Need help with Cloudflare setup/configration | PlexGuide.com

Need help with Cloudflare setup/configration

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

hooper

Governer
Original poster
Staff
Donor
Aug 1, 2018
310
119
wondering if anyone here is using plexguide with cloudflare. Any pointers on the setup? I tried the config (based on instructions here) and had intermittent connectivity issues. I had to revert back to my plain godaddy config instead.
 

hawk2g

Active
May 2, 2018
38
21
I have cloudflare running on 2 of my servers. What do you need help with exactly?
 
  • Like
Reactions: 1 user
S

subse7en

Guest
wondering if anyone here is using plexguide with cloudflare. Any pointers on the setup? I tried the config (based on instructions here) and had intermittent connectivity issues. I had to revert back to my plain godaddy config instead.
You need to disable page caching by putting in page rules. Had gateway and ssl problems until I did this. Otrherwise nothing else needed to be done.
 
  • Like
Reactions: 1 user

benjp2k1

Active
Staff
Oct 1, 2018
39
3
You need to disable page caching by putting in page rules. Had gateway and ssl problems until I did this. Otrherwise nothing else needed to be done.
I’ve not had to do this.

I have an A record for the plex subdomain with cloudflare proxy enabled (orange cloud) and a non-proxied wildcard (available in free edition - only proxied is a paid feature) for everything else. As such, only plex does any caching.
 
S

subse7en

Guest
Did you look at the traefik logs

sudo docker logs -f traefik

You may see

/etc/traefik/acme/acme.json are too open, please use 600
 

hooper

Governer
Original poster
Staff
Donor
Aug 1, 2018
310
119
Ok, so I am able to get cloudflare to almost work. It works with everything that is proxied on https port 443. However, the plex config used here does not do that. We need to disable the plex remote access feature and also have plex advertised on port 443 for this to truly work.

We need something like https://plex.${DOMAINNAME}:443 appended to the ADVERTISE_IP environment variable in the plex docker container when a cloudflare config is enabled in Traefik.
 
  • Like
Reactions: 1 user

beats

Active
Staff
Oct 10, 2018
36
23
Are you trying to route playback through cloudflare @hooper?
I would like playback (direct ideally) routed through cloudflare to get around some of the routing issues Hetzner has from USA as it will get routed via their servers which can make a big difference. I have seen steps to do this via nginx but I am new to traefik. I dont need cloudflare to cache anything as that adds a lot of extra complexity and cloudflares cache of large files is very short lived.
 
  • Like
Reactions: 1 user

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,116
Ok, so I am able to get cloudflare to almost work. It works with everything that is proxied on https port 443. However, the plex config used here does not do that. We need to disable the plex remote access feature and also have plex advertised on port 443 for this to truly work.

We need something like https://plex.${DOMAINNAME}:443 appended to the ADVERTISE_IP environment variable in the plex docker container when a cloudflare config is enabled in Traefik.
good suggestion, what the end state is, let me know and i can program it overtime.
 

hooper

Governer
Original poster
Staff
Donor
Aug 1, 2018
310
119
Are you trying to route playback through cloudflare @hooper?
I would like playback (direct ideally) routed through cloudflare to get around some of the routing issues Hetzner has from USA as it will get routed via their servers which can make a big difference. I have seen steps to do this via nginx but I am new to traefik. I dont need cloudflare to cache anything as that adds a lot of extra complexity and cloudflares cache of large files is very short lived.
Exactly this. If playback is running over 443 then it can be routed through the cloudflare CDN. Here are the ports supported by Cloudflare https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-Cloudflare-work-with-
 
  • Like
Reactions: 1 users

beats

Active
Staff
Oct 10, 2018
36
23
Here a few tutorials for some pointers for integration:

https://quickbox.io/knowledgebase/set-up-a-cdn-for-plex-with-cloudflare-nginx/ (although its primarily for 2 ip boxes)

https://www.reddit.com/r/PleX/comments/7rs153/_/dt0c2he
https://github.com/toomuchio/plex-nginx-reverseproxy

I will have a gander at how traefik works and a think on how it could work as I have never used it before until now. Initially thinking we would need a second A record such as plexproxy.domain.tld which maps to the port of plex then change the server details like the first guide. I think traefik supports http2 which would help but not sure if traefik has a similar var as:

https://www.reddit.com/r/PleX/comments/7rs153/_/dt0hlzx
 

beats

Active
Staff
Oct 10, 2018
36
23
Okay so
  • I enabled cloudflare proxy (and disabled caching on plex.domain.tld via a page rule)
  • Then went into the Plex server config page
  • Disabled remote access
  • Enabled advanced settings
  • Changed Network->Custom server access URLs to https://plex.domain.tld:443
  • Playback works and appears to go via Cloudflare according to my network monitoring
I played back using the Plex Media Player desktop app so I am not sure how well this works via other old smart tv's or other clients but initially it worked at least as I cant see any connections to my server direct from my client.
Traefik would also probably need a tweak to:
https://docs.traefik.io/configuration/commons/#responding-timeouts
for the idle part (not 100m though, thats crazy) and I have not dug in to see if this can be set specifically for only the plex instance (still learning traefik and docker interactions)

Like I said this is just an initial first "will it work in ideal conditions" test and I have not tried browser playback etc yet.
 
  • Like
Reactions: 1 user

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,116
Okay so
  • I enabled cloudflare proxy (and disabled caching on plex.domain.tld via a page rule)
  • Disabled remote access
  • Enabled advanced settings
  • Changed Network->Custom server access URLs to https://plex.domain.tld:443
  • Playback works and appears to go via Cloudflare according to my network monitoring
I played back using the Plex Media Player desktop app so I am not sure how well this works via other old smart tv's or other clients but initially it worked at least as I cant see any connections to my server direct from my client.
Traefik would also probably need a tweak to:
https://docs.traefik.io/configuration/commons/#responding-timeouts
for the idle part (not 100m though, thats crazy) and I have not dug in to see if this can be set specifically for only the plex instance (still learning traefik and docker interactions)
thanks truly. i'll start what i can along with the vpn and a few other crazy ideas. i'm getting caught on chasing deploying google gce automated from another machine, basically you don't have to go through all the steps :D
 
  • Like
Reactions: 1 user

hooper

Governer
Original poster
Staff
Donor
Aug 1, 2018
310
119
Okay so
  • I enabled cloudflare proxy (and disabled caching on plex.domain.tld via a page rule)
  • Then went into the Plex server config page
  • Disabled remote access
  • Enabled advanced settings
  • Changed Network->Custom server access URLs to https://plex.domain.tld:443
  • Playback works and appears to go via Cloudflare according to my network monitoring
I played back using the Plex Media Player desktop app so I am not sure how well this works via other old smart tv's or other clients but initially it worked at least as I cant see any connections to my server direct from my client.
Traefik would also probably need a tweak to:
https://docs.traefik.io/configuration/commons/#responding-timeouts
for the idle part (not 100m though, thats crazy) and I have not dug in to see if this can be set specifically for only the plex instance (still learning traefik and docker interactions)

Like I said this is just an initial first "will it work in ideal conditions" test and I have not tried browser playback etc yet.
I am going to test this on my sandbox system this weekend. I can't wrap my mind around how this will work if the docker isn't explicitly allowing port 443.

Also, in cloudflare do you have a DNS entry for your plex system (plex.domain.tld) and is the DNS/HTTP proxy enabled with the orange icon?
 

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,116
I am going to test this on my sandbox system this weekend. I can't wrap my mind around how this will work if the docker isn't explicitly allowing port 443.

Also, in cloudflare do you have a DNS entry for your plex system (plex.domain.tld) and is the DNS/HTTP proxy enabled with the orange icon?
i honestly don't use cloudflare. just toss up a server, godaddy it and call it a day :D
 

hooper

Governer
Original poster
Staff
Donor
Aug 1, 2018
310
119
The thing with cloudflare is that you get an optimized network - basically, it has been properly peered for you from the get-go.
 

beats

Active
Staff
Oct 10, 2018
36
23
I am going to test this on my sandbox system this weekend. I can't wrap my mind around how this will work if the docker isn't explicitly allowing port 443.

Also, in cloudflare do you have a DNS entry for your plex system (plex.domain.tld) and is the DNS/HTTP proxy enabled with the orange icon?
Docker isnt enabling 443, its only opening the plex ports, traefik is pointing the plex.domain.tld traffic on 443 to 32400. As far as plex server thinks you are accessing it on 32400 not 443. The server settings I changed reports to the Plex.tv hosted system how to access the server and the clients pull that info when you login. I did half think remote access being turned off would disable it but it does work.

Yeah the orange icon is enabled, I have been using Cloudflare for various things for work for years now, I just wish they would give you more than 3 page rules on the free account, it used to be higher. I have used pro/business before for work.

i honestly don't use cloudflare. just toss up a server, godaddy it and call it a day :D
As @hooper says, basically its getting around a lot of weird routing issues with double payment hell that comes from ISP's primarily in the US but its getting more common in the EU as well. They want you to pay for internet access as an end user then they want data centres to pay to link into their network or you get a congested route with a lot of hops. Cloudflare basically pays for that part as thats their whole point as a cdn and they have tier 1 (I think) access to a lot of internet exchanges around the world removing the routing issues for free.
If things were hosted on AWS for example that wouldnt be an issue as likewise AWS pays for as direct a connection as possible to avoid their customers moving off due to performance issues. Its amazing cloudflare do it for free but since they do we may as well take advantage of their POP distro network for routing fixes.


I personally cant stand GoDaddy, they need to burn in hell in so so many ways from their terrible security to their support. Cloudflare has one of the fastest dns services in the world for publishing your records and its free.
 
Last edited:

timekills

VIP
Staff
Donor
Sep 12, 2018
368
193
Okay so
  • I enabled cloudflare proxy (and disabled caching on plex.domain.tld via a page rule)
  • Then went into the Plex server config page
  • Disabled remote access
  • Enabled advanced settings
  • Changed Network->Custom server access URLs to https://plex.domain.tld:443
  • Playback works and appears to go via Cloudflare according to my network monitoring
I played back using the Plex Media Player desktop app so I am not sure how well this works via other old smart tv's or other clients but initially it worked at least as I cant see any connections to my server direct from my client.
Traefik would also probably need a tweak to:
https://docs.traefik.io/configuration/commons/#responding-timeouts
for the idle part (not 100m though, thats crazy) and I have not dug in to see if this can be set specifically for only the plex instance (still learning traefik and docker interactions)

Like I said this is just an initial first "will it work in ideal conditions" test and I have not tried browser playback etc yet.
Adding the
to the Plex server network settings worked for me as well.
I had been using Cloudflare through Traefik using the CDN (Content Delivery Network) | PlexGuide.com instructions. They worked, although I'd get intermittent server not available issues and I'm not certain the traffic was all routed through port 443.

The only rules I have for the plex.domain.tld settings in Cloudflare (https://plex.domain.tld/* - the asterisk at the end is IMPORTANT so there are no conflicts between some parts being proxied and other not) are
  • SSL: Full
  • Cache level: bypass
I also use it to speed access to SOME applications:
  1. Notably I *don't* use it for those that require the FQDN in another application. I.E. I don't use it for SabNZBD, because when I enter sabnzbd.comain.tld inside Sonarr or Radarr it causes issues when it goes through the Cloudflare proxy first.
  2. Netdata, Sonarr, and Radarr all seem to have faster response time when proxied through Cloudflare
  3. Setting in Cloudflare for all other apps is https://*.domain.tld/* Again, the trailing asterisk is required for the pages to work.
 
Last edited:

hooper

Governer
Original poster
Staff
Donor
Aug 1, 2018
310
119
Adding the
  • Notably I *don't* use it for those that require the FQDN in another application. I.E. I don't use it for SabNZBD, because when I enter sabnzbd.comain.tld inside Sonarr or Radarr it causes issues when it goes through the Cloudflare proxy first.
You shouldn't access sabnzbd by FQDN from sonarr or radarr. just specify "sabnzbd" and port 8080 in the downloader config and you will use the plexguide docker network instead.
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending