so, i have immich set up behind an nginx reverse proxy, here is the configuration:
server {
server_name [my domain];
# https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
client_max_body_size 50000M;
location / {
proxy_pass http://192.168.0.69:2283;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# http://nginx.org/en/docs/http/websocket.html
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
listen 80;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/[my domain]/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[my domain]/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#server {
# if ($host = [my domain]) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
# server_name [my domain]
# listen 443 ssl
# https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
# client_max_body_size 50000M;
# listen 80;
# return 404; # managed by Certbot
#}
http works at all times, (when connecting thru domain) and https ONLY WORKS if i am not on the local network (the sever is an old laptop) i i am using a vpn (or in another building) it works fine, and DNS requests from inside the same network resolve to the public IP, as expected.
I am stumped.
ps: the connection times out when connecting to it on the same network (with domain) and tcpdump and access.log dont pick up anything
Edit: formatting
yup.
I had a similar driving me fcking nuts issue - it turned out that even though I had explicitly set the modem to run on a nonstandard port, to reject all http/https requests from the external interface and set it to point all http/https to my web server, every time I ran traffic internally from 192.168.0.1 to mydomain.com it went out, hit the the DNS, came back to my public IP and then for some reason I still cannot work the fuck out the modem then takes it and goes “oh that’s someone in my network talking to MEEEEEEEEEEE” and then I’d get a https bad request. Using a VPN negates this as it routes differently.
did you find a way to fix it? (i am at my wits end)
internally? On my main rig I just edited my host file to hard direct all traffic for that domain to the box’s internal IP. Not sure if that will work for you. Externally, well…there’s no issue.
I was actually hoping I could fix it for everyone on the network, but fair enough
Could try tweaking your modem settings, but that’s extremely equipment specific as to what will/won’t work. If you run your own dns or can define hosts higher on the hierarchy, hardcoding there would also work
Well, thanks for the help, I’ll just try to fuck around until I fix smth
I fucked around enough! Check the edit
Rock & roll!! Great work
Thank you!
What exactly did you put in your host file that fixed the issue?