Reverse proxy for plex

knighthawk72 · April 15, 2024, 4:17pm

Hello. I'm trying to setup a reverse proxy for plex. I currently do not have any config files. Everything is currently done in docker-compose.yaml.

If I need to switch to using config files, which I think I've seen a reference to in my searching, how does it know how to read those? Does it just look at all yml files in /config?

I can see the reverse proxy for plex getting setup, the cert gets created, but when I try to connect it doesn't work. I don't think the reverse proxy knows how to connect to the internal server. You can see in my yaml file that I've tried a few different things.

How do I get the reverse proxy to connect to an internal resource?
If I need to use config yml files, how would I convert my existing docker-compse.yaml and what would I need to get this redirect working?

Any help is appreciated.

Thanks!

version: "3.9"
services:
  traefik:
    image: "traefik:v3.0"
    container_name: traefik
    hostname: traefik
    command:
#      - --log.level=DEBUG
      - --api.dashboard=true
      - --api.insecure=true
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --providers.docker.exposedByDefault=false
      - --api
      - --certificatesresolvers.le.acme.email=myuser@mydomain.com
      - --certificatesresolvers.le.acme.storage=./acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
    ports:
      - "80:80"
      - "443:443"
      - "8880:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.mydomain.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=le"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.users=myuser:password"
      # Plex
      - "traefik.http.routers.plex.rule=Host(`plex.mydomain.com`)"
      - "traefik.http.routers.plex.entrypoints=websecure"
      - "traefik.http.routers.plex.tls=true"
      - "traefik.http.routers.plex.tls.certresolver=le"
#      - "traefik.http.services.plex.loadbalancer.server.scheme=https"
      - "traefik.http.services.plex.loadbalancer.server.url=https://192.168.0.144:32400"
#      - "traefik.http.services.plex.loadbalancer.server.ip=192.168.0.144"
#      - "traefik.http.services.plex.loadbalancer.server.port=32400"
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    restart: unless-stopped
    networks:
      - proxy


  whoami:
    # A container that exposes an API to show its IP address
    image: traefik/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
    ports:
      - 8088:80
    networks:
      - proxy

networks:
  proxy:
    external: true
    name: proxy

bluepuma77 · April 15, 2024, 8:06pm

With labels on Traefik you can not forward to another container, for that you need a dynamic config file. Check simple Traefik forward example, but note it’s written for Docker Swarm (using deploy section).

You might want to make clear which ports Plex really needs for all the media streaming features.

knighthawk72 · April 15, 2024, 9:01pm

Thanks bluepuma77.

I see this is how you "call" the config files:
configs:
traefik-dynamic.yml:
file: ./traefik-dynamic.yml

How do you specify specific ports that the external server requires? Would that be just adding the port onto the url line?

url: https://www.ecosia.org:8080 (for example)

Thanks

bluepuma77 · April 16, 2024, 5:45am

Static config can be in traefik.yml or command:, dynamic config for external forward needs to be in a dynamic config file, which is loaded via providers.file in static config.

For an additional port, you need to open the port in docker-compose.yml, you need to create an entrypoint and a matching pair of router/service with correct target IP:port (or servicename:port)

knighthawk72 · April 17, 2024, 1:24pm

Hello. Unfortunately I am still struggling with this. I'm surprised I cannot find example configs of plex redirection through traefik. I would have thought it would been common.

I added this to my docker-compose.yaml:

  configs:
    plex.yml:
      file: ./config/plex.yml

I created a plex.yml under config:

http:
  services:
    plex:
      loadBalancer:
        servers:
          - url: "192.168.0.144:32400"
          - passHostHeader: true

Obviously I'm missing a lot.

Should all of this somehow be in the plex.yml file? Any chance I could get some help with that conversion?

      - "traefik.http.routers.plex.rule=Host(`plex.mydomain.com`)"
      - "traefik.http.routers.plex.entrypoints=websecure"
      - "traefik.http.routers.plex.tls=true"
      - "traefik.http.routers.plex.tls.certresolver=le"
#      - "traefik.http.services.plex.loadbalancer.server.scheme=https"
      - "traefik.http.services.plex.loadbalancer.server.url=https://192.168.0.144:32400"
#      - "traefik.http.services.plex.loadbalancer.server.ip=192.168.0.144"
#      - "traefik.http.services.plex.loadbalancer.server.port=32400"

Many thanks.

bluepuma77 · April 17, 2024, 3:49pm

You always need a router and a service:

http:
  routers:
    plex:
      rule: Host(`plex.example.com`)
      service: plex

  services:
    plex:
      loadBalancer:
        servers:
          - url: http://192.168.0.144:32400

knighthawk72 · April 17, 2024, 7:22pm

Thanks, I'll give that a try.

Do these lines stay under labels in the docker-compose.yaml?

      - "traefik.http.routers.plex.rule=Host(`plex.mydomain.com`)"
      - "traefik.http.routers.plex.entrypoints=websecure"
      - "traefik.http.routers.plex.tls=true"
      - "traefik.http.routers.plex.tls.certresolver=le"

bluepuma77 · April 18, 2024, 5:50am

Labels are placed on target service containers.

They look ok, but can be improved:

No need for tls=true when assigning certresolver
simplify by assigning certresolver globally on entrypoint
Highly recommend to add the desired target port

Compare to simple Traefik example.

knighthawk72 · April 18, 2024, 3:19pm

bluepuma77,

Thank you. This worked. I will take a look at your other suggestions. Your second two will take me some research to figure out what you mean.

Thanks!!

Topic		Replies	Views
Container with https internal connection Traefik v2 docker	7	3393	October 9, 2021
Proxy to external service Traefik v2 docker , file	1	4822	July 13, 2021
Traefik reverse proxy doesn't work Traefik v2 docker	3	629	July 1, 2021
Traefik config not working Traefik v2 file	10	2226	June 29, 2023
Using Traefik as a Reverse Proxy with Certificates Signed by My Own PKI Traefik v3 (latest) docker	7	1099	June 17, 2024

Reverse proxy for plex

Related topics