February 25, 20251 yr So I setup plex years ago and the default network is set to host. There was some discussion on reddit about a issue running tailscale as host. Just of the topic was that if you have a docker container running as host any person that has access to your tailscale has root access to the host machine. Some people commented that plex is setup to run in host mode by default in the official and a few other docker configurations. 1st. question is runnung plex in host a (bad idea) 2nd if switching to a custom network and adding the port to the config tends to break remote direct streaming. Whats the proper way to run plex in bridge mode. 3rd would it just be better to run plex as ipvlan so that it has its own dedication static ip address and that way the connection is not bridge and creating issues for plex direct streaming. If so how you go about this. I asked chat gpt and stated this To assign a static IP address to your Plex Docker container in Unraid using ipvlan, follow these steps: --- 1. Enable IPvlan Networking in Docker 1. Go to Unraid Web UI → Settings → Docker. 2. Set Enable Docker to No (temporary disable). 3. Find Docker Custom Network Type and select IPvlan (instead of macvlan). 4. Click Apply. --- 2. Configure a Custom Docker Network (br0) 1. Go to Settings → Network Settings. 2. Scroll to Interface eth0 (or your main network interface). 3. Ensure "Enable bridging" is set to Yes. 4. Set the Custom IPv4 subnet (e.g., 192.168.1.0/24). 5. Click Apply. --- 3. Assign a Static IP to Plex 1. Go to Docker → Click Add Container (or edit your existing Plex container). 2. Under Network Type, select Custom: br0. 3. In the Fixed IP Address field, enter the desired static IP (e.g., 192.168.1.150). 4. Click Apply. --- 4. Verify the Setup Open a terminal in Unraid and run: docker network inspect br0 Ensure Plex is assigned the correct IP. Check if Plex is accessible via http://192.168.1.150:32400. --- 5. (Optional) Adjust Router & Firewall Settings If your router supports static IP reservations, bind the Plex IP to avoid conflicts. Ensure no other device is using the same IP. Is this correct? Any help would be appreciated.
February 26, 20251 yr @Triplerinse Unraid 7.0.1 was just released and contains this note: "This resolves a security issue when the Tailscale integration is enabled on a container running in Host mode and then shared with other users. "
February 26, 20251 yr Author 1 minute ago, Hoopster said: @Triplerinse Unraid 7.0.1 was just released and contains this note: "This resolves a security issue when the Tailscale integration is enabled on a container running in Host mode and then shared with other users. " Does this also apply to other containers as well? I appreciate your quick response. When you get some time i would appreciate if you would look at my 2nd and 3 question. I know it's lengthy and I know your very busy and active on this form. You know your stuff so I am all ears.
February 26, 20251 yr Solution 21 minutes ago, Triplerinse said: Does this also apply to other containers as well? The fix is for docker containers in general running host mode with Tailscale and not Plex specific. See the 7.0.1 release notes for more details. With respect to running Plex in a mode other than Host, I have done it two ways; Custom: br0 with a static IP address on same subnet as the host and on a VLAN I created for docker containers on a different subnet than the host (this showed up as Custom: br0.3 as it was on a xxx.xxx.3.xxx subnet. Both worked fine with no problems with direct and remote streaming. The only problem I had with Custom: br0 was macvlan call traces. These would crash my server every few days to a couple of weeks. This used to be a big issue and one of the reasons ipvlan was implemented. Because of the macvlan call traces on br0, I created a VLAN (br0.3) and all my problems went away. This was years ago. I have not tried going back to br0 although I did switch to ipvlan. Having Plex on a VLAN with Unraid host and the content on a different subnet was not a problem because my router automatically passes traffic between "corporate" subnets. Edited February 26, 20251 yr by Hoopster
February 26, 20251 yr Author 16 minutes ago, Hoopster said: The fix is for docker containers in general running host mode with Tailscale and not Plex specific. See the 7.0.1 release notes for more details. With respect to running Plex in a mode other than Host, I have done it two ways; Custom: br0 with a static IP address on same subnet as the host and on a VLAN I created for docker containers on a different subnet than the host (this showed up as Custom: br0.3 as it was on a xxx.xxx.3.xxx subnet. Both worked fine with no problems with direct and remote streaming. The only problem I had with Custom: br0 was macvlan call traces. These would crash my server every few days to a couple of weeks. This used to be a big issue and one of the reasons ipvlan was implemented. Because of the macvlan call traces on br0, I created a VLAN (br0.3) and all my problems went away. This was years ago. I have not tried going back to br0 although I did switch to ipvlan. Having Plex on a VLAN with Unraid host and the content on a different subnet was not a problem because my router automatically passes traffic between "corporate" subnets. Thanks for thor the information.
March 6, 20251 yr Hello @Triplerinse, did you find a good solution to use something differet than Host for Plex? I've been trying with all the info you and @Hoopster gathered and I've been failing miserably. Now with 7.0.1 Plex stopped working with the Host network and I wasn't able to make it work in Tailscale again.
March 6, 20251 yr Author I could never get it to work in bridge. I was able to use custom br0. Then assign it a static ip that's outside my dhcp lease. Under the docker edit. Switch network to custom bro then a field will come avaliable to assign it a stick ip. Make sure in your network settings it's set to ipvlan not mac lan. Edited March 6, 20251 yr by Triplerinse
March 18, 20251 yr @Triplerinse Did it, but in Plex the server appears as unavailable, and there seems to be no errors in the container's logs. 😔 I want to use Plex through Tailscale, but at this point I am only going to use it localy... I wouldn't like to apply Plex 'remote mode' and keep it on Host, but maybe it is not so insecure?
March 18, 20251 yr Community Expert Plex works just fine on bridge mode. No need for host mode. make sure you set the port to 32400 in both the plex remote access setting, checking the manual port box, and your routers firewall. the only time Tailscale is needed, is if you’re behind a CGNAT and don’t want to pay your ISP $5/month for a static IP. Edited March 18, 20251 yr by MowMdown
April 2, 20251 yr @MowMdown But isn't it less insecure using VPN? It is acceptable the remote mode opening the firewall?
April 2, 20251 yr Community Expert 8 hours ago, Decoy01 said: @MowMdown But isn't it less insecure using VPN? It is acceptable the remote mode opening the firewall? The idea that it's "less secure" is highly subjective which entirely depends on what you're exposing. I'm not someone who considers opening up port 32400 for plex a "security vulnerability." I tend not to take absolutionistic viewpoints. Sure one day, someone might have their plex instance broken into but until there's a widespread vulnerability with the plex server, I wouldn't worry about it being an attack vector. Edited April 2, 20251 yr by MowMdown
April 3, 20251 yr Community Expert According to Wikipedia: As of 2023, Plex had 16 million active monthly streaming users. With this many users, it isn't difficult to believe that many are just people who load Plex on their PC at home, with default configuration, with Port 32400 open to the Internet world.
April 30, 20251 yr Has anybody gotten this to work. I find it amazing that with 16 million active users nobody in the unraid community wants to share their plex server through tailscale and NOT give everyone you share with access too your own personal tailscale account. Please please please someone figure this out Unfortunately I cannot, I can only monkey see, monkey do. Edited April 30, 20251 yr by jnosa899
April 30, 20251 yr Community Expert 26 minutes ago, jnosa899 said: Has anybody gotten this to work. I find it amazing that with 16 million active users nobody in the unraid community wants to share their plex server through tailscale and NOT give everyone you share with access too your own personal tailscale account. Please please please someone figure this out Unfortunately I cannot, I can only monkey see, monkey do. Toggle the tailscale button on the plex docker container page, set it to SERVE mode, open console, click the link to authenticate, it now should show up on your tailscale admin dashboard, then click the share button next to it like below, and you're done. Edited April 30, 20251 yr by MowMdown
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.