How to Set Up Plex to Use a Nginx Reverse Proxy

I have set up my Plex to use a Nginx reverse proxy. By doing so, I have simplified the connection to my network services that are running on my server. I can now access my Plex installation simply by connecting to my server, just as I would do when connecting to any website.

How to Set Up Plex to Use a Nginx Reverse Proxy

Instead of accessing my Plex server using port 32400, with Nginx I can access Plex as I would connecting to any website. This means that I don't need to expose the standard Plex port 32400 from my server. Reducing how many ports that are exposed from my server reduces the attack surface if someone were to gain access to my network.

It was surprising easy to set up Plex to use a Nginx reverse proxy on my network. I will describe what I did in the sections below.

Keep in mind that I am using Windows, however, the steps outlined below should apply to any operating system supported by Plex.

Required software for Plex to use a Nginx reverse proxy

There isn't much that is required to set up Plex to use a Nginx reverse proxy. The good news is that all software is free, so anyone can set up Plex is this manner.

The software required is:

Nginx
The Nginx application is an open-source web server, load balancer and also a reverse proxy. The installation for Nginx is dependent on the operating system you are using. For my Windows server, I downloaded the zip file and extracted the file to a location on my server.

Additional requirements

A good additional requirement to have is your own domain name. With a domain name you can then create a subdomain, such as plex.mydomain.com that you can use for your Plex instance.

In the steps below, I will use plex.mydomain.com, so you would just change that subdomain to whatever you choose.

Set up Nginx reverse proxy

Once Nginx is installed/extracted on your Plex Media server, you will now configure Nginx to manage all requests to your Plex installation.

The following steps explain how to configure Nginx to handle requests to the Plex server. In this case, the domain plex.mydomain.com is used to access Plex.

  1. Access the server and then navigate to the folder where Nginx was extracted. In the folder, navigate to the conf folder.
  2. Open the nginx.conf file in a text editor.
  3. Add the following text to that file. Replace plex.mydomain.com with the subdomain you wish to use to access your Plex server.
    http {
        server {
            listen 80;
            server_name plex.mydomain.com;
            set $plex http://127.0.0.1:32400;
            gzip on;
            gzip_vary on;
            gzip_min_length 1000;
            gzip_proxied any;
            gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
            gzip_disable "MSIE [1-6]\.";
    
            # Forward real ip and host to Plex
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            #When using ngx_http_realip_module change $proxy_add_x_forwarded_for to '$http_x_forwarded_for,$realip_remote_addr'
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
            proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
            proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
    
            # Websockets
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    
            # Buffering off send to the client as soon as the data is received from Plex.
            proxy_redirect off;
            proxy_buffering off;
    
            location / {
                proxy_pass $plex;
            }                
        }
    }
  4. Once the nginx.conf file has been changed, start the nginx server.
  5. If no errors occur, you should be able to open Web browser and navigate to the subdomain you chose for your Plex server. The Plex web interface should be displayed.

    Since the subdomain is considered a new Plex server connection, you will be required to authenticate the server.

The next step is to have all your Plex clients use the reverse proxy to connect to your Plex Media server.

Allow Plex clients to use the reverse proxy

At this point your reverse proxy should now be handling your Plex connections instead of going over Plex port 32400 directly. The one issue is that all your Plex clients will still connect to Plex through port 32400, bypassing the reverse proxy.

To have the Plex clients use the reverse proxy, you need to make a simple change on the Plex server.

The following steps outline the change:

  1. Open a Web browser and navigate to your Plex server - you can use the subdomain that you specified for your reverse proxy.
  2. Log into your Plex server as an administrator.
  3. Click the Settings - the wrench - in the upper-right corner of the Plex server page.
  4. On the left menu, click the Network option under the Settings section.
  5. Scroll down the page and in the Custom server access URLs edit box you will enter: http://plex.mydomain.com:80 (replace plex.mydomain.com with the subdomain you used for Nginx). Custom server access URLs field in Plex.
  6. Click the Save Changes button.

This will register your subdomain as being a valid address for your Plex instance. The subdomain will then be used by your Plex clients when they try to discover your Plex server.

Since your clients can now discover your Plex instance on port 80, you can now block access to port 32400 on the server. This reduces the number of ports that are open on the server, which does help reduce the attack surface.

This post detailed how to set up Plex to use a Nginx reverse proxy.