I have set up my Plex to use a Nginx reverse proxy. By doing so, I have simplified the connection to my network services that are running on my server. I can now access my Plex installation simply by connecting to my server, just as I would do when connecting to any website.
Instead of accessing my Plex server using port 32400, with Nginx I can access Plex as I would connecting to any website. This means that I don't need to expose the standard Plex port 32400 from my server. Reducing how many ports that are exposed from my server reduces the attack surface if someone were to gain access to my network.
It was surprising easy to set up Plex to use a Nginx reverse proxy on my network. I will describe what I did in the sections below.
Keep in mind that I am using Windows, however, the steps outlined below should apply to any operating system supported by Plex.
Required software for Plex to use a Nginx reverse proxy
There isn't much that is required to set up Plex to use a Nginx reverse proxy. The good news is that all software is free, so anyone can set up Plex is this manner.
The software required is:
- The Nginx application is an open-source web server, load balancer and also a reverse proxy. The installation for Nginx is dependent on the operating system you are using. For my Windows server, I downloaded the zip file and extracted the file to a location on my server.
A good additional requirement to have is your own domain name. With a domain name you can then create a subdomain, such as plex.mydomain.com that you can use for your Plex instance.
In the steps below, I will use plex.mydomain.com, so you would just change that subdomain to whatever you choose.
Set up Nginx reverse proxy
Once Nginx is installed/extracted on your Plex Media server, you will now configure Nginx to manage all requests to your Plex installation.
The following steps explain how to configure Nginx to handle requests to the Plex server. In this case, the domain plex.mydomain.com is used to access Plex.
- Access the server and then navigate to the folder where Nginx was extracted. In the folder, navigate to the conf folder.
- Open the nginx.conf file in a text editor.
- Add the following text to that file. Replace plex.mydomain.com with the subdomain you wish to use to access your Plex server.
- Once the nginx.conf file has been changed, start the Nginx server.
- If no errors occur, you should be able to open Web browser and navigate to the subdomain you chose for your Plex server. The Plex web interface should be displayed.
Since the subdomain is considered a new Plex server connection, you will be required to authenticate the server.
The next step is to have all your Plex clients use the reverse proxy to connect to your Plex Media server.
Allow Plex clients to use the reverse proxy
At this point your reverse proxy should now be handling your Plex connections instead of going over Plex port 32400 directly. The one issue is that all your Plex clients will still connect to Plex through port 32400, bypassing the reverse proxy.
To have the Plex clients use the reverse proxy, you need to make a simple change on the Plex server.
The following steps outline the change:
- Open a Web browser and navigate to your Plex server - you can use the subdomain that you specified for your reverse proxy.
- Log into your Plex server as an administrator.
- Click the Settings - the wrench - in the upper-right corner of the Plex server page.
- On the left menu, click the Network option under the Settings section.
- Scroll down the page and in the Custom server access URLs edit box you will enter: http://plex.mydomain.com:80 (replace plex.mydomain.com with the subdomain you used for Nginx).
- Click the Save Changes button.
This will register your subdomain as being a valid address for your Plex instance. The subdomain will then be used by your Plex clients when they try to discover your Plex server.
Since your clients can now discover your Plex instance on port 80, you can now block access to port 32400 on the server. This reduces the number of ports that are open on the server, which does help reduce the attack surface.
This post detailed how to set up Plex to use a Nginx reverse proxy.