A practical guide to routing Plex Media Server remote access through a Cloudflare Tunnel with post-quantum cryptography (PQC) enabled, running cloudflared in Docker on a Synology NAS. The setup eliminates the need for public inbound port forwarding while adding PQC on the tunnel leg between cloudflared and Cloudflare, with TLS 1.3 fallback for clients that don't yet support PQC. Key steps include moving DNS to Cloudflare nameservers, configuring cloudflared with the --post-quantum and --protocol quic flags, fixing an HTTPS origin issue with noTLSVerify, and updating Plex network settings to advertise the Cloudflare hostname. The author also honestly addresses the privacy tradeoff of having Cloudflare sit at the edge.
Sort: