so, i have immich set up behind an nginx reverse proxy, here is the configuration:

server {
    server_name [my domain];
    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
    client_max_body_size 50000M;

       location / {
        proxy_pass http://192.168.0.69:2283;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # http://nginx.org/en/docs/http/websocket.html
        proxy_http_version 1.1;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_redirect off;
}

    listen 80;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[my domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[my domain]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
#server {
#    if ($host = [my domain]) {
#        return 301 https://$host$request_uri;
#     } # managed by Certbot


#    server_name [my domain]
#    listen 443 ssl
    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
#    client_max_body_size 50000M;
#    listen 80;
#    return 404; # managed by Certbot
#}


http works at all times, (when connecting thru domain) and https ONLY WORKS if i am not on the local network (the sever is an old laptop) i i am using a vpn (or in another building) it works fine, and DNS requests from inside the same network resolve to the public IP, as expected.

I am stumped.

ps: the connection times out when connecting to it on the same network (with domain) and tcpdump and access.log dont pick up anything

Edit: formatting

  • theit8514@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    Based on your edit about getting the public IP: Most firewall/routers are not configured to do this operation by default (called Hairpinning). If you request your firewall/router’s external IP address from the internal network you won’t get a response unless Hairpinning is enabled and some devices don’t allow you to do that. If you have an internal dns server, you should override the internal dns to return the private ip address so it goes to your nginx reverse proxy instead of the firewall/router.

      • __ghost__@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        Most routers have an option to point at a custom DNS first with a fall through for external DNS providers. Best bet is to log into your router and poke around