https and reverse proxy internal or external
Got things working pretty good using
http://myhostname.ca:2283
However would really like to use https for a secure connection like your demo
Did some reading and seems that immich has its own nginx settings somewhere but i am new to docker so not sure where
Also i do have my own nginx server but could not get that going either, but that could be because of DNS or any number of things
ANYWAYS is immich setup to run on https out of the box? maybe just a different port # ? or can i set it up to run on https easily
12 Replies
You need a reverse proxy for this, and just proxy/point your dns to the internal IP address that you have Immich is running on
Yes I have a reverse proxy
Yeah you will have to use your reverse proxy to get the self-signed certificate for then just point the dns back to Immich instance, then it should be good to go
Maybe sharing your proxy configuration would help
##### immich.myhost.ca #####
server {
listen 10.22.0.128:80;
server_name immich.myhost.ca;
return 301 https://$host$request_uri;
}
server {
listen 10.22.0.128:443 ssl;
server_name immich.myhost.ca;
ssl_certificate /mnt/cpool/share/certificates/le-certs/myhost.ca.ca/fullchain.pem;
ssl_certificate_key /mnt/cpool/share/certificates/le-certs/myhost.ca/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/immich.myhost.ca-access.log;
location / {
proxy_pass http://10.22.0.122:2283/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
10.22.0.128 is proxy
10.22.0.122 is immich
I don't use Nginx but it looks ok to me
accessing from the DNS with https doesn't work?
It is a bit of a complicated setup but internally DNS is working however proxy is not
nslookup immich.myhost.ca
Server: pfs-1.myhost.ca
Address: 10.22.0.100
Name: immich.myhost.ca
Address: 10.22.0.122
from the outside DNS is still not working but that is my problem and for another day too
I would like to get the proxy part working 🙂
yeah this is out of Immich scope so you might have to find answer from Google
Is this your first time running a reverse proxy? I would recommend try Caddy for really simple configuration for HTTPS
Not first time and i already have a few sites up and running ... must just be some missing options ... I will look around a bit more hate/love to switch from ngnix as it is great but sometimes frustrating
also might look at caddy too
proxy_pass http://10.22.0.122:2283/:
just to be clear i should be setting proxy to port 2283 like above ? i seen some stuff on the web about port 3001 and some /api stuff ... but i think with the latest version 2283 and no /api would be correct ?
yeah you should be proxy to port 2283
the other ports are for internal proxying of immich-proxy container to communicate between the services
Ok thanks and i will report back if/when i find anything ... but would still appreciate any addition tips if you or anyone think of anything in the meantime
More information about replacing the default reverse proxy has been added to the docs recently: https://immich.app/docs/administration/reverse-proxy#replacing-the-default-reverse-proxy
It's port 2283 unless the immich container and your proxy server are in the same docker network, then you'd need to use the internal immich-proxy port (8080)