Security

Joined
Dec 1, 2022
Messages
2
Probably a dumb question. If i allow plex to be used outside my home can people gain access to the rest of my truenas server? i want to run a single secure drive pool and it would be great if opening plex up doesn't compromise it.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
We don't have any idea whether or not Plex is secure. It is a closed source project and difficult to evaluate.

I can tell you that in the environment here, I run Plex as a jailed app that does not have access to /bin/sh or much of anything at all, for that matter. We build jails here from the ground up, only adding files necessary to the operation of the app. This makes it very difficult to tease an Internet-connected daemon into doing inappropriate and unintended things that are not actually coded into the daemon. I deem this strategy makes Plex sufficiently secure for my purposes.
 

ChrisRJ

Wizard
Joined
Oct 23, 2020
Messages
1,919
I think the bigger question is how to ensure that only the intended audience has access to Plex in the first place. If you can ensure that only your friends get there (VPN would be my choice here), you can probably exclude malicious intent. Letting in the "world" changes the latter, and makes your original question relevant to begin with. Plus there is probably a lot of copyright issues.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
If you can ensure that only your friends get there (VPN would be my choice here), you can probably exclude malicious intent.

Plex is highly oriented towards a naive networking model that assumes a typical NAT-based residential broadband network on both ends. It nearly freaks out if the server side doesn't resemble this, expecting there to be something called a "port forward" (wtf is this) and various assumptions about what qualifies as a "local network", and client endpoints include mobile devices and media streamers that may not even have VPN capabilities.

Those of us who operate Internet ASN's and have significant IP networking assets should theoretically find it easy to light up a Plex instance on live, routable IPv4 space, but instead find ourselves doing battle with weird and incorrect assumptions designed into Plex about how networks work, how to identify what a "local" network is, etc.

I set this as background in order to hopefully avoid offending you when I say that requiring a reliance on VPN for "security" is also problematic; I think the goal should be for Plex to be your own replacement for Netflix or whatever commercial streaming service you wish, serving up a media library that you yourself chose. With more than a dozen pricey commercial streaming services out there, you can be paying as much as you would for premium cable. This suggests that using Plex needs to be approximately as easy, on the client side, as using Netflix. I know that's what the Plex developers are shooting for.
 
Top