Hi I am just getting my truenas scale system up and running and the app will recognise the server, However it will scroll around and then explain that the server is insecure…
I have the web portal open and can access the content in there but all the apps in the house reject it…
I can see that the webportal address bar has a Red line through the padlock icon, i think this means it is not an HTTPS webportal…
how do i secure the server…
You need a reverse proxy (and certificate obv)
Caddy, nginx… I use nginx proxy manager, full of usefull features and with a simply to use GUI
can’t i just ask the server to prefer https…?
i don’t think i need to serve outside of the local network…
I bumped into the ssh certificate support that my password manager has, should that be used in this case…?
Do you have a valid certificate? Are you using the IP address for reach webportal, or you have a domain?
I’m still on an IP address, I only know what I’ve learnt on youtube…
I noticed when using truenas core i had the option to apply for an SSH key…
That is to say that the 1password can store a ssh key(i suppose that is completely different?)
I actually need a lot of advice on the topic, I’m a complete beginner.
I now have seen a few youtube channels are all about the reverse proxy, I suppose i will have to keep watching to have a better idea of which one i will go with and how long that will take…
Do you have any links to a guide that could explain…
I might need a real specific path to follow…
For what Is my knowledge, so take It with a grain of salt, you can create a self signed CERT for the web GUI without domain… But i don’t think Is possible do the same for app.
I admit that there i didn’t follow what you mean
Honestly they are so much and so similar that one belong to other.
I just search on Plex doc, and i found this:
If any of your associated servers don’t support secure connections, those insecure servers will not be accessible in the app. You can instead try loading the local/bundled web app that comes with the server install.
How do you are tryng to connect your app?
This is really going to depend on how much work you want to put in and how much expertise you have. This is what I’ve done for my containers.
I have a cloudflare account and have the argo tunnel (cloudflared) running to serve some of my hosted apps remotely via their reverse proxy. I have configured a Google OAuth2 app and block page so that only I, or my devices running the warp client an pass their edge to access anything I’ve proxied.
Because I have the cloudlfare account, I’ve also opted to run a certbot container that uses the Cloudflare API to pass the dns test by writing the txt record for me. I’m using “certbot/dns-cloudflare:latest” for this. I have a volume mapped to my apps pool for the container to save the certs to. I have done “DOMAIN.TLD” and “*.DOMAIN.TLD” for the cert, so it will cover all of my subdomains, in your case “plex.DOMAIN.TLD”.
Now that the certs are in a directory on my apps pool, I map that directory to my containers that want/need a cert in read-only status so that they can access the key and pem files.
I create a DNS zone, or DNS Re-Write if you’re using Adguard Home to point the specific DNS entries to the local IP for the container. So in your case, when the AppleTV tries to access your Plex server on https://plex.DOMAIN.TLD your DNS server will give it the LAN IP for the Plex server, it will also have the cert that matches that domain and Apple TV will be happy.
Others have suggested a self-signed cert and that may work, but I know for a fact that Apple is pretty picky about security and they may only accept certs signed by cert authorities. My solution above provides that.
Doesn’t Plex manage its own security?
You probably have your Plex server set to “Require” a secure connection when what you want is “Preferred.”