Immich•12mo ago

Why does IMMICH_HOST have no effect?

I want to bind Immich to 10.149.216.4, which is an IP of my WireGuard interface

wg0

wg0

wg0

wg0.

I have in my

.env

.env

(the second variable should be superluous, I know):

IMMICH_HOST=10.149.216.4
HOST=10.149.216.4

And I updated the image doing:

# docker compose up -d --force-recreate

However, Immich still listens on 0.0.0.0:

# netstat -tulpn | grep 2283
tcp 0 0 0.0.0.0:2283 0.0.0.0:* LISTEN 212763/docker-proxy
tcp6 0 0 :::2283 :::* LISTEN 212770/docker-proxy

(I'm a Docker n00b.)

Immich•1/5/25, 5:22 PM

:wave: Hey @feklee,

Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.

References

Container Logs:
```
docker compose logs
```
```
docker compose logs
```
docs
Container Status:
```
docker ps -a
```
```
docker ps -a
```
docs
Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA

Immich•1/5/25, 5:22 PM

Checklist

I have...

:blue_square: verified I'm on the latest release(note that mobile app releases may take some time).
:blue_square: read applicable release notes.
:blue_square: reviewed the FAQs for known issues.
:blue_square: reviewed Github for known issues.
:blue_square: tried accessing Immich via local ip (without a custom reverse proxy).
:blue_square: uploaded the relevant information (see below).
:blue_square: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable

(an item can be marked as "complete" by reacting with the appropriate number)

Information

In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:

Your docker-compose.yml and .env files.
Logs from all the containers and their status (see above).
All the troubleshooting steps you've tried so far.
Any recent changes you've made to Immich or your system.
Details about your system (both software/OS and hardware).
Details about your storage (filesystems, type of disks, output of commands like
```
fdisk -l
```
```
fdisk -l
```
and
```
df -h
```
```
df -h
```
).
The version of the Immich server, mobile app, and other relevant pieces.
Any other information that you think might be relevant.

Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)

If this ticket can be closed you can use the

/close

/close

command, and re-open it later if needed.

bo0tzz•1/5/25, 5:39 PM

This is because it's running inside of a container

bo0tzz•1/5/25, 5:39 PM

You probably want to use whatever invocation docker needs to bind to a particular interface, and keep the bind inside of the container at the default

fekleeOP•1/5/25, 6:59 PM

Thanks. Looks like it needs to be edited in the docker-compose.ymldocker-compose.yml: https://github.com/compose-spec/compose-spec/blob/main/spec.md#ports

fekleeOP•1/5/25, 7:07 PM

I now have in my docker-compose.ymldocker-compose.yml:

ports:
  - '10.149.216.4:2283:2283'

ports:
  - '10.149.216.4:2283:2283'

Indeed it is listening on that IP now:

# netstat -tulpn | grep 2283
tcp        0      0 10.149.216.4:2283       0.0.0.0:*               LISTEN      232300/docker-proxy

# netstat -tulpn | grep 2283
tcp        0      0 10.149.216.4:2283       0.0.0.0:*               LISTEN      232300/docker-proxy

However, I cannot connect to 10.149.216.4:228310.149.216.4:2283, neither locally on the server (lynxlynx) nor via a remote client. There is just no response.

Mraedis•1/5/25, 7:09 PM

Do you still have immich host etc defined in your env vars?

fekleeOP•1/5/25, 7:16 PM

I tried with and without IMMICH_HOSTIMMICH_HOST / HOSTHOST. Neither works.

Mraedis•1/5/25, 7:20 PM

That's what I mean, don't do that

Mraedis•1/5/25, 7:20 PM

You don't need those vars, they serve a different purpose

fekleeOP•1/5/25, 7:20 PM

Well, I tried with and without.

fekleeOP•1/5/25, 7:20 PM

But now it's without.

fekleeOP•1/5/25, 7:21 PM

And I can curl the homepage: curl 10.149.216.4:2283curl 10.149.216.4:2283

fekleeOP•1/5/25, 7:21 PM

However, in the browser nothing shows up. Weird.

Mraedis•1/5/25, 7:23 PM

tried private mode?

Ffeklee However, in the browser nothing shows up. Weird.

Zeus•1/5/25, 7:24 PM

Does the browser work with the old docker config?

fekleeOP•1/5/25, 7:34 PM

It worked the very first time I tried it on my server's main address. But I want to have it behind WireGuard.

fekleeOP•1/5/25, 7:36 PM

Now I can curl locally, but not remotely. For testing, I just moved the address to: http://10.149.216.3:2283/

So, locally, on the server, I can to: curl http://10.149.216.3:2283/curl http://10.149.216.3:2283/

However, from a remote client, connected via WireGuard, I cannot do that.

But I can see another service (not Immich) on the same IP, locally and remotely: http://10.149.216.3:8080/http://10.149.216.3:8080/

So WireGuard doesn't seem to be the issue. Must be something with Docker.

fekleeOP•1/5/25, 7:38 PM

It could be my nftables config, checking...

fekleeOP•1/5/25, 7:42 PM

It is nftables now. (but the initial problem was unrelated)

fekleeOP•1/5/25, 7:49 PM

Thanks for all the suggestions!

fekleeOP•1/6/25, 9:51 AM

As for nftables, I solved that too now. I had a chain forwardforward, which blocked connections into the Immich Docker container:

type filter hook forward priority filter
policy drop

type filter hook forward priority filter
policy drop

Allowing connections to all Docker bridges solved the issue, i.e. I added:

iifname br-* accept comment "allow from Docker bridges"

iifname br-* accept comment "allow from Docker bridges"

Anyhow, Immich is now scanning the photos on my disk, and I'm already blown away! Just bought a server license to support the project.

Mraedis•1/6/25, 9:58 AM

Thanks for posting your solution, I'm sure it will come in handy to someone.

Mraedis•1/6/25, 9:59 AM

Double thanks for the buy, I don't get paid from it but it keeps the project running.

Why does IMMICH_HOST have no effect?

References

Checklist

Information

Similar Threads

Similar Threads

References

Checklist

Information

Similar Threads