram seo group and the magic of internal seo
is for mehran yousefi at https://virgool.io/@yousefimehran2001/گروه-تلگرام-سئو-j7scgevxnkxx.
هي همه عزيزان، دقيقاً اين محتوا منحصربهفرد بود.
يه منبع خبري فوقالعاده دارم كه خبرهاي بهروز
و موثقي داره. اگه هدفت اخبار بهروزه، زود سر
بزن.
Hello friends! I really enjoyed reading this.
For top-notch SEO, purchase sidebar backlinks from virgool.io.
If you want to rank better, text me on Telegram @myd_80 or visit my SEO group @seoprem.
Also, discover the best telegram seo group link at https://virgool.io/@yousefimehran2001/گروه-تلگرام-سئو-j7scgevxnkxx. The magic of internal seo is
for mehran yousefi. We have guest posts too.
سلام به همه همه عزيزان، فوقالعاده اين گزارش واقعاً بينظير بود.
يه وبسايت خبري معتبر پيدا كردم كه خبرهاي هيجانانگيز و دقيق داره.
اگه دنبال اخبار بهروز هستي، برو ببين.
Feel free tо visit my webb blog; {403|https://2serkan.ir/%d8%a8%d9%87%d8%aa%d8%b1%db%8c%d9%86-%d8%b1%d9%88%d8%b4-%d8%af%d8%a7%d9%86%d9%84%d9%88%d8%af-%d8%a7%d8%b2-%db%8c%d9%88%d8%aa%db%8c%d9%88%d8%a8-%d8%b1%d8%a7%d9%87%d9%86%d9%85%d8%a7%db%8c-%da%a9%d8%a7/
Howdy! Do you use Twitter? I’d like to follow you if that would be
okay. I’m undoubtedly enjoying your blog and look forward
to new posts.
When some one searches for his necessary thing, so he/she
wishes to be available that in detail, therefore that thing is
maintained over here.
My web-site binary options
سلام به همه علاقهمندان، مرور اين منبع فوقالعاده منو
جذب كرد. يه منبع خبري فوقالعاده دارمكه اخبار قابل اعتماد و جديدي داره.
اگه دنبال خبرهاي بهروز هستي، حتماً يه نگاه بنداز.
Ⅿy site: خبرهای معتبر روز
هي همه دوستان، همهی اين گزارش خيلي ارزشمند بود.
با يه سايت خبري عالي آشنا شدم كه اطلاعات دقيق و تازه داره.
اگه عاشق خبرهاي تازه هستي، يه نگاه بنداز.
My website; خبرگزاری حرفهای (Tom)
سلام به همه علاقهمندان، این پست کاملاً منو
به وجد آورد. با یه سایت خبری عالی آشنا شدم
كه اخبار جذاب و دقيقي داره.
اگه عاشق خبرهاي تازه هستي، حتماً يه
نگاه بنداز.
Feel frее to surf to my page – خبرنامه فارسی
هيجانانگيز خوانندگان، كاملاً اين خبر واقعاً منو شگفتزده كرد.
يه وبسايت خبري بينقص پيدا كردم كه اخبار جذاب و
دقيق داره. اگه ميخواي از اخبار موثق باخبر
شي، برو ببين.
My ѡeb site … مطالب خواندنی فارسی(2Serkan.Ir)
Excellent site you have here.. It’s hard to find high-quality writing like yours these days.
I really appreciate individuals like you! Take care!!
Heya i am for the first time here. I found this board and I find It really useful & it helped me out a
lot. I hope to give something back and aid others
like you helped me.