Trouble setting up immich behind nginx-proxy
Hi, I am trying to add immich as a service to my server. All my services (like nextcloud) are docker-based and use the reverse proxy from here: https://github.com/nginx-proxy/nginx-proxy and I use the letsencrypt docker from here: https://github.com/nginxproxy/acme-companion.
I followed the guide and my docker-compose is pretty much the same as the one from the example except that I addes some networks (one local and one for nginx). I tried to follow the procedure to add new services as close as I did for other services. Meaning, I add subdomains to the env files and add services to the reverse proxy network. My docker-compose and env files are attached.
However when I try to go to my https://subdomain.my_domain.com that I set in the env file, all I get is a:
I get that the docs say to access the website via http and specific port, but the way I understand the reverse proxy is that it forwards requests to the specified subdomain (I specified in the .env file) via https and 443 to the port that the service is internally running on.
Any help would be much appreciated!
GitHub
GitHub - nginx-proxy/nginx-proxy: Automated nginx proxy for Docker ...
Automated nginx proxy for Docker containers using docker-gen - GitHub - nginx-proxy/nginx-proxy: Automated nginx proxy for Docker containers using docker-gen
30 Replies
You only need to reverse proxy back to the vm ip where you host Immich at port 2283
You can leave the most of the .env stuff as default
you don't have to change the IMMICH_SERVER_URL at all
These won't do anything with the Immich server
So from the default .env.example file
just change the DB_PASSWORD. point the UPLOAD_LOCATION to
/home/user/photos, and finally changeing the JWT_SECRET
You can leave the rest as default
IMMICH_SERVER_URL is for the scenario where you don't use DockerOh okay, hm I tried without that before but never withour the VIRTUAL_HOST stuff, will try right away
Reverse proxy in on your end, anything that is not in the
.env.example is not recognized, therefore won't do anythingWait but if I don't set the virtual_host, how would my reverse proxy know what subdomain redirects to this service?
So think of immich is a service that is run on port 2283 at the vm ip addresss
so from your reverse proxy just redirect the dns back to immich-server-vm-ip:2283
The proxy container you see in the docker-compose file serves the purpose of intenral docker container communication
it doesn't related to the reverse proxy you are using to reverse proxy a domain name to the VM/machine that runs Immich
what you need to understand is that "Immich is a service that run on the server IP at port 2283"
yeah usually this "just works" with whatever port the service is running on. I jus set the virtual host for the service and the reverse proxy proxies. But there is also a VIRTUAL_PORT env var which I will try.
so from any reverse proxy engine of your choice, just point that dns back to the vm IP at port 2283
Okay! I guess I need to ask in the reverse proxy people how I better configure nginx to make it work with immich.
I use Caddy so I don't have the Nginx reverse proxy config file for Immich
but the jist of it is to point what ever domain nameyou have back to "immichserverip:2283"
I hope that helps
Okay thank you so much!
Here is my reverse proxy for Caddy š
yeah I use nginx proxy manager, and as @Alex Tran already stated, I didn't have to change anything in the .env file besides the usual (upload location, secret). Then I just pointed my nginx subdomain to localipaddress:2283 and it worked
simple like so
Yeah in the nginx docker I use port and subdomain are defined like I do it above in my env file. https://github.com/nginx-proxy/nginx-proxy#virtual-ports
GitHub
GitHub - nginx-proxy/nginx-proxy: Automated nginx proxy for Docker ...
Automated nginx proxy for Docker containers using docker-gen - GitHub - nginx-proxy/nginx-proxy: Automated nginx proxy for Docker containers using docker-gen
But I prob misconfigured something else š
Ah prob because the immich proxy does not make use of the env file at all
it does but only apply to what we specified, not what nginx-proxy specify
have you always use nginx-proxy?
maybe try Caddy for simplicity sake?
I haven't use Nginx as a container, so my knowledge is quite limited there
Hm yeah I have used nginx for a bunch of services, nextcloud, firefly, etherpad, onlyoffice, photoprism. Was never an issue. I don't want to tinker too much with the whole system.
(But will look into caddy for sure at some point)
What is the configuration file of Nginx that you have for Immich?
I have none. It is automatic. The only requirement is to start the docker service with a environment variable with the subdomain.
hmm
Hey no worries! It is my weird config, no need for you guys to waste your time on! I will either figure it out or move on š I really appreciate the time you put into this project!
sorry Raph, I've never dealt with this configuration namely
nginx-proxy container
So I am not sure what is the catch hereNo worries! Thank you for your time!
Oh man I'm so stupid, found the error. I have an external network where all services are in it that need to be rerouted by the reverse proxy. And then I usually have an internal network. My mistake was that I only gave the immich-server access to the external network because I initially thought that is the first responder for requests when in reality all I had to do was give the immich-proxy acces to that external network. Now it works
Nice
I am glad you figure it out
the hard thing about self-hosting is each person has their own setup
š
Yeah! I can only imagine which other edge cases come in every week.
Sounds like we can update the documentation to make it clearer that immich only exposes a single port (2283) on a single container (immich-proxy) and that any network related configurations should be applied to that ip/service/port.
Good idea, I originally thinking of making a reverse proxy section
but after so many different use-cases, your idea is more applicable
We could still do that with some basic examples, but include a big banner somewhere with that info lol