this post was submitted on 04 Oct 2023

28 points (86.8% liked)

Selfhosted

39151 readers

887 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Plex behind cloudflare tunnel (lemmy.ml)

submitted 11 months ago by anytimesoon@lemmy.ml to c/selfhosted@lemmy.world

23 comments fedilink hide all child comments

I currently have my Plex server open to the world. I realise that's probably not best practice, so I'm trying to find a solution that can work for me.

I've been looking at cloudflare tunnels and it seems like thats probably what I want. Giving me access to my home server from outside. And it's free, which is a nice perk

I've noticed however that the terms of service don't allow for video streaming, but is allowed in the paid tier. Before I commit to spending money, I'm curious if it's even technically possible. Plex tends to phone home to allow users to authenticate and locate their servers, so is that possible through tunnels?

Is this a waste of time? Is there a better solution? How are others dealing with this problem?

top 23 comments

sorted by: hot top controversial new old

[–] user224@lemmy.sdf.org 14 points 11 months ago (2 children)

I’ve noticed however that the terms of service don’t allow for video streaming

I may be wrong, but are you sure that's still the case?
There used to be clause 2.8

...Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service...

However this has been removed from the current version of ToS: https://www.cloudflare.com/terms/

Again, I may be wrong, I am often wrong, it's possible I missed something ¯\_(ツ)_/¯

[–] billwashere@lemmy.world 9 points 11 months ago

I agree … it sure looks gone to me.

Interesting.

[–] Kekin@lemy.lol 5 points 11 months ago

So far this is the only place I've seen mentioned regarding video streaming, that is still up anyway:

https://developers.cloudflare.com/support/more-dashboard-apps/cloudflare-stream/delivering-videos-with-cloudflare/

It's not entirely clear and I don't know if this is outdated or not.

I was using their proxy for video streaming for a while, but stopped cause I would rather not risk it. Maybe for personal use it could be ok

[–] SexualPolytope@lemmy.sdf.org 12 points 11 months ago (1 children)

If you want a free solution, wireguard and tailscale are your friends. It you're willing to pay, get a cheap VPS (the one I use for this is from RackNerd for ~$12/yr). It'll make the process very user friendly if you're planning to share it with others.

[–] anytimesoon@lemmy.ml 1 points 11 months ago (1 children)

Tailscale is another one I've heard of but haven't looked much into it.

This article put me off a bit. Seems like an unnecessarily complicated setup https://www.jjpdev.com/posts/plex-media-server-tailscale/

That racknerd price for a vps sounds too good to be true!

[–] SexualPolytope@lemmy.sdf.org 1 points 11 months ago* (last edited 11 months ago) (1 children)

You don't actually need to do reverse proxy while using tailscale. You can just use ports as if you're on a local network.

The price is super low, but it's been very reliable. Will highly recommend. You can see their current offers here.

[–] anytimesoon@lemmy.ml 0 points 11 months ago (1 children)

You can just use ports as if you're on a local network.

This is the bit I find confusing. Doesn't Plex need that port to be open to the outside world?

Or is your setup only open to devices on your private tailscale network and therefore seeing it as local?

If that's the case, I'll need to see if tailscale can work with osmc, since that's what I have running on my raspi behind my tv

[–] SexualPolytope@lemmy.sdf.org 3 points 11 months ago* (last edited 11 months ago)

For tailscale/wireguard, you just need to open the port in your machine as if you're using it locally. No need to forward port in your router. For all intents and purposes, you can treat all devices in your tailscale network as if they were local devices.

[–] Alk@lemmy.world 10 points 11 months ago (1 children)

I have my plex accessible from outside, but only to plex users I add. It's not like anyone can just get my IP and watch my content.

[–] kungen@feddit.nu 10 points 11 months ago (1 children)

There are many crawlers, and I'm confident at least a couple have tried to connect to your server (unless you have an IP firewall, or if you've changed Plex Media Sever's default port, in which case significantly less likely).

I assume it's not really about them watching content, but to avoid them exploiting any possible PMS bugs.

[–] keyez@lemmy.world 2 points 11 months ago

I have plex open on my pfsense to US only IPs and see lots of requests blocked from overseas crawlers and some curls from the US, I moved it to a different external port and nothing but expected traffic after that.

[–] Mugmoor@lemmy.dbzer0.com 7 points 11 months ago

Plex isn't allowed on Cloudflare. Itll work, but you'll get your account flagged.

Use Tailscale instead.

[–] Boring@lemmy.ml 6 points 11 months ago* (last edited 11 months ago)

Personally I'd just spin up a wireguard container with a GUI, user friendly and you can add anyone to your VPN in like 2 minutes wherever you are.

Most advanced part would be forwarding port 51820

[–] Decronym@lemmy.decronym.xyz 3 points 11 months ago* (last edited 11 months ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
IP	Internet Protocol
Plex	Brand of media server package
VPN	Virtual Private Network
VPS	Virtual Private Server (opposed to shared hosting)

4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

[Thread #187 for this sub, first seen 4th Oct 2023, 22:55] [FAQ] [Full list] [Contact] [Source code]

[–] MonitorZero@lemmy.world 1 points 11 months ago

Good bot

[–] camr_on@lemmy.world 3 points 11 months ago* (last edited 11 months ago) (2 children)

My understanding is that cloudflare will block you from doing this if/when they detect you doing it, someone correct me if I'm wrong.

Off the top of my head, would a tailscale funnel work for what you want? Serving Plex to the Internet without port forwarding?

Actually with Plex, I'm not sure you even need to expose it at all. People can reach your server via the Plex app as long as it's connected to Plex servers, they don't need to reach the site actually hosted on your hardware

[–] kungen@feddit.nu 2 points 11 months ago* (last edited 11 months ago)

Without direct connection, PMS uses Plex Relays, which limit streams to like 320p.

[–] smegger@aussie.zone 1 points 11 months ago (1 children)

Pretty sure it needs at least one port forwarded to make use of plex remotely

[–] anytimesoon@lemmy.ml 1 points 11 months ago

Yes, there's the one open port that is required. Otherwise your traffic gets routed through Plex servers and the streams are limited to pretty poor quality video

[–] ShellMonkey@lemmy.socdojo.com 1 points 11 months ago (1 children)

I really should look into these cloudflare tunnels people keep speaking of. A simple enough solution is to host a VPN server of your choice with cert and pass and it'll make it pretty well impossible to reach by anyone without the required creds.

[–] astraeus@programming.dev 1 points 11 months ago* (last edited 11 months ago) (1 children)

Just make sure you keep in mind that security with Cloudflare is not 100%, you may need to do a bit more on your ends to keep things locked down.

https://thehackernews.com/2023/10/researcher-reveal-new-technique-to.html?m=1

I’m not entirely sure this affects Tunnels, but it’s good to make sure if you plan to use that service.

[–] Apollo2323@lemmy.dbzer0.com 1 points 11 months ago* (last edited 11 months ago) (1 children)

That was recently discovered , I am certain that Cloudfare will fix it as soon as possible.

[–] astraeus@programming.dev 1 points 11 months ago

I agree that they will probably resolve this sooner than later, I prefer Cloudflare for a lot of things. I point this out because if you are working with sensitive/personal data that you want secure, you may want to do some due diligence to make sure it stays secure.