PlexRipper
PlexRipper copied to clipboard
PlexRipper
đź’ˇ [REQUEST] - Ability to override "http" as given by plex.tv with "https"
Checks
- [X] I have searched the existing issue and my feature request does not exist!
- [X] I have tried out the latest development build and can confirm my feature request is not yet implemented!
Describe the feature
Most of the servers I connect to only listen on https, not http. plex.tv only provides http server addresses, so the majority of the servers I am trying to see fail (most of my friends are network admins, and block non-encrypted traffic at their firewalls). This looks to be related to BUG #252.
I picked one of them and tried to access with curl; as you can see the https one responds appropriately with Unauthorized, but the http one just craps out.
sgarrett@plex:~/src/PlexRipper/src/PlexApi$ curl -k https://xxx.xxx.xxx.xxx:12232
<html><head><script>window.location = window.location.href.match(/(^.+\/)[^\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>
sgarrett@plex:~/src/PlexRipper/src/PlexApi$ curl -k http://xxx.xxx.xxx.xxx:12232
curl: (56) Recv failure: Connection reset by peer
Having the ability to override the URL provided from plex.tv with https instead of http should resolve the issues.
Additional information
- [ ] Would you be willing to help implement this feature?
- [ ] Does this feature have a potential to break existing features?
Hey, can you try setting the preferred connection like this:
- Open the server settings by cliking on the gear icon
- Go to
Server Connections - Select the https connection
Would this work?
If the connection selection isn't showing up with the above, then that has been fixed here: https://github.com/PlexRipper/PlexRipper/issues/253
No, the https connection isn’t listed there as a choice. Just the local 192.168 address, and the public one as http. Same with my own server. Interestingly, the manually published choice for my server (all external ones are listed as http) is listed for https, but is also failing; it’s by hostname rather than IP, so I am guessing it is a DNS issue.
I do, however have the “Secure Connection” setting set to “Required” rather than “Preferred” in my plex server Netowrk settings.
PlexRipper | 19:58:46 [Debug] [PlexApiClient.SendRequestAsync:58] => Sending request to: https://plex.technomancer.com/identity PlexRipper | PlexRipper | PlexRipper | 19:58:46 [Warning] [RestSharpExtensions.SendRequestWithPolly:51] => Request to: https://MASKED/identity failed, waiting 1 seconds before retrying again (1 of 1) PlexRipper | PlexRipper | PlexRipper | 19:58:47 [Error] [RestSharpExtensions.ParsePlexErrors:159] => Request to https://plex.technomancer.com/identity failed with status code: 0 - The SSL connection could not be established, see inner exception. PlexRipper | - Metadata: PlexRipper | -- StatusCode - 0 PlexRipper | -- ErrorMessage - The SSL connection could not be established, see inner exception.
I am not yet sure what the “inner exception” is, or where to find it.
I just saw your followup email that you have fixed it in a future release, though. I’ll try poking around in the database as well until the new release comes out. Thanks!
-- Scott Garrett @.*** https://www.technomancer.com
"Thought is the brain's orgasm. Those who CAN experience it, enjoy it to the fullest. Others have to fake it."
On Nov 12, 2023, at 05:39, Jason Landbridge @.***> wrote:
Hey, can you try setting the preferred connection like this:
https://user-images.githubusercontent.com/15127381/282292883-52ed70df-2240-42a0-845c-14e04aad061e.png Open the server settings by cliking on the gear icon Go to Server Connections Select the https connection Would this work?
— Reply to this email directly, view it on GitHub https://github.com/PlexRipper/PlexRipper/issues/272#issuecomment-1807087071, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3FBLC2TXSF2O2ABPWD7HTYECRM5AVCNFSM6AAAAAA7D7VUUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBXGA4DOMBXGE. You are receiving this because you authored the thread.
Can you try this url in your browser and see if the https connection shows up on the page?
https://plex.tv/api/v2/resources?X-Plex-Token={{PLEX_AUTH_TOKEN}}&X-Plex-Client-Identifier=Chrome
Make sure to replace the PLEX_AUTH_TOKEN with your token Plex account token
A quick Google search on "ErrorMessage - The SSL connection could not be established, see inner exception." shows that the server certificate might be invalid:
https://stackoverflow.com/questions/52939211/the-ssl-connection-could-not-be-established
One of the answers talks about disabling the check but that might be a security issue, but that might not matter for PlexRipper. I will need to investigate a bit more.
Maybe this could help. Usually when I'm working with http requests (curl, guzzle) and I stumble upon an endpoint with an invalid certificate, such thing can be ignored by setting a parameter before you send out your request. Something like allow_insecure->true.
Good chance your http client library or whatever you use raises an exception upon an invalid certificate, which is good but I think many self hosted plex libraries may have improper certificates. So adding a setting to allow insecure requests would be logical, and allow it by default if env=dev?
If I remember correct a problem like this could also be identified by the response http status code or the type of exception so if we would have logs of that we could probably tell if it's a network thing or not. If you tell me where that code is defined and a link to the docs I could help check on that.
Yes, with curl it’s “-k”; I did use that in my testing. Plex is supposed to be assigning me a valid cert, but it has never worked the way it is supposed to, so I generally just ignore that.
In this case, however, I am at the mercy of whatever library plexripper uses, and it does not appear to be allowing self-signed certs, but I am only guessing there.
I’m doing a deeper dive into the cert chain in use here. Plex assigns one, and it looks like my router is injecting one into the middle for some reason I am still trying to understand.
If Plexripper could be configured to ignore the validity of certs and progress, that would, I would think, solve the connectivity, even if it lowers the security of the connections. Maybe make that an optional advanced setting.
I also noticed that in one of the recent updates they added fields in the plex admin page to put my own certificate. So I may attempt in a moment to get a Let’s Encrypt cert of my own on there.
-- Scott Garrett @.***
*** Democracy is two wolves and a lamb voting on what to have for lunch.
*** Liberty is a well-armed lamb contesting the vote.
On Nov 12, 2023, at 17:31, Fabio Ros @.***> wrote:
Maybe this could help. Usually when I'm working with http requests (curl, guzzle) and I stumble upon an endpoint with an invalid certificate, such thing can be ignored by setting a parameter before you send out your request. Something like allow_insecure->true.
Good chance your http client library or whatever you use raises an exception upon an invalid certificate, which is good but I think many self hosted plex libraries may have improper certificates. So adding a setting to allow insecure requests would be logical, and allow it by default if env=dev?
If I remember correct a problem like this could also be identified by the response http status code or the type of exception so if we would have logs of that we could probably tell if it's a network thing or not. If you tell me where that code is defined and a link to the docs I could help check on that.
— Reply to this email directly, view it on GitHub https://github.com/PlexRipper/PlexRipper/issues/272#issuecomment-1807263404, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3FBLBKPGWM5CDJQX7VMALYEFE2RAVCNFSM6AAAAAA7D7VUUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBXGI3DGNBQGQ. You are receiving this because you authored the thread.
Well, I deep a quick dive into the docs of that seems to be our API client, and it does has the option to ignore insecure certificates.
on your case However, in your case, i think you could be dealing with something weird on your network. I have been experimenting a bit and I can't seem to trigger this issue. Maybe a private network like I use could be a workaround for you.
I raised the following feature request: #278 to allow for custom server URL's to be configured manually so that I could configure wrong SSL certs. It also is very usefull in a lot of other casees to set a custom url., hence the request.
What I found in docs
When doing a bit research I think I found how what change we should make to do this, maybe we could test it a bit on a different branch and see. But I'm not sure where exacty to implement this... (yet).
It seems to be possible to specify a RemoteCertificateValidationCallback while instantiating RestClient in it's constructor. This callback would be like below to allow sslPolicyErrors.
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) => true;
Here are the docs: https://restsharp.dev/usage.html#simple-factory
So If you wanted to test it quickly you'd override client somewhere near here?
But I'd have to brush up on my C# first before doing things like this, I don't know how to properly implement this currently.