this post was submitted on 13 Dec 2025

30 points (100.0% liked)

Selfhosted

53627 readers

664 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

[Solved]Plex (or Jellyfin) + Pangolin help needed (piefed.social)

submitted 21 hours ago* (last edited 20 hours ago) by marighost@piefed.social to c/selfhosted@lemmy.world

3 comments fedilink hide all child comments

Evening 'hosters,

I have been banging my head against my desk all day and could use some help. I seem to be the only one with this issue, so I'll lay it out: I have a Pangolin instance hosted on a remote VPS with a Newt tunnel installed via Docker in a Debian 13 VM on my NAS. Within Docker, I have Plex, Jellyfin, and Overseerr (just for testing currently). All services are accessible via the LAN IP of the VM and their respective ports.

(Yes I know Plex is stinky, but my mom's gotta watch her shows.)

I have three resources set up in Pangolin for each service, pointed at the LAN IP of the VM, the port, and the correct Newt tunnel, with a corresponding https://service.domain.tld/ record in Pangolin. Overseerr works flawlessly, without any additional input. Plex and Jellyfin, however, does not work. The resource monitoring module on Pangolin remains "unhealthy," and neither service can be accessed remotely.

Here is how the Pangolin resource is configured:

collapsed inline media

After doing tons of searching and reading, the general consensus for configuring Plex is to add https://service.domain.tld/ (noting the :443 at the end), disabling Remote Access from the menu, and disabling the Plex Relay setting. I've tried just about every combination of these settings, and none of these seems to bring the Pangolin resource online (which I figure I need to do to access it remotely).

Here is my compose.yml for Plex:

spoiler

services:  
  plex:  
    container_name: plex  
    image: plexinc/pms-docker  
    restart: unless-stopped  
    ports:  
      - 32400:32400/tcp  
      - 8324:8324/tcp  
      - 32469:32469/tcp  
      - 1900:1900/udp  
      - 32410:32410/udp  
      - 32412:32412/udp  
      - 32413:32413/udp  
      - 32414:32414/udp  
    environment:  
      - TZ=America_New_York  
    network_mode: host

(Pretend there are volumes mounted in there, I removed them here for brevity)

I know setting network_mode= host and defining the ports is redundant, I was playing around with Bridge mode in some helpless attempt to get this thing working. I mentioned Jellyfin in the title because in an effort to see if it was just Plex being annoying, I spun up a Jellyfin container, only to find that Jellyfin also doesn't work.

Any ideas? I'm offering 10,000 years of incredible luck to anyone that can help me out...

tl;dr I cannot for the life of me get Plex (or Jellyfin) to work via a Pangolin Newt tunnel. All other services served the same way appear to work great.

Edit: So, I figure this has got to be something between Plex, one or more Docker bridge networks, and the Newt Tunnel network (newtwork? nah...). I should have mentioned earlier but I am pretty green with all of this, but I really did want to get my hands dirty. I really only have a surface level understanding of these virtual bridge networks that Docker uses...

I'm realizing in doing some digging with docker network inspect, even Overseerr creates a bridge network. I thought I tried using Plex in bridge mode, but that didn't seem to work.

Edit Edit: Solved! I looked to Plex's logs and found that it was rejecting (401) requests from the Newt container bridge. All I had to do was go to Plex's network settings and allow that subnet, like so:

collapsed inline media

My https://plex.domain.tld/ worked instantly. Shoutout to ineedmana for telling me to look in the logs. Always read the logs!

you are viewing a single comment's thread
view the rest of the comments

[–] INeedMana@piefed.zip 7 points 21 hours ago (2 children)

Here is how the Pangolin resource is configured

Use the hostname that is reachable on docker instead of IP. I think in this case that would be plex (name of docker service/container(?))

Go to access logs in pangolin dashboard and try to find out at which level the problem occurs. Where's the last spot you see your query? Pangolin? Newt? It disappears after newt? Your plex service logs something about the query?

[–] marighost@piefed.social 6 points 20 hours ago

I figured it out!!

It was simple. I just told Plex to allow the 172.18.0.0/24 subnet. It's always something simple huh.

Thanks for pointing me at the logs. Sometimes it all looks like gibberish when you're learning, then you stop and read and search. Have a wonderful evening! (and the 10000 years of excellent luck, too!)

[–] marighost@piefed.social 2 points 20 hours ago

The only logs from Pangolin are from me accessing https://overseerr.dom.tld/. From Plex's GUI console though, I get this:

Request: [172.18.0.2:46974 (WAN)] GET / (6 live) #18eb GZIP Signed-in
Completed: [172.18.0.2:46974] 401 GET / (6 live) #18eb GZIP 0ms 464 bytes (pipelined: 1)

That 172.18.0.2 is the IP of the Newt container (that subnet is its bridge network, anyway). So it's making some request to Plex and receiving a 401?

From Mozilla:

The HTTP 401 Unauthorized client error response status code indicates that a request was not successful because it lacks valid authentication credentials for the requested resource.

So what would cause Plex to throw a 401?