I
Immich5w ago
Pikzigmar

httpd reverse proxy not making Websocket connection (I think)

I have been trying to set up Immich behind httpd reverse proxy as per the https://immich.app/docs/administration/reverse-proxy and https://www.reddit.com/r/immich/comments/1b0cgbq/apache_reverse_proxy_config_websockets_not_working/. My current config for httpd is: 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName <DOMAIN>
    ServerAdmin <EMAIL>

    ErrorLog logs/immich-error.log
    CustomLog logs/immich-access.log combined


    RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) ws://<IP>:2283/$1 [P,L]


    RequestHeader set "X-Forwarded-Proto" "https"

    ProxyPass        /api/socket.io ws://<IP>:2283/api/socket.io
    ProxyPassReverse /api/socket.io ws://<IP>:2283/api/socket.io

    ProxyPreserveHost On
    ProxyPass /.well-known !
    ProxyPass / http://<IP>:2283/
    ProxyPassReverse / http://<IP>:2283/

</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName <DOMAIN>
    ServerAdmin <EMAIL>

    ErrorLog logs/immich-error.log
    CustomLog logs/immich-access.log combined


    RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) ws://<IP>:2283/$1 [P,L]


    RequestHeader set "X-Forwarded-Proto" "https"

    ProxyPass        /api/socket.io ws://<IP>:2283/api/socket.io
    ProxyPassReverse /api/socket.io ws://<IP>:2283/api/socket.io

    ProxyPreserveHost On
    ProxyPass /.well-known !
    ProxyPass / http://<IP>:2283/
    ProxyPassReverse / http://<IP>:2283/

</VirtualHost>
</IfModule>
I can connect to <DOMAIN> and enter login info but the login is not working. I I enter wrong password I get the apporpriate error: HTTPD LOG: [08/May/2025:17:14:39 +0200] "POST /api/auth/login HTTP/1.1" 401 108 DOCKER LOG: [Nest] 17 - 05/08/2025, 2:58:07 PM WARN [Api:AuthService~q10yo8ts] Failed login attempt for user <EMAIL> from ip address <PUBLIC_IP> Using correct password: HTTPD LOG: [08/May/2025:17:15:05 +0200] "POST /api/auth/login HTTP/1.1" 201 226 There is no docker log. Using local IP to login gives this docker log: [Nest] 17 - 05/08/2025, 2:59:29 PM LOG [Api:EventRepository] Websocket Connect: m6ntjUZF-s_PCA92AAAD I am now lost and do not know how to fix the websocket connection. Is apache2/httpd unsupported?
13 Replies
Immich
Immich5w ago
:wave: Hey @Pikzigmar, Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:. References - Container Logs: docker compose logs docs - Container Status: docker ps -a docs - Reverse Proxy: https://immich.app/docs/administration/reverse-proxy - Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA Checklist I have... 1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time). 2. :ballot_box_with_check: read applicable release notes. 3. :ballot_box_with_check: reviewed the FAQs for known issues. 4. :ballot_box_with_check: reviewed Github for known issues. 5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy). 6. :ballot_box_with_check: uploaded the relevant information (see below). 7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable (an item can be marked as "complete" by reacting with the appropriate number) Information In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider: - Your docker-compose.yml and .env files. - Logs from all the containers and their status (see above). - All the troubleshooting steps you've tried so far. - Any recent changes you've made to Immich or your system. - Details about your system (both software/OS and hardware). - Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h). - The version of the Immich server, mobile app, and other relevant pieces. - Any other information that you think might be relevant. Please paste files and logs with proper code formatting, and especially avoid blurry screenshots. Without the right information we can't work out what the problem is. Help us help you ;) If this ticket can be closed you can use the /close command, and re-open it later if needed.
Pikzigmar
PikzigmarOP5w ago
.env: 
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

# The location where your uploaded files are stored
UPLOAD_LOCATION=./library

# The location where your database files are stored. Network shares are not supported for the database
DB_DATA_LOCATION=./postgres

# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC

# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=v1.132.3
#IMMICH_VERSION=release


# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=<REDACTED>

IMMICH_WEB_URL=https://immich.abadon.xyz


# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

# The location where your uploaded files are stored
UPLOAD_LOCATION=./library

# The location where your database files are stored. Network shares are not supported for the database
DB_DATA_LOCATION=./postgres

# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC

# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=v1.132.3
#IMMICH_VERSION=release


# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=<REDACTED>

IMMICH_WEB_URL=https://immich.abadon.xyz


# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
Zeus
Zeus5w ago
Lots of proxy’s like Apache work fine with immich. I’m not sure what’s wrong with your setup it looks really complex
Immich
Immich5w ago
Zeus
Zeus5w ago
Otherwise you could ask in #off-topic or #Exposing Immich to the internet , since this isn’t an Immich issue
Pikzigmar
PikzigmarOP5w ago
Hello, thank you for the response. I did try using the example config but it did not work. Searching for help online found that complex config on reddit. How I used the example config: 
<VirtualHost *:443>
    ServerName <DOMAIN
        ServerAdmin <EMAIL>

        ErrorLog logs/immich-error.log
        CustomLog logs/immich-access.log combined

   ProxyRequests Off
   # set timeout in seconds
   ProxyPass / http://<IP>:2283/ timeout=600 upgrade=websocket
   ProxyPassReverse / http://<IP>:2283/
   ProxyPreserveHost On

</VirtualHost>
<VirtualHost *:443>
    ServerName <DOMAIN
        ServerAdmin <EMAIL>

        ErrorLog logs/immich-error.log
        CustomLog logs/immich-access.log combined

   ProxyRequests Off
   # set timeout in seconds
   ProxyPass / http://<IP>:2283/ timeout=600 upgrade=websocket
   ProxyPassReverse / http://<IP>:2283/
   ProxyPreserveHost On

</VirtualHost>
The end result is the same. Ill try asking on the channels you mentioned. thank you
Mraedis
Mraedis5w ago
Where are you getting your ssl cert @Pikzigmar
Pikzigmar
PikzigmarOP5w ago
Ssl cert config is outside for whole httpd (all hosts). It is its own conf file All vhosts use the same cert
Mraedis
Mraedis5w ago
Are you serving the full cert?
Pikzigmar
PikzigmarOP5w ago
I think so. Its generated by certbot Yes, its the whole chain
Pikzigmar
PikzigmarOP5w ago
No description
NoMachine
NoMachine5w ago
are you using Apache as reverse proxy for anything else? did you load the proxy modules required by apache?
Pikzigmar
PikzigmarOP4w ago
I am using this apache instance for many reverse proxies. they seem to work fine. modules should be loaded
No description
No description
No description

Did you find this page helpful?