so, i have immich set up behind an nginx reverse proxy, here is the configuration:
server {
server_name [my domain];
# https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
client_max_body_size 50000M;
location / {
proxy_pass http://192.168.0.69:2283;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# http://nginx.org/en/docs/http/websocket.html
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
listen 80;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/[my domain]/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[my domain]/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#server {
# if ($host = [my domain]) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
# server_name [my domain]
# listen 443 ssl
# https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
# client_max_body_size 50000M;
# listen 80;
# return 404; # managed by Certbot
#}
http works at all times, (when connecting thru domain) and https ONLY WORKS if i am not on the local network (the sever is an old laptop) i i am using a vpn (or in another building) it works fine, and DNS requests from inside the same network resolve to the public IP, as expected.
I am stumped.
ps: the connection times out when connecting to it on the same network (with domain) and tcpdump and access.log dont pick up anything
Edit: formatting Edit2: the pinging works from the router (it has a debugging feature), but not from my pc (with https)
Edit3: i had wireshark open while curling the domain, and it pings my home ip (the good one) but receives no reply
Internally the domain is resolving to your public IP. Check your modem isn’t trying to redirect the https request to itself
How do I do that (sorry if that’s a dumb question)
the domain is (correctly, i think) resolving to my home ip, check the edit
yup.
I had a similar driving me fcking nuts issue - it turned out that even though I had explicitly set the modem to run on a nonstandard port, to reject all http/https requests from the external interface and set it to point all http/https to my web server, every time I ran traffic internally from 192.168.0.1 to mydomain.com it went out, hit the the DNS, came back to my public IP and then for some reason I still cannot work the fuck out the modem then takes it and goes “oh that’s someone in my network talking to MEEEEEEEEEEE” and then I’d get a https bad request. Using a VPN negates this as it routes differently.
did you find a way to fix it? (i am at my wits end)
internally? On my main rig I just edited my host file to hard direct all traffic for that domain to the box’s internal IP. Not sure if that will work for you. Externally, well…there’s no issue.
I was actually hoping I could fix it for everyone on the network, but fair enough
Could try tweaking your modem settings, but that’s extremely equipment specific as to what will/won’t work. If you run your own dns or can define hosts higher on the hierarchy, hardcoding there would also work
I fucked around enough! Check the edit
Rock & roll!! Great work
Well, thanks for the help, I’ll just try to fuck around until I fix smth
What exactly did you put in your host file that fixed the issue?
main rig is a win system, so I modified C:\Windows\System32\drivers\etc\hosts. NOTE: Always make a copy of your existing config (eg: hosts.old)
add the following line
internal IP domain
so eg:
192.168.0.10 MyDomain.com
then save and go.