Plex reverse proxy

How to setup a reverse proxy for Plex

Server block configuration

/etc/nginx/sites-available/plex.wildw1ng.com.conf

server {
    listen 443 ssl;
    http2  on;
    
#   listen [::]:443 ssl http2;

    server_name plex.wildw1ng.com;

    rewrite     https://$host$request_uri?  permanent;

    error_log   /var/log/nginx/plex.wildw1ng.com.error.log;
    access_log  /var/log/nginx/plex.wildw1ng.com.access.log;

    # These are the paths to your generated Let's Encrypt SSL certificates.
    ssl_certificate /etc/letsencrypt/live/wildw1ng.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/wildw1ng.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_session_cache   shared:SSL:60m;

    location / {
        # IP address of Plex Media Server
        proxy_pass http://10.0.1.11:32400;
        proxy_buffering     off;
        proxy_redirect      off;
        proxy_http_version  1.1;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Upgrade         $http_upgrade;
        proxy_set_header    Connection      $http_connection;
        proxy_cookie_path   /web/           /;
        # access_log          off;
	}
        
	error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

    # Anti-MIME-Sniffing header
    add_header X-Content-Type-Options nosniff;

    # Anti-ClickJacking Header
    add_header  X-Frame-Options "SAMEORIGIN" always;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /etc/letsencrypt/live/wildw1ng.com/chain.pem; # managed by Certbot
    
    # OCSP stapling
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}

server {
	if ($host = plex.wildw1ng.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot
	listen       80;
#   	listen  [::]:80;
	server_name  plex.wildw1ng.com;
	return 404; # managed by Certbot
}

Create symlink to enable the site

ln -s /etc/nginx/sites-available/plex.wildw1ng.com.conf /etc/nginx/sites-enabled/plex.wildw1ng.com.conf

Check nginx configuration file syntax

nginx -t

Restart service

systemctl restart nginx.service

Configuring the Plex Media Server

Browse to http://localhost:32400/web/

Settings > Network

plex-custom-server-access-url Within the field Custom Server Access URL’s add http://plex.wildw1ng.com:80,https://plex.wildw1ng.com:443

plex-secure-connections Also make sure to change the Secure Connections setting to ‘Preferred’.

Unlink the active symlink to disable the site

unlink /etc/nginx/sites-enabled/plex.wildw1ng.com.conf