Operate Plex locally in your own network
Goals
Operating a Plex media server is actually quite simple. The real crux of the matter is to access your own media collection from the jail.
NEW: For the very impatient I have a console only section. There are only commands, no explanations.
Last updated:
- 03.03.2024: Minor adjustments
- 05.01.2024: Minor adjustments, English version added
- 26.03.2023: Minor adjustments
- 11.12.2022: Initial document
Precondition
- TrueNAS Core or pure FreeBSD server with
iocageinstalled - IP address of the PLEX jail is known
- Hostname of the PLEX Jail is known (e.g. plex.domain.local) and can be reached via internal DNS
Generally, such service should be set up in its own environment. This makes not only security, but also maintenance much easier. Jails can be backed up relatively easily and only the packages that are absolutely necessary are installed.
Diagramm
The local setup looks like this:
┌────────────────────────────────────────────┐
│ TrueNAS │
│ ┌────────────────────┐ │
│ │ jails/plex │ │
LAN: 0.0.0.0:32400 ─┼─┼─► plexmediaserver ─┼─► /mnt/daten/medien │
│ └────────────────────┘ │
└────────────────────────────────────────────┘Create jail
A separate jail is required. Here we use plex as the jail name.
Set up jail
Login to the jail via SSH: ssh USERNAME@IP or ssh USERNAME@HOSTNAME to gain root rights with su.
Customise package source
Package sources should be customised, see separate article.
Allow authorization for local media
As a rule, your movies will be stored in the TrueNAS pool or in the FreeBSD host system. They are therefore also subject to its authorizations. If Plex is now installed in a jail, a separate Plex user has also been created.
- Problem: This user is unknown to the host system. Access from the jail as a Plex user to the files in the host system will fail due to missing authorizations.
- Solution: If you want, you can create a user and group with the name "plex" and the id 972. But this is not necessary (it is only cosmetic). It is important that the files can at least be read by Plex (write permissions are ok if Plex should also take care of managing the files). This also works wonderfully via the id.
TrueNAS
With TrueNAS, the easiest way to do this is to use the ACL Manager (Edit permissions) of the data set with the media files, to which a reading (and possibly writing) user with the id 972 is simply added. A warning message from TrueNAS "No user name could be found for this ID" can be ignored. Do not forget to apply authorizations recursively!
FreeBSD
In FreeBSD without ACL in a classic UNIX authorization structure, it is usually sufficient to adjust the group of the media folder and the files with:
chown -R :972 /mnt/data/mediarecursively changes the group membership to 972 andchmod -R 750 /mnt/data/mediaallows user and group read access to folders and files orchmod -R 770 /mnt/data/mediaallows both read AND write access to folders and files.
All others are not allowed anything in this example.
Just an example! It just has to fit your user & rights concept.
Integrate local media into Jail
Well, the permissions should now be correct, but the directories outside the jails are not yet visible. This includes our example with /mnt/data/media. So how does the /mnt/data/media directory get into the jail? Via NullFS.
TrueNAS
The easiest way to do this with TrueNAS is in the "Mount Points" section of the jail administration. Here you can specify any number of folders that should appear in the jail. In our example, enter /mnt/data/media as the source and then a path within the jail as the target, e.g. /mnt/jail/plex/root/mnt/media. If the media folder does not yet exist: Never mind, simply enter it manually in the path, it will then be created automatically. If the jail is then started later, the directories are automatically included.
FreeBSD
In FreeBSD this is actually done with one command: mount_nullfs /mnt/data/media /mnt/jail/plex/root/mnt/media.
However, the target path must already exist (if necessary, create it beforehand with mkdir -p /mnt/jail/plex/root/mnt/media).
The difficulty now is to ensure that the assignments survive a reboot.
The easiest way to do this is to store them in /etc/fstab:
# Device Mountpoint FStype Options Dump Pass
/mnt/daten/medien /mnt/jail/plex/root/mnt/medien nullfs rw 0 0
/mnt/daten/musik /mnt/jail/plex/root/mnt/musik nullfs rw 0 0This is best managed with BastilleBSD or iocage.
Install packages & activate services
Freie Plex Version
Update the package source with pkg update and then install the required packages: pkg install plexmediaserver.
Enable services and start them automatically when starting the jail: service plexmediaserver enable.
As no configuration files are adapted, the service can be started directly: service plexmediaserver start.
OR
Plexpass Version
Update the package source with pkg update and then install the required packages: pkg install plexmediaserver-plexpass.
Activate services and start automatically when starting the jail: sysrc plexmediaserver-plexpass=YES
Since no configuration files are adapted, the service can be started directly: service plexmediaserver-plexpass start.
Plex can then be accessed at http://IP:32400 or http://HOSTNAME:32400
Attention: Plex is based on multicast. In order for the local Plex website to find the Plex server behind it at the first start, both MUST be in the same subnet.
Include Media
When you start the assistant for the first time, it will ask for a folder with movies, series, music or pictures. You can now refer to the folders provided above. At least adjust the content type and language to finish the wizard and Plex will then automatically start indexing these folders. If not: Check permissions. :)
Data protection: In the standard configuration, Plex also wants to make it easy and ensure that the local media can be accessed from anywhere, even if the firewall etc. have not yet been set up. Plex uses a relay server for this purpose. If you want to prevent external (albeit not perfect) use in the local setup, you must explicitly deactivate this with the "Activate Relay" option. This can be found in the "Settings" under the "Network" menu item.
Console
tbdVoilá
