Having trouble getting reverse proxy working
TLDR: using nginx reverse proxy everything works except mobile app access.
I have immich running through docker-compose. I added an nginx container to the immich docker compose yaml. I tried a few different settings with the nginx config in that container, but can't seem to get anything working (completely).
My nginx.conf it posted below. I can access immich through a browser both at: localhost:2283 and https://immich.domain.com I can connect with the mobile app using localhost:2283/api, but whenever I try to use the https://immich.domain.com/api I get an error, ''Error logging you in, check server URL, email and password" I am pretty sure nginx is proxying the api correct, because I can go to "https://immich.domain.com/api/server-info/ping" and I see the correct response. I had to remove a few lines from nginx the post was too long. ``` worker_processes 1; pid /tmp/nginx.pid; events { worker_connections 1024; } http {
sendfile on;
large_client_header_buffers 4 32k;
server {
listen 443 ssl;
server_name immich.;
ssl_certificate /nginx/site.crt;
ssl_certificate_key /nginx/site.dec.key;
proxy_http_version 1.1;
location / {
proxy_pass http://immich-web:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive; }
location /api {
proxy_pass http://immich-server:3001/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
rewrite /api/(.*) /$1 break;
}
} } ```
My nginx.conf it posted below. I can access immich through a browser both at: localhost:2283 and https://immich.domain.com I can connect with the mobile app using localhost:2283/api, but whenever I try to use the https://immich.domain.com/api I get an error, ''Error logging you in, check server URL, email and password" I am pretty sure nginx is proxying the api correct, because I can go to "https://immich.domain.com/api/server-info/ping" and I see the correct response. I had to remove a few lines from nginx the post was too long. ``` worker_processes 1; pid /tmp/nginx.pid; events { worker_connections 1024; } http {
sendfile on;
large_client_header_buffers 4 32k;
server {
listen 443 ssl;
server_name immich.;
ssl_certificate /nginx/site.crt;
ssl_certificate_key /nginx/site.dec.key;
proxy_http_version 1.1;
location / {
proxy_pass http://immich-web:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive; }
location /api {
proxy_pass http://immich-server:3001/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
rewrite /api/(.*) /$1 break;
}
} } ```
9 Replies
Do you have a valid https certificate?
Its a self-signed one
I haven't had a chance to get a real one yet
A self signed one won't work
ok, good to know
Thanks, i'll try to get a real one tomorrow
Caddy works for me
nvm it is not self-signed
Caddy magically gets you let's encrypt certs if it's publicly reachable :D
Cool, I'll check that out. Thanks!
That or nginx proxy manager 😀
Yep turns out it was just the self signed cert. Good to know that the IOS app doesn't work with that.