Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Is running plex docker network as HOST or BRIDGE?

Featured Replies

So I setup plex years ago and the default network is set to host. 

 

There was some discussion on reddit about a issue running tailscale as host.  Just of the topic was that if you have a docker container running as host any person that has access to your tailscale  has root access to the host machine. 

 

Some people commented that plex is setup to run in host mode by default in the official and a few other docker configurations.

 

 1st. question is runnung plex in host  a (bad idea) 

 

2nd if switching to a custom network and adding the port to the config tends to break remote direct streaming. Whats the proper way to run plex in bridge mode. 

 

3rd would it just be better to run plex as ipvlan so that it has its own dedication static ip address and that way the connection is not bridge and creating issues for plex direct streaming. If so how you go about this. I asked chat gpt and stated this 

 

To assign a static IP address to your Plex Docker container in Unraid using ipvlan, follow these steps:

 

 

---

 

1. Enable IPvlan Networking in Docker

 

1. Go to Unraid Web UI → Settings → Docker.

 

 

2. Set Enable Docker to No (temporary disable).

 

 

3. Find Docker Custom Network Type and select IPvlan (instead of macvlan).

 

 

4. Click Apply.

 

 

 

 

---

 

2. Configure a Custom Docker Network (br0)

 

1. Go to Settings → Network Settings.

 

 

2. Scroll to Interface eth0 (or your main network interface).

 

 

3. Ensure "Enable bridging" is set to Yes.

 

 

4. Set the Custom IPv4 subnet (e.g., 192.168.1.0/24).

 

 

5. Click Apply.

 

 

 

 

---

 

3. Assign a Static IP to Plex

 

1. Go to Docker → Click Add Container (or edit your existing Plex container).

 

 

2. Under Network Type, select Custom: br0.

 

 

3. In the Fixed IP Address field, enter the desired static IP (e.g., 192.168.1.150).

 

 

4. Click Apply.

 

 

 

 

---

 

4. Verify the Setup

 

Open a terminal in Unraid and run:

 

docker network inspect br0

 

Ensure Plex is assigned the correct IP.

 

Check if Plex is accessible via http://192.168.1.150:32400.

 

 

 

---

 

5. (Optional) Adjust Router & Firewall Settings

 

If your router supports static IP reservations, bind the Plex IP to avoid conflicts.

 

Ensure no other device is using the same IP.

 

Is this correct? Any help would be appreciated. 

 

 

Solved by Hoopster

@Triplerinse

Unraid 7.0.1 was just released and contains this note:

 

"This resolves a security issue when the Tailscale integration is enabled on a container running in Host mode and then shared with other users. "

  • Author
1 minute ago, Hoopster said:

@Triplerinse

Unraid 7.0.1 was just released and contains this note:

 

"This resolves a security issue when the Tailscale integration is enabled on a container running in Host mode and then shared with other users. "

Does this also apply to other containers as well? I appreciate your quick response. When you get some time i would appreciate if you would look at my 2nd and 3 question. I know it's lengthy and I know your very busy and active on this form. You know your stuff so I am all ears. 

  • Solution
21 minutes ago, Triplerinse said:

Does this also apply to other containers as well?

The fix is for docker containers in general running host mode with Tailscale and not Plex specific.  See the 7.0.1 release notes for more details.

 

With respect to running Plex in a mode other than Host, I have done it two ways; Custom: br0 with a static IP address on same subnet as the host and on a VLAN I created for docker containers on a different subnet than the host (this showed up as Custom: br0.3 as it was on a xxx.xxx.3.xxx subnet.  Both worked fine with no problems with direct and remote streaming. 

 

The only problem I had with Custom: br0 was macvlan call traces. These would crash my server every few days to a couple of weeks. This used to be a big issue and one of the reasons ipvlan was implemented.

 

Because of the macvlan call traces on br0, I created a VLAN (br0.3) and all my problems went away.  This was years ago. I have not tried going back to br0 although I did switch to ipvlan. Having Plex on a VLAN with Unraid host and the content on a different subnet was not a problem because my router automatically passes traffic between "corporate" subnets.

Edited by Hoopster

  • Author
16 minutes ago, Hoopster said:

The fix is for docker containers in general running host mode with Tailscale and not Plex specific.  See the 7.0.1 release notes for more details.

 

With respect to running Plex in a mode other than Host, I have done it two ways; Custom: br0 with a static IP address on same subnet as the host and on a VLAN I created for docker containers on a different subnet than the host (this showed up as Custom: br0.3 as it was on a xxx.xxx.3.xxx subnet.  Both worked fine with no problems with direct and remote streaming. 

 

The only problem I had with Custom: br0 was macvlan call traces. These would crash my server every few days to a couple of weeks. This used to be a big issue and one of the reasons ipvlan was implemented.

 

Because of the macvlan call traces on br0, I created a VLAN (br0.3) and all my problems went away.  This was years ago. I have not tried going back to br0 although I did switch to ipvlan. Having Plex on a VLAN with Unraid host and the content on a different subnet was not a problem because my router automatically passes traffic between "corporate" subnets.

Thanks for thor the information. 

  • 2 weeks later...

Hello @Triplerinse, did you find a good solution to use something differet than Host for Plex?

 

I've been trying with all the info you and @Hoopster gathered and I've been failing miserably. Now with 7.0.1 Plex stopped working with the Host network and I wasn't able to make it work in Tailscale again.

  • Author

I could never get it to work in bridge.  I was able to use custom br0. Then assign it a static ip that's outside my dhcp lease. Under the docker edit.  Switch network to custom bro then a field will come avaliable to assign it a stick ip.  Make sure in your network settings it's set to ipvlan not mac lan. 

Edited by Triplerinse

  • Author

Also I'm not on 7.0.1. I'm still on 7.0 and not running tailscale. 

  • 2 weeks later...

@Triplerinse Did it, but in Plex the server appears as unavailable, and there seems to be no errors in the container's logs. 😔

 

I want to use Plex through Tailscale, but at this point I am only going to use it localy...

 

I wouldn't like to apply Plex 'remote mode' and keep it on Host, but maybe it is not so insecure?

  • Community Expert

Plex works just fine on bridge mode. No need for host mode. 
 

make sure you set the port to 32400 in both the plex remote access setting, checking the manual port box, and your routers firewall.

 

the only time Tailscale is needed, is if you’re behind a CGNAT and don’t want to pay your ISP $5/month for a static IP.

Edited by MowMdown

  • 2 weeks later...

@MowMdown But isn't it less insecure using VPN? It is acceptable the remote mode opening the firewall?

  • Community Expert
8 hours ago, Decoy01 said:

@MowMdown But isn't it less insecure using VPN? It is acceptable the remote mode opening the firewall?

 

The idea that it's "less secure" is highly subjective which entirely depends on what you're exposing. I'm not someone who considers opening up port 32400 for plex a "security vulnerability."

 

I tend not to take absolutionistic viewpoints. Sure one day, someone might have their plex instance broken into but until there's a widespread vulnerability with the plex server, I wouldn't worry about it being an attack vector.

Edited by MowMdown

  • Community Expert

According to Wikipedia:

As of 2023, Plex had 16 million active monthly streaming users.

 

With this many users, it isn't difficult to believe that many are just people who load Plex on their PC at home, with default configuration, with Port 32400 open to the Internet world.

  • 4 weeks later...

Has anybody gotten this to work. I find it amazing that with 16 million active users nobody in the unraid community wants to share their plex server through tailscale and NOT give everyone you share with access too your own personal tailscale account. Please please please someone figure this out   Unfortunately I cannot, I can only monkey see, monkey do.

Edited by jnosa899

  • Community Expert
26 minutes ago, jnosa899 said:

Has anybody gotten this to work. I find it amazing that with 16 million active users nobody in the unraid community wants to share their plex server through tailscale and NOT give everyone you share with access too your own personal tailscale account. Please please please someone figure this out   Unfortunately I cannot, I can only monkey see, monkey do.

 

Toggle the tailscale button on the plex docker container page, set it to SERVE mode, open console, click the link to authenticate, it now should show up on your tailscale admin dashboard, then click the share button next to it like below, and you're done.

 

image.png.a8e5354a54866b1048212a730a905756.pngimage.png.e46d6cd4885defb5f36531057b057883.pngimage.png.8cb7c6a23db83df1ed13f436baec94c1.png

Edited by MowMdown

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.