so, i have immich set up behind an nginx reverse proxy, here is the configuration:

server {
    server_name [my domain];
    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
    client_max_body_size 50000M;

       location / {
        proxy_pass http://192.168.0.69:2283;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # http://nginx.org/en/docs/http/websocket.html
        proxy_http_version 1.1;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_redirect off;
}

    listen 80;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[my domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[my domain]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
#server {
#    if ($host = [my domain]) {
#        return 301 https://$host$request_uri;
#     } # managed by Certbot


#    server_name [my domain]
#    listen 443 ssl
    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
#    client_max_body_size 50000M;
#    listen 80;
#    return 404; # managed by Certbot
#}


http works at all times, (when connecting thru domain) and https ONLY WORKS if i am not on the local network (the sever is an old laptop) i i am using a vpn (or in another building) it works fine, and DNS requests from inside the same network resolve to the public IP, as expected.

I am stumped.

ps: the connection times out when connecting to it on the same network (with domain) and tcpdump and access.log dont pick up anything

Edit: formatting

  • __ghost__@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    Most routers have an option to point at a custom DNS first with a fall through for external DNS providers. Best bet is to log into your router and poke around