Add Plex v1.42.2

[BookJJun-IJ]

Add Plex v1.42.2 with NGINX Hash Lock authentication

Summary

Adds Plex Media Server with NGINX Hash Lock authentication layer for secure access. Plex now requires Plex Pass subscription for personal media streaming, but still offers free ad-supported content.

Changes

• Authentication Layer: Integrated NGINX Hash Lock for hash-based authentication
• Backend Configuration: Plex server runs on port 32400, proxied through NGINX on port 80
• Critical Fix: Added web/index.html to ALLOWED_PATHS to prevent 403 errors
  • Without this path in allowed list, hash cookie authentication fails
  • Cannot use web/index.html?hash=$AUTH_HASH in index field as it breaks routing
  • Solution: Allow web/index.html without auth, main access still protected by hash
• Static Assets: Configured ALLOWED_EXTENSIONS for CSS, JS, images, and fonts
• Hardware Acceleration: Enabled /dev/dri device mapping for transcoding
• Media Volumes: Mapped standard Yundera media directories (Movies, TV Shows, Music, Downloads)
• Multi-language Support: Added comprehensive descriptions in English, Chinese, and Korean
• Tutorial Integration: Linked Yundera's Plex setup guide for claim token configuration

Technical Details

ALLOWED_PATHS: "web/index.html"  # Required for cookie-based authentication flow
ALLOWED_EXTENSIONS: "js,css,png,jpg,jpeg,gif,svg,ico,woff,woff2,ttf,eot"
BACKEND_PORT: "32400"  # Plex default port
LISTEN_PORT: "80"      # Clean subdomain routing

Why web/index.html in ALLOWED_PATHS?

Plex's authentication flow requires the initial HTML page to load without auth to establish the hash cookie session. The authentication then protects subsequent API calls and content access. Setting index: /web/index.html?hash=$AUTH_HASH breaks Plex's internal routing, so we allow the path and rely on hash parameter for authentication.

Testing Performed

• ✅ Fresh installation with claim token
• ✅ Media library scanning and playback
• ✅ Hardware transcoding with /dev/dri
• ✅ Hash authentication flow (Dashboard button → auto-login)
• ✅ Static assets loading (CSS, JS, images)
• ✅ Multi-device access (web, mobile app compatibility)
• ✅ Uninstall/reinstall data persistence
• ✅ NSL Router subdomain routing (https://plex-username.nsl.sh)

Checklist

• Specific version tag (no :latest)
• CPU shares set appropriately (nginxhashlock: 80, plex: not set - high resource)
• Proper volume mapping to /DATA paths
• NGINX Hash Lock integration tested
• Multi-language descriptions (en_us, zh_cn, ko_kr)
• Tutorial documentation provided
• Asset URLs point to main repository
• Hardware acceleration configured
• Works immediately after installation (with claim token)
• Data persistence tested (uninstall/reinstall)

Notes

• ⚠️ Users must obtain Plex claim token from https://www.plex.tv/claim/ for personal media streaming
• ⚠️ Plex Pass subscription now required for personal media (free tier limited to ad-supported content)
• 💡 Tutorial provided: https://www.yundera.com/blog/tutorial-1/how-to-setup-plex-17
• 🆓 Free alternative: Jellyfin (no subscription required)