💡 [REQUEST] - Ability to override "http" as given by plex.tv with "https" #272
Comments
|
Hey, can you try setting the preferred connection like this:
Would this work? |
JasonLandbridge
added
the
answer provided
|
If the connection selection isn't showing up with the above, then that has been fixed here: #253 |
|
No, the https connection isn’t listed there as a choice. Just the local 192.168 address, and the public one as http. Same with my own server. Interestingly, the manually published choice for my server (all external ones are listed as http) is listed for https, but is also failing; it’s by hostname rather than IP, so I am guessing it is a DNS issue.
I do, however have the “Secure Connection” setting set to “Required” rather than “Preferred” in my plex server Netowrk settings.
PlexRipper | 19:58:46 [Debug] [PlexApiClient.SendRequestAsync:58] => Sending request to: https://plex.technomancer.com/identity
PlexRipper |
PlexRipper |
PlexRipper | 19:58:46 [Warning] [RestSharpExtensions.SendRequestWithPolly:51] => Request to: https://***MASKED***/identity failed, waiting 1 seconds before retrying again (1 of 1)
PlexRipper |
PlexRipper |
PlexRipper | 19:58:47 [Error] [RestSharpExtensions.ParsePlexErrors:159] => Request to https://plex.technomancer.com/identity failed with status code: 0 - The SSL connection could not be established, see inner exception.
PlexRipper | - Metadata:
PlexRipper | -- StatusCode - 0
PlexRipper | -- ErrorMessage - The SSL connection could not be established, see inner exception.
I am not yet sure what the “inner exception” is, or where to find it.
I just saw your followup email that you have fixed it in a future release, though. I’ll try poking around in the database as well until the new release comes out. Thanks!
…--
Scott Garrett ***@***.***
https://www.technomancer.com
"Thought is the brain's orgasm. Those who CAN experience it, enjoy it to the fullest. Others have to fake it."
On Nov 12, 2023, at 05:39, Jason Landbridge ***@***.***> wrote:
Hey, can you try setting the preferred connection like this:
<https://user-images.githubusercontent.com/15127381/282292883-52ed70df-2240-42a0-845c-14e04aad061e.png>
Open the server settings by cliking on the gear icon
Go to Server Connections
Select the https connection
Would this work?
—
Reply to this email directly, view it on GitHub <#272 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AC3FBLC2TXSF2O2ABPWD7HTYECRM5AVCNFSM6AAAAAA7D7VUUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBXGA4DOMBXGE>.
You are receiving this because you authored the thread.
|
|
Can you try this url in your browser and see if the https connection shows up on the page?
Make sure to replace the A quick Google search on "ErrorMessage - The SSL connection could not be established, see inner exception." shows that the server certificate might be invalid: https://stackoverflow.com/questions/52939211/the-ssl-connection-could-not-be-established One of the answers talks about disabling the check but that might be a security issue, but that might not matter for PlexRipper. I will need to investigate a bit more. |
|
Maybe this could help. Usually when I'm working with http requests (curl, guzzle) and I stumble upon an endpoint with an invalid certificate, such thing can be ignored by setting a parameter before you send out your request. Something like allow_insecure->true. Good chance your http client library or whatever you use raises an exception upon an invalid certificate, which is good but I think many self hosted plex libraries may have improper certificates. So adding a setting to allow insecure requests would be logical, and allow it by default if env=dev? If I remember correct a problem like this could also be identified by the response http status code or the type of exception so if we would have logs of that we could probably tell if it's a network thing or not. If you tell me where that code is defined and a link to the docs I could help check on that. |
|
Yes, with curl it’s “-k”; I did use that in my testing. Plex is *supposed* to be assigning me a valid cert, but it has never worked the way it is supposed to, so I generally just ignore that.
In this case, however, I am at the mercy of whatever library plexripper uses, and it does not appear to be allowing self-signed certs, but I am only guessing there.
I’m doing a deeper dive into the cert chain in use here. Plex assigns one, and it looks like my router is injecting one into the middle for some reason I am still trying to understand.
If Plexripper could be configured to ignore the validity of certs and progress, that would, I would think, solve the connectivity, even if it lowers the security of the connections. Maybe make that an optional advanced setting.
I also noticed that in one of the recent updates they added fields in the plex admin page to put my own certificate. So I may attempt in a moment to get a Let’s Encrypt cert of my own on there.
…--
Scott Garrett
***@***.***
*** Democracy is two wolves and a lamb voting on what to have for lunch.
*** Liberty is a well-armed lamb contesting the vote.
On Nov 12, 2023, at 17:31, Fabio Ros ***@***.***> wrote:
Maybe this could help. Usually when I'm working with http requests (curl, guzzle) and I stumble upon an endpoint with an invalid certificate, such thing can be ignored by setting a parameter before you send out your request. Something like allow_insecure->true.
Good chance your http client library or whatever you use raises an exception upon an invalid certificate, which is good but I think many self hosted plex libraries may have improper certificates. So adding a setting to allow insecure requests would be logical, and allow it by default if env=dev?
If I remember correct a problem like this could also be identified by the response http status code or the type of exception so if we would have logs of that we could probably tell if it's a network thing or not. If you tell me where that code is defined and a link to the docs I could help check on that.
—
Reply to this email directly, view it on GitHub <#272 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AC3FBLBKPGWM5CDJQX7VMALYEFE2RAVCNFSM6AAAAAA7D7VUUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBXGI3DGNBQGQ>.
You are receiving this because you authored the thread.
|
|
Well, I deep a quick dive into the docs of that seems to be our API client, and it does has the option to ignore insecure certificates. on your case I raised the following feature request: #278 to allow for custom server URL's to be configured manually so that I could configure wrong SSL certs. It also is very usefull in a lot of other casees to set a custom url., hence the request. What I found in docs When doing a bit research I think I found how what change we should make to do this, maybe we could test it a bit on a different branch and see. But I'm not sure where exacty to implement this... (yet). It seems to be possible to specify a Here are the docs: https://restsharp.dev/usage.html#simple-factory So If you wanted to test it quickly you'd override client somewhere near here? PlexRipper/src/PlexApi/Api/PlexApi.cs Line 22 in b0b1d10 But I'd have to brush up on my C# first before doing things like this, I don't know how to properly implement this currently. |
Checks
Describe the feature
Most of the servers I connect to only listen on https, not http. plex.tv only provides http server addresses, so the majority of the servers I am trying to see fail (most of my friends are network admins, and block non-encrypted traffic at their firewalls). This looks to be related to BUG #252.
I picked one of them and tried to access with curl; as you can see the https one responds appropriately with Unauthorized, but the http one just craps out.
Having the ability to override the URL provided from plex.tv with https instead of http should resolve the issues.
Additional information
The text was updated successfully, but these errors were encountered: