Using Immich from remote devices
I would like to port forward my Immich server so that I can access my photos and videos from my phone anywhere. Port forwarding is working for other apps such as ssh and Minecraft, but I am still unable to connect to Immich. I can connect fine from localhost or from other devices on my network, but not from remote devices (phone on cellular or laptop on hotspot). I am running Immich in docker on Arch Linux. Immich is also the only docker container I'm running at the moment.
19 Replies
:wave: Hey @jakesto,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :blue_square: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.
Successfully submitted, a tag has been added to inform contributors. :white_check_mark:Hi @jakesto what type of errors are you facing? How did you configure port forwarding in your router? What is the exact url you are trying to use
I am trying to host from my IP address. I forwarded port 2283 tcp/udp on my router. When I try to connect from a remote device, the website loads and loads and eventually times out. I can use tcpdump to monitor port 2283, and when I try to connect from a remote device, I can see activity on the port, but the device is never connected to the server. In contrast, when connecting from a devince on the local network, the server is up and running just fine.
don't do that. install a reverse proxy and forward only port 443.
https://docs.immich.app/administration/reverse-proxy/
As the doc doesn't explain much on why a user should do that: Immich server uses plain HTTP which has severe security flaws (publicly readable communication, vulnerable to tampering and more, etc.) which is perfectly fine in your local network (as long as all devices are trustworthy) but is an invitation to hackers if used across the web. A frequent setup, rather than secure such a server, is to "hide" the server behind a reverse proxy which will handle the security. It's another server that acts as a bridge between the internet and Immich: internet <=HTTPS=> proxy <=HTTP=> Immich.
That's great! I'll work on doing that. In the mean time, is there a reason I can't see the http server from remote devices? This worked on a different Arch distro, but does not work on my current one.
There is no Immich reason, it's something on your network
I am really struggling to set up a reverse proxy. I've tried apache and nginx so far, but the Immich docs seem to assume you already know how to use a reverse proxy.
yep because it's not the immich job to provide reverse proxy. Anyway it could nice to have a few words about that in doc for the beginners.
Personnaly I use traefik, which has been "pretty" simple to setup following some docs, blog or tutorial :)
NPM or caddy is super easy too
We leave things out deliberately to first and foremost not bloat the docs, and second because Immich is not a beginner project
caddy is the easiest to implement, literally just 3 lines
NPM is no lines and some GUI checkboxes 😏
My biggest confusion with NPM has been what public and private addresses to use
I'm not sure where the confusion is there
Do I need a domain, or can I use my IP? For the local address, do I use the IP or immich-web?
if you plan to expose your instance to internet, yes you need a domain.
on your private network, the internal IP is enough
You can use a dynamic domain, checkout https://www.noip.com/
No-IP | Smarter DNS Starts Here
No-IP is a Free Dynamic DNS and Managed DNS provider with 100% uptime. Get free DDNS, plus domain registration and SSL certificates, for home and business
Your public IP is most certainly not static, your ISP changes it every few days or weeks. Noip will solve that issue and you won't need to buy a domain either.
I wouldn't be surprised if something blocks HTTP. Some browsers, routers or other clients will refuse HTTP over the internet.
If you still have issues with the reverse proxy, we can schedule a call and I'll help you set up ddns, certbot and nginx, I did it many times.