Issue with { transparent } and Plex IP reporting

alexandzors · January 24, 2019, 3:46pm

Ok so I’ve been using caddy to proxy most of my stuff through https. And its been fine. Though for some reason my plex proxy has stopped reporting remote IPs to my Tautulli db and instead its listing the IP for each user that uses my plex.domain.net url as the caddy server IP. This also bypasses bandwidth protections as plex thinks its a local connection and not remote.

Directive:

plex.domain.net {
        gzip
        header / {
            Content-Security-Policy
            default-src "*"
            X-Frame-Options "DENY"
            X-Content-Type-Options "nosniff"
            X-XSS-Protection "1; mode=block"
            Strict-Transport-Security "max-age=31536000;"
            Referrer-Policy "same-origin"
            Feature-Policy "self"
        }
        timeouts none
        tls certs@domain.net
        proxy / 10.9.9.47:32400 {
                transparent
        }
}

And according to the docs { transparent } is supposed to forward the remote ip “X-Real-IP {remote}”.

Its odd because it is working for my other proxy directives but for plex its not forwarding the remote IP.

alexandzors · January 24, 2019, 8:58pm

More digging. I replaced transparent with what its supposed to do from the docs and that fixed it for everyone except one of my users who is still showing the IP of the server running caddy.

He checked and his WAN ip is apparently IPv6. Does caddy not pass IPv6 to backend?

alexandzors · January 24, 2019, 9:47pm

Okay so apparently I had to tell Cloudflare to overwrite IPv6 REAL-IP header with a pseudo IPv4 address to pass onto caddy which can then be passed to plex.

Plex ignores the REAL-IP header if it sees an IPv6 address and just tosses either the IPv4 loopback or the IP of the host that passed it the IPv6 address…

animosity22 · January 25, 2019, 2:15pm

Do your local (same subnet users) report 127.0.0.1 or a local IP address?

What’s your final config look like?

I have the issue that my local subnet reports 127.0.0.1 as Plex ignores it for whatever reason. I had a post on the plex forums and no response there as I’m sure it isn’t a Caddy issue. I was curious if you are doing the same and seeing something different.

alexandzors · January 25, 2019, 3:13pm

All of my local clients report their correct local IP. Are your clients using the external domain to connect? And have you tried using app.plex.tv/web to see if it logs the correct ip?

animosity22 · January 25, 2019, 3:23pm

What’s your final config look like though?

Are you blocking 32400 locally as well as I make my internal clients use the proxy as well. If you aren’t doing that, local clients won’t use the proxy and just use the local 32400 and report back properly.

I use this

Note adding allowLocalhostOnly="1" to your Preferences.xml, will make Plex only listen on the localhost, achieving the same thing as using a firewall and this is what I use in my configuration.

So it only listens on localhost on 32400.

felix@gemini:/var/lib/plexmediaserver/Library/Application Support/Plex Media Server$ netstat -an | grep 32400
tcp        0      0 127.0.0.1:32400         0.0.0.0:*               LISTEN

alexandzors · January 25, 2019, 3:29pm

I have port 32400 forwarded on the VM that runs Plex as forcing clients to use the RP internally was kind of redundant. Only external clients connect through the reverse proxy.

plex.domain.net {
        gzip
        header / {
            Content-Security-Policy
            default-src "*"
            X-Frame-Options "DENY"
            X-Content-Type-Options "nosniff"
            X-XSS-Protection "1; mode=block"
            Strict-Transport-Security "max-age=31536000;"
            Referrer-Policy "same-origin"
            Feature-Policy "self"
        }
        timeouts none
        tls certs@domain.net
        proxy / 10.9.9.47:32400 {
                websocket
                header_upstream Host {host}
                header_upstream X-Real-IP {remote}
                header_upstream X-Forward-For {remote}
                header_upstream X-Forward-Proto {scheme}
        }
}

That is what my caddyfile contains for Plex currently.

I’d post my plex vm config but its running Windows Server 2019 and atm I don’t have ssh setup for it yet.

animosity22 · January 25, 2019, 3:35pm

Yeah, so you aren’t seeing the same thing I am as your config lets them connect internally.

That helps though as I was seeing if you had some magic that I had not seen yet. My external clients are all fine as it’s only any private subnet that plex ignores. I can see every proxy (NGINX/Cadddy) pass over the right IP information but plex drops that only for the private address ranges and uses 127.0.0.1. It’s annoying but doesn’t matter that much.

alexandzors · January 25, 2019, 3:39pm

Yeah, I restrict bandwidth to remote connections but allow all of my local clients unrestricted access (no bandwidth restrictions) to Plex.

But as long as your external clients are reporting correctly it shouldn’t matter to much which IP is being reported for local clients, if each user has their own home profile. If you like to track usage via Tautulli.

animosity22 · January 25, 2019, 3:42pm

Yep, I went through testing out Cloudflare and had the same fun you had noted. I don’t use any bandwidth limiting (Yeah Verizon FIOS) as that requires deep analysis to work properly and I use cloud storage for my media so that’s not an option to have that on

alexandzors · January 25, 2019, 3:44pm

My bandwidth restrictions are to the extent of only allowing remote streams a max quality of 1080@8mbps.

But yeah that IPv6 issue was such a headache for awhile.

system · April 25, 2019, 3:44pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.