Immich app behind reverse proxy + authentik
I am setting up Immich, using nginx reverse proxy with authentik.
Setup was a breeze, I can now access immich on my https://immich.mydomain.tld on web, upload works, websocket works, works from mobile browser, all happy.
But when I download Immich app, it say "Server not reachable", I pressume because Authentik jumps in and wants this device+app combo to authenticate.
Whats the way to get the app working?
9 Replies
:wave: Hey @Whoat,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.
Successfully submitted, a tag has been added to inform contributors. :white_check_mark:btw, I am not talking about oauth or similar, just basic connecting to server.
The whole immich. domain is protected by authentik.
I found similar issue here: https://github.com/immich-app/immich/discussions/3118
Hi we don’t support this in the app. Only OIDC
@Zeus If I understand correctly, this still requires me to expose my Immich instance to the internet? What I like about Authentik is that its the main gate, and until user auths there, everything else is invisible. I dont mind user having to log in twice or anything, but I just dont trust exposing Immich to the internet
Yes. We don’t support double login or anything like that in the mobile app
You could maybe use the proxy headers to do some kind of workaround but there’s no documented/supported way
And App is necessary for automatic gallery upload to the immich, right?
So unless I let immich face the unfiltered net, I cant use it to automatically backup my photos from phone?
or you can use a VPN or upload while you’re at home
But yes if you want WAN upload without a VPN then you have to expose it
Extremely unfortunate, especially because web version already works totally fine with it. Thanks for quick and informative response tho, have a great day
This thread has been closed. To re-open, use the button below.