dabernie Comments - Answer Overflow

dabernie

Posts Comments

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

Will do some trial and error tests with that tomorrow, thanks so far for all your help and pointers.

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)


cat ssl_options.conf 

listen *:443 ssl;
listen [2a03:cafe:cafe:cafe::cafe]:443 ssl;
http2 on;

# SSL options
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
ssl_session_tickets off;

# SSL Stapling
ssl_stapling on;
ssl_stapling_verify on;

# sts
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# old apache config:
# Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
# Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
add_header Set-Cookie "HttpOnly; Secure";

# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header Expect-CT "max-age=43200, enforce" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Robots-Tag "noindex,nofollow" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Content-Type-Options "nosniff" always;
#add_header Referrer-Policy "strict-origin" always;

# robots.txt
location /robots.txt {
        alias /var/www/default/robots.txt;
}

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

Just started a fresh nginx server config file from the template you shared. I only added the my ssl options, certificates and log directives. Unfortunately no change.


server {
    server_name xyz.pictures;

    # allow large file uploads
    client_max_body_size 50000M;

    # Set headers
    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # enable websockets: http://nginx.org/en/docs/http/websocket.html
    proxy_http_version 1.1;
    proxy_set_header   Upgrade    $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_redirect     off;

    # set timeout
    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    send_timeout       600s;

    location / {
        proxy_pass http://10.1.10.111:2283;
    }
    location = /.well-known/immich {
        proxy_pass http://10.1.10.111:2283;
    }
    include /etc/nginx/sites-available/ssl_options.conf;
    
    ssl_certificate /root/.acme.sh/xyz.pictures_ecc/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/xyz.pictures_ecc/xyz.pictures.key;

    access_log /var/log/nginx/xyz.pictures.access.log;
    error_log /var/log/nginx/xyz.pictures.error.log;
}


server {
 listen 80;
 listen [::]:80;
 server_name xyz.pictures;
 location / {
  return 302 https://$host$request_uri;
 }
 location /.well-known/acme-challenge/ {
  root /var/lespace/;
 }
}

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

Tried remove the keepalive 10 but it didn't fix the problem.

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

will do

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

nginx config file


root@XXX:/etc/nginx/sites-available# cat immich.conf 
# Upstream where your immich server is hosted.
upstream immich {
    server 10.1.10.111:2283;
    # Improve performance by keeping some connections alive.
    keepalive 10;
}

map $http_upgrade $connection_upgrade_keepalive {
    default upgrade;
    ''      '';
}

server {
    include /etc/nginx/sites-available/ssl_options.conf;
    server_name xxx.pictures;
    ssl_certificate /root/.acme.sh/xxx.pictures_ecc/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/xxx.pictures_ecc/xxx.pictures.key;

    access_log /var/log/nginx/xxx.pictures.access.log;
    error_log /var/log/nginx/xxx.pictures.error.log;


#    proxy_buffers 8 16k;
#    proxy_buffer_size 32k;

    client_max_body_size 128m;

    location / {
        proxy_pass http://immich;
        proxy_ssl_verify off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade_keepalive;
    }
}

server {
 listen 80;
 listen [::]:80;
 server_name xxx.pictures;
 location / {
  return 302 https://$host$request_uri;
 }
 location /.well-known/acme-challenge/ {
  root /var/lespace/;
 }
}

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

Currently I'm thinking about an nginx reverse proxy issue but I don't know the configs good enough to find the issue as it seems, will upload nginx config shortly. Quickly tried it without reverse proxy and in the LAN directly seems to be working better.

19 replies

IImmich

•Created by dabernie on 11/26/2024 in #help-desk-support

Error loading image AND Authentication required (401)

Yeah, thought that as well but it is the exact same when I use local immich users for the login.

19 replies

Gaming

Programming