I can’t host PLEX in my DMZ because their app sucks on some clients, hiding or not allowing finding the server via IP so it does the local scan junk. It’s virtually bridged to 2 VLANs as a result. Also this would become a 10G upgrade for my router if I did this but different topic.
This means direct port forwarding is off the table. Is there a service I can use to act as a middleman (ideally hosted in my DMZ) to access the client, without directly exposing PLEX to the WAN but that also doesn’t involve directly exposing my media server full of “Linux ISOs” to a cloud?
Before you tell me to use Jellyfin I am holding off for more feature parity, but this is the eventual plan.
You can set up a free cloudflare tunnel on your DMZ, then expose the 32400 service vía an application in the zero trust dashboard. That would give you fine control about who can access your server (you can add security policies filtering by country, source ip, and other traffic selectors)
Cloudflare terms clearly state their tunnels are not for streaming media