From 5b7d4b2002d1fd98f14bb83618e85ecebcfe6a99 Mon Sep 17 00:00:00 2001 From: Zach Bernstein Date: Fri, 27 Dec 2024 13:27:47 -0500 Subject: [PATCH 1/3] chore(plex): change url rewrite --- kubernetes/apps/media/plex/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/media/plex/app/helmrelease.yaml b/kubernetes/apps/media/plex/app/helmrelease.yaml index bb0cfc7e..22d4df45 100644 --- a/kubernetes/apps/media/plex/app/helmrelease.yaml +++ b/kubernetes/apps/media/plex/app/helmrelease.yaml @@ -97,7 +97,7 @@ spec: nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/configuration-snippet: | if ($http_x_plex_device_name = '') { - rewrite ^/$ /web/index.html; + rewrite ^/$ /web; } gzip on; From 2f559a241cd93fba6e78542d6d459e7f361c12ec Mon Sep 17 00:00:00 2001 From: Zach Bernstein Date: Fri, 27 Dec 2024 14:58:33 -0500 Subject: [PATCH 2/3] fix(plex): attempt to solve iOS access issues --- kubernetes/apps/media/plex/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/media/plex/app/helmrelease.yaml b/kubernetes/apps/media/plex/app/helmrelease.yaml index 22d4df45..398b670e 100644 --- a/kubernetes/apps/media/plex/app/helmrelease.yaml +++ b/kubernetes/apps/media/plex/app/helmrelease.yaml @@ -97,7 +97,7 @@ spec: nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/configuration-snippet: | if ($http_x_plex_device_name = '') { - rewrite ^/$ /web; + rewrite ^/$ https://$http_host/web/index.html; } gzip on; From be5cf9898967620fa1cb11d7ed17b16f890d9b18 Mon Sep 17 00:00:00 2001 From: Zach Bernstein Date: Fri, 27 Dec 2024 18:04:50 -0500 Subject: [PATCH 3/3] fix(plex): fix iOS app issues --- .../apps/media/plex/app/helmrelease.yaml | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/kubernetes/apps/media/plex/app/helmrelease.yaml b/kubernetes/apps/media/plex/app/helmrelease.yaml index 398b670e..c0c8ea77 100644 --- a/kubernetes/apps/media/plex/app/helmrelease.yaml +++ b/kubernetes/apps/media/plex/app/helmrelease.yaml @@ -95,9 +95,30 @@ spec: annotations: external-dns.alpha.kubernetes.io/target: external.zebernst.dev nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +# nginx.ingress.kubernetes.io/enable-cors: "true" +# nginx.ingress.kubernetes.io/cors-allow-origin: "https://plex.zebernst.dev, https://app.plex.tv" nginx.ingress.kubernetes.io/configuration-snippet: | - if ($http_x_plex_device_name = '') { - rewrite ^/$ https://$http_host/web/index.html; + # Need this in the config snippet until this issue is resolved: https://github.com/kubernetes/ingress-nginx/pull/12424 + if ($http_origin ~* "^https://((?:.*.plex.tv)|(?:plex.zebernst.dev))$") { set $allow_origin $http_origin; } + more_set_headers 'Access-Control-Allow-Origin: $allow_origin'; + more_set_headers 'Access-Control-Allow-Credentials: true'; + more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Authorization,Content-Type'; + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain charset=UTF-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + + # If a request to / comes in, 301 redirect to the main plex page, + # but only if it doesn't contain the X-Plex-Device-Name header or query argument. + # This fixes a bug where you get permission issues when accessing the web dashboard. + set $root_redir ""; + if ($http_x_plex_device_name = '') { set $root_redir Y; } + if ($arg_X-Plex-Device-Name = '') { set $root_redir "${root_redir}Y"; } + if ($test = YY) { + rewrite ^/$ https://$best_http_host/web/index.html; } gzip on; @@ -150,7 +171,7 @@ spec: proxy_set_header Accept-Encoding ""; - add_header Referrer-Policy "same-origin" always; + add_header Referrer-Policy "origin-when-cross-origin" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options sameorigin; add_header X-XSS-Protection "1; mode=block" always;