reverse proxy
Hi, can someone please confirm that in order to use my own reverse proxy (and not use
immich-proxy) that I should forward web requests to immich-web:3000 and /api requests to immich-server:3001?143 Replies
Yup
weird, I can see the web page but I can't log in
let me upload configs
GitHub
immich/nginx.conf at main Ā· immich-app/immich
Self-hosted photo and video backup solution directly from your mobile phone. - immich/nginx.conf at main Ā· immich-app/immich
yup I have that
I'm using
docker-swag (so nginx)from my reverse proxy container, I can ping both
immich-server and immich-web
in my error.log:
does that mean anything to you? I think there's a misconfiguration issue on my end related to a ://: or somethingSo you're not using bridge mode?
er wait yes I am
Looks like you should replace the $upstream_app with the actual service or container name
set $upstream_app immich-web;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
it's set
immich-web is docker DNS resolution
Oh right. I didn't expect the variables lol
is it because I didn't set
IMMICH_WEB_URL and IMMICH_SERVER_URL? I didn't set these prior to using my own reverse proxy and it worked fine on :2283
it's the docker-swag conventions/patterns
š
This is an advanced feature for users who may be running their immich services on different hosts.nevermind shouldn't have to, running on same host
I think you need to set those extra env to you your own proxy
Well, the default is the service name and port
Can you reach the immich server from the web container using immich-server:3000?
1 sec checking
That error.log looks like a problem from the web container not having the immich server url set
this should be immich-server:3001, right?
web is 3000
Yeah, I think you're right I'm afk š
ok so I can ping and wget immich-server from immich-web
let me try the reverse
GitHub
immich/api.ts at main Ā· immich-app/immich
Self-hosted photo and video backup solution directly from your mobile phone. - immich/api.ts at main Ā· immich-app/immich
works
you know what, I'll try setting the public url manually just to see what happens
Do you use $ in the variable name when you set it?
I think networking is not a problem, and the default hosts should work. I'd guess the config file isn't setting the proxy correctly, since it looks like that is what the error is.
it's probably repeating
://: somewhere or something
I bet
I just can't figure out whereCan you use the same variables in both sections with different values?
sorry - what am I trying?
For a test can you just replace proxy pass in your conf with http://immich-server:3001?
yes hold on
oh
is it the trailing
/
LOL
hold onI don't think so...
://: is what the proxy pass works be if the variables were empty
oh my god it is
it's the trailing
/........ Really? Lol
I will document this
You kept the variables and added a slash?
no I added a slash and removed variables
I will try again adding variables back
please hold
I'm still guessing some problem with variable substitution originally
trying to figure out why
https://github.com/linuxserver/reverse-proxy-confs/blob/master/jellyfin.subdomain.conf.sample works fine
GitHub
reverse-proxy-confs/jellyfin.subdomain.conf.sample at master Ā· linu...
These confs are pulled into our SWAG image: https://github.com/linuxserver/docker-swag - reverse-proxy-confs/jellyfin.subdomain.conf.sample at master Ā· linuxserver/reverse-proxy-confs
ok with or without trailing
/ works
so that's not itThe jellyfin example uses the same values for both sections?
yeah I think it's the way the websockets work for jellyfin
there's other examples too in that directory
vaultwarden is similar
It's not because there is a dash in the service name is there?
It works for the web proxy pass though, right?
You didn't copy paste some weird non ASCII character or anything did you?
I can browse to
:2283 if that's what you mean and it works just fineThe issue is the proxy pass directive not working for immich-server, right?
right
But the same directive works for immich-web?
yes lol
weird
Super weird.
You get the error ://: when you tried it again?
yeah let me try copy pasting from a known working config (again)
You know maybe server is a reserved keyword
o_o
I'm just guessing cause it seems really weird lol
Can you validate the config?
It's still using Nginx, so you should be able to run nginx -t on the file
I'm actually triggered
maybe it's a weird ascii thing
Now it works?
because now it's working on the variables
fuck me I'll test again
Boooooo lol
ooo
Did you copy paste some stuff in originally?
something broke
no it's not weird ascii character
it might actually be reserved word
Object { message: "Request failed with status code 500", name: "AxiosError", code: "ERR_BAD_RESPONSE", config: {ā¦}, request: XMLHttpRequest, response: {ā¦}, stack: "" }
response: Object { data: "<html>\r\n<head><title>500 Internal Server Error</title></head>\r\n<body>\r\n<center><h1>500 Internal Server Error</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n", status: 500, statusText: "Internal Server Error", ā¦ }
I think it was cus I was already logged in so it looked like it was working
ok I'll change the docker container names to see if that changes anything lmao
Wait
That's a different error
Which is good at least.
that makes no sense though
proxy_pass http://immich-server:3001;
if this works
but variable substitution doesn't
both are called -server
maybe it's because one's in a url, other's a variable? I don't know
True, I'm not sure.
I know vs code marks weird characters in yellow
I have variable substitution working on immich-web but not immich-api
they're literally the same just replaced -web with -api
and I changed it to -api instead of -server in case reserved word
but I don't think it's a reserved word issue because -api doesn't work either with variable substitution
something funky is going on
proxy_pass http://immich-api:3001; works
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # immich-api doesn't work
but proxy_pass $upstream_proto://$upstream_app:$upstream_port; # immich-web worksCan you switch -web to -server?
Just to verify variable substitution with -server should work at all, since we know that proxy pass is otherwise fine
so you want me to change docker service name from -web to -server right?
I can try
No
The variable substitution is working for immich web
Can you change app name in that location block from immich-web to immich-server?
oh
let's see
idk how to verify if working or not though
If you change the port to 3001
You should be able to browse the url and get a 404 JSON response
oh I see what you mean hold on
Or I think there is a url /server-info
502 Bad Gateway
same thing at /server-info
Error log?
of immich or nginx
This implies conf is bad
Nginx
Looks like variable substitution worked though
That's the right IP and port?
I mean, if you just want it to work you could forgo the variables and you're good to go. Otherwise I'd maybe just start with a fresh config and manually type the changes and try again
hmm
weird
the IPs are different
maybe it's due to docker networking
Yeah each container has their own private IP on the network subnet
oh
it works
like :3000 loads index.html
3001 conn refused
ok I give up I'm just going to hardcode it for now
I copy pasted it and tried again but that didn't fix it either
something funky is going on
I'm just going to document a working config for everyone else in case
What an adventure lol
lol
I was like I swear I'm not fucking this up
Lol
I've set up so many apps with nginx before
at least 10 or 20
"it shouldn't be this hard"
lmao
I just wanted to migrate the mom off of google photos š¢
Yeaaaaaah
cus I have it set up on LAN right now and it works for my phone(s)
Only on local network?
gotta run that gphotos migration script too to get the json out
yeah was just testing it
Which script?
then I saw the share link PR and was like, it's ready for primetime even though docs say "lol don't prod use"
the metadata migration one, let me fetch link
GitHub
GitHub - mattwilson1024/google-photos-exif: A tool to populate miss...
A tool to populate missing
DateTimeOriginal EXIF metadata in Google Photos takeout, using Google's JSON metadata. - GitHub - mattwilson1024/google-photos-exif: A tool to populate missing ...or just something like https://legault.me/post/correctly-migrate-away-from-google-photos-to-icloud
How To Correctly Export And Migrate Away From Google Photos ā Web
Downloading your pictures from Google Photos via Takeout Export messes up the EXIF data of images. If re-importing elsewhere, like in Apple Photos' iCloud, it's important to fix that data in order to have a successful import that stays in chronological order and with the correct GPS coordinates.
Ah, nice.
You going to use the cli to import to immich?
yes
working docker-swag config
GitHub
docker-swag config (tested + working) Ā· Discussion #1275 Ā· immich-a...
working as of 2023-01-08 in docker-swag/config/nginx/proxy-confs/immich.subdomain.conf: server { listen 443 ssl; listen [::]:443 ssl; server_name immich.*; include /config/nginx/ssl.conf; client_ma...
Sweet thanks
I have a suspicion it's because I have to use different variable names
but I will revisit this later after I upgrade my immich version
You mean container names?
no I mean nginx variable substitution names
like I can't name both the same variable in the same file maybe
I'll give it a try after I migrate everything over
Oh maybe.
still in the process of dealing with takeout files
migrating 3 people over, doing the remote 2FA crap
Oh dang lol
one person has 100GB in gphotos and like 1TB (some of which are duplicated)
other person has 25GB
GitHub
GitHub - qarmin/czkawka: Multi functional app to find duplicates, e...
Multi functional app to find duplicates, empty folders, similar images etc. - GitHub - qarmin/czkawka: Multi functional app to find duplicates, empty folders, similar images etc.
probably 700GB-ish unique content for person1 and actually 25GB for person2
then there's me with like 15GB lol
it's funny cus the guy self-hosting this isn't the guy with the most photos/videos
Lol 15GB
The guy self hosting is the guy most pissed about paying $5/month for extra storage space lol.
lmao exactly
Hi @Snuupy, hope you are doing well. I am trying to configure Immich with swag and running into trouble, no matter how I keep trying to tweak things. Would you be able to post your final working reverse proxy config please? Is it what you posted in https://github.com/immich-app/immich/discussions/1275 or have you made any tweaks/improvements since then? Thanks in advance for your help.
I don't believe I've changed anything since then, but here it is again:
@Jelq ^
it works for me, if you want we can do a screenshare and I can take a look as to why it's not working for you
Thank you very much. Let's try to troubleshoot a bit more, I bet I am just missing something very simple:
- Your DNS has a cname for "immich" and this setup means Immich should be accessible through immich.mydomain.com (not immich-web.mydomain.com or other subdomain), right?
- Which ports are exposed in which apps in your docker compose? Maybe it would be easiest if you could share your compose actually.
- Could you please share your .env file as well?
I bet you haven't connected the external swag network to your immich compose file
through docker DNS the immich container is accessible to other containers by literally
immich
not immich.domain.tld, just simply, immich
yeah let me redact some API keys and such and I can post it
actually with this setup I don't even expose any ports
it's best practice not to
because everything is handled using docker networking and docker DNS the ONLY ports I expose is 2283 on immich-proxy and docker-swag's 80/443You are absolutely correct, I need to do this. I am wondering if there is a benefit in maintaining the two separate compose files? All my other apps I am hosting and reverse proxying are in a single compose
immich doesn't like it when I don't expose immich-proxy
cus some internal stuff uses it I think lolol
and sometimes the API uploading in mass quantities breaks swag for some reason? probably hitting some limit
for caching or otherwise
but when I do big (like 500GB+) imports I use the 2283 port on immich-proxy instead of docker-swag
docker-swag keeps closing my connections
but otherwise for regular uploads it's fine
I don't know why that happens and it doesn't happen often enough for me to actually fix it
you can do includes now with compose (but I haven't done that yet)
Yes, I mean for accessing through the web once it is correctly reverse proxied
yes once it is correctly reverse proxied I have my DNS hosted at digitalocean but you can host DNS anywhere
I still have a folder structure where for each app I have its own docker-compose file
except for the *arr/jellyfin where I shoved it all into a single compose because they were all related
it becomes tedious to scroll through 500 lines to upgrade <something>
docker-compose.yml:That is true. I am still new to self hosting and docker. Right now it is all in one compose, but over time maybe I will migrate to multiple files if that feels like it will be easier to maintain
.envhopefully I removed all my keys
I am sure you did, and anyway I have no interest in your keys, I cannot even get my keys to work yet š
š
Thanks so much man, let me go through and try to emulate your setup and let's see if I can get it working now
the github releases have a more updated version of compose and .env
you should be basing it off of that
and my typesense is self-compiled due to no-avx
so the changes I've made correspond there as well
Yeah I won't copy/paste, just going to cross check and hopefully I can figure out what I am missing
in your compose do you have:
and under each container that you want to be reverse proxied do you have:
no problem, if you can't figure it out after another 20 mins or whatever feel free to ping/screenshare, maybe I can spot something that's off and save you a bit of time
Thank you very much. I need to head into work right now, but I will try later this evening and report back one way or the other
have fun! š
Hey @Snuupy, ended up quite busy yesterday and just getting to this now. How do I make the swag network available to containers outside that compose (Immich, in this case)? When I try to start the Immich compose, I get
network swag declared as external, but could not be found.
Also, you have the following lines commented out in your .env:
# IMMICH_WEB_URL=http://immich-web:3000
# IMMICH_SERVER_URL=http://immich-server:3001
# IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003
# IMMICH_MACHINE_LEARNING_URL=false
When I run the compose with those commented out, I get: WARN[0000] The "IMMICH_SERVER_URL" variable is not set. Defaulting to a blank string.
Is that expected behavior?
Yeah, I cannot access http://localhost:2283 with those lines commented out. Uncomment them and I can connect without issueI think so
Thanks. How about this? Could you share your swag setup please?
huh? I did
^
@Jelq
why don't we get on a screenshare
you can show me your screen and I can take a look as to why things don't work
š
I mean the swag docker compose, so I can see how to avoid this error I am getting:
network swag declared as external, but could not be foundohhh
yes that would be important
@Jelq
@Snuupy, I got it all working! Thank you my friend!
glad to hear it! what's your hardware config like?
Recently built a server - i5 12600K, 32 GB RAM, nothing fancy
what form factor?
Like the case?
yeah mobo size
I want to chip in, as I struggled with the same issue. Hope it will help somebody
apparently all the set directives for those variables must be set before the rewrite for /api
Just to let you both (and others) know, I did get everything working fine with Snuupy's help. But then before I got too deep into configuring things, I opted to change to the all-in-one Immich container: https://github.com/imagegenius/docker-immich/ which made the reverse proxy with swag much simpler, the default template worked perfectly without any modifications needed.