Access immich outside local network?
Hi there, is there any guide on how to access immich when not in the home network? It works for my website on port 80, so I'm not super sure why it doesnt on port 2283 for immich. Any help appreciated!
34 Replies
Hi @Marvin Jérôme Stephan! Do you or are you using a reverse proxy to share Immich externally using your own subdomain?
I should probably set that up! Could you point me in the right direction on how to do that if I am already hosting a website on that IP?
There are quite a few proxy managers out there to choose from. I personally use a Nginx Proxy Manager because I haven’t put effort to make the switch to something else and the UI is easy to learn and use. Others might say Traefik— also a great option.
I’m going to assume you’re using Docker to run Immich? Check out this video tutorial that’ll show you how to set up Nginx Proxy Manager and share some of your containers with the world while simultaneously protecting with Cloudflare: https://youtu.be/fCJbw75DCZw
Synthetic Everything
YouTube
Install and Use NGINX Proxy Manager | Docker Series
Synthetic Everything demonstrates how to install and use NGINX Proxy Manager. NGINX Proxy Manager allows you to easily configure a reverse proxy and secure your website through SSL certificates provided by LetsEncrypt.
Documentation referenced: https://nginxproxymanager.com/guide/#quick-setup
Install Docker/Portainer: https://youtu.be/4y0ksWu4...
I will, thank you a lot! Do you know if there's an easier process if I am already hosting my website using nginx?
Sorry, I’m having trouble understanding. What do you mean you’re already hosting your website using Nginx?
Just want to make sure I direct you to the right next step
I’m not too familiar with Nginx configs myself, but I found a few examples that might help?
https://discord.com/channels/979116623879368755/1090700793855881298/1090704203757920346#
https://discord.com/channels/979116623879368755/994044917355663450/1090248211949682698
Discord
Discord - A New Way to Chat with Friends & Communities
Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.
I have an nginx service already running which makes my website available when I access my IP from outside my local network
As in html file in the /var/www directory so on and so forth
I think I'm getting you. So that's just your personal static website. If you'd like to start sharing docker containers externally, then a proxy manager will do the job for you, including your website.
Take a look at that video I sent. It should help you get the right idea and set you up for future apps outside your local network. If you need more help, just let me know!
Alternatively, you can keep your nginx and use it for both your other website and Immich.
Nginx would receive all external requests and either serve your website or provide a reverse proxy to Immich, based on request url (either domain, subdomain, or path)
Start here and let me know if you need help: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
NGINX Reverse Proxy
Configure NGINX as a reverse proxy for HTTP and other protocols, with support for modifying request headers and fine-tuned buffering of responses.
Alright, ill see how I can tell nginx to redirect port 2283 to immich!
And the location should be the docker container.. somehow I suppose?
location is the request location coming to nginx
E.g. mydomain.com/some/path/
So you tell nginx that if there is a request coming in to /some/path/ then it needs to proxy the request to Immich
Makes sense?
Hah that was the question i was about to ask, now im using cloudflare via web interface, but anyone was successful with Warp or other tunnel solution to be able backup photos remotely?
I don't use tunnel solution so I cannot help you with that. I use dynamic dns and port forwarding from router to computer.
Hello, best way to access home network is with a VPN.
you can set up wireguard or openvpn on your internet box or router (I have a pfsense at home for exemple)
or your can set up tailscale
I don't have an access to route so cloudflare is the best for me, but would like to route sometimes whole network from phone for example not only via website :/
My use case is different, as I would like to share albums and/or use share links with family members. For this, a VPN would overcomplicate things.
Hmm, I'm not super sure whether nginx still gets the domainname with the request right? As its not a DNS server
Of course it does
One nginx instance can serve many websites across many domains and subdomains
Right. Alright so that part confuses me a little bit then: I have cloudflare dns set up, such that www.jeromestephan.de gets redirected to my IP address; what does nginx receive then? And would I need to set up another dns entry for it to redirect photos.jeromestephan.de to my IP?
Sorry, I don't know if CloudFlare does any magic or not. But if it is a standard dns server then the dns request is redirected to your public IP address where you have your router. So on your router you need to set up port forwarding to your computer (e.g. port 80 for http)
Nginx always receives http or https requests. In the request header (coming from the visitors browser) there is the full request url including your domain name. In your nginx config you tell nginx what to do for certain requests
As nginx is a web server, it can serve websites directly
As nginx is also a reverse proxy, it can proxy the request to other servers/services
Yes, each subdomain needs to be configured separately in your dns as well as in nginx
That makes a lot of sense, thank you so much for explaining @Sherlock79 ! So I'd create one config file for my website (where the server name is jeromestephan.de) and one config file for photos where the server name is photos.jeromestephan.de?
Yes
I think you can have two server configurations in one file
Or you can also keep each server config in separate files
Try to find a good nginx tutorial and you will get to it in no time
Thanks a lot @Sherlock79 ! Works like a charm!
Awesome
I'm using tailscale vpn for this. Super simple for folks not already running or unfamiliar with nginx.
+1 for this, I am also using tailscale with my phone. Makes it easier as it works if you are at home or out & about
Using Tailscale too, I configured it to automatically turn on/off when leaving/coming back home. Works perfectly!
how you do that one @Taha ?
I use Tasker, I wrote a tutorial here: https://www.reddit.com/r/Tailscale/comments/141rkyy/tutorial_turn_taiscale_onoff_automatically_using/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button
reddit
r/Tailscale - [Tutorial] Turn Taiscale on/off automatically using T...
11 votes and 11 comments so far on Reddit
thats nearly more complicated than forwarding 2283 to the Pi's IP address hahah!
Apples and oranges, using a VPN is the safest way to access your homelab remotely tho