Operate Plex locally in your own network

Goals

Operating a Plex media server is actually quite simple. The real crux of the matter is to access your own media collection from the jail.

NEW: For the very impatient I have a console only section. There are only commands, no explanations.

Last updated:

18.01.2026: Revision. Removal of TrueNAS and rewrite to pure FreeBSD. Jails with Bastille
03.03.2024: Minor adjustments
05.01.2024: Minor adjustments, English version added
26.03.2023: Minor adjustments
11.12.2022: Initial document

Requirements

A FreeBSD server is set up and prepared
Bastille is installed and ready for use
IP address of the jail is known and preferably reserved in DHCP
Hostname of the jail is known (e.g. plex.domain.local) and accessible via internal DNS

Generally, such service should be set up in its own environment. This makes not only security, but also maintenance much easier. Jails can be backed up relatively easily and only the packages that are absolutely necessary are installed.

Diagramm

The local setup looks like this:

                    ┌────────────────────────────────────────────┐
                    │  TrueNAS                                   │
                    │ ┌────────────────────┐                     │
                    │ │ jails/plex         │                     │
LAN: 0.0.0.0:32400 ─┼─┼─► plexmediaserver ─┼─► /mnt/daten/medien │
                    │ └────────────────────┘                     │
                    └────────────────────────────────────────────┘

Create jail

A separate jail is required. Here we use plex as the jail name.

Set up jail

Either use bastile console plex to start a console in the created jail, or log in via SSH (if activated) with ssh USERNAME@IP or ssh USERNAME@HOSTNAME to then gain root rights with su.

Customise package source

Package sources should be customised, see separate article.

Allow authorization for local media

As a rule, your movies will be stored in the FreeBSD host system. They are therefore also subject to its authorizations. If Plex is now installed in a jail, a separate Plex user has also been created.

Problem: This user is unknown to the host system. Access from the jail as a Plex user to the files in the host system will fail due to missing authorizations.
Solution: If you want, you can create a user and group with the name "plex" and the id 972. But this is not necessary (it is only cosmetic). It is important that the files can at least be read by Plex (write permissions are ok if Plex should also take care of managing the files). This also works wonderfully via the id.

In FreeBSD without ACL in a classic UNIX authorization structure, it is usually sufficient to adjust the group of the media folder and the files with:

chown -R :972 /mnt/data/media recursively changes the group membership to 972 and
chmod -R 750 /mnt/data/media allows user and group read access to folders and files or
chmod -R 770 /mnt/data/media allows both read AND write access to folders and files.

All others are not allowed anything in this example.

Just an example! It just has to fit your user & rights concept.

Integrate local media into Jail

Well, the permissions should now be correct, but the directories outside the jails are not yet visible. This includes our example with /mnt/data/media. So how does the /mnt/data/media directory get into the jail? Per NullFS.

Install packages & activate services

Freie Plex Version

Update the package source with pkg update and then install the required packages: pkg install plexmediaserver. Enable services and start them automatically when starting the jail: service plexmediaserver enable. As no configuration files are adapted, the service can be started directly: service plexmediaserver start.

Plexpass Version

Update the package source with pkg update and then install the required packages: pkg install plexmediaserver-plexpass. Activate services and start automatically when starting the jail: sysrc plexmediaserver-plexpass=YES Since no configuration files are adapted, the service can be started directly: service plexmediaserver-plexpass start.

Plex can then be accessed at http://IP:32400 or http://HOSTNAME:32400

Attention: Plex is based on multicast. In order for the local Plex website to find the Plex server behind it at the first start, both MUST be in the same subnet.

Include Media

When you start the assistant for the first time, it will ask for a folder with movies, series, music or pictures. You can now refer to the folders provided above. At least adjust the content type and language to finish the wizard and Plex will then automatically start indexing these folders. If not: Check permissions. :)

plex-home

Data protection: In the standard configuration, Plex also wants to make it easy and ensure that the local media can be accessed from anywhere, even if the firewall etc. have not yet been set up. Plex uses a relay server for this purpose. If you want to prevent external (albeit not perfect) use in the local setup, you must explicitly deactivate this with the "Activate Relay" option. This can be found in the "Settings" under the "Network" menu item.

Console

Link to the code on Github, I'm always happy about suggestions for improvement!

Voilá