Sharing my configuration files because I need help figuring them out.
Setup immich as a photo sharing website. I'd like to share my good photos with friends and people that I meet.
Using
- Unraid - OS and Docker platform
- Traefik - Reverse-Proxy to forward requests to the web server and handle SSL certification and generation via Automated Certificate Management Environment (ACME) protocol.
- Let's Encrypt - SSL Certificate Authority and ACME protocol provider.
- Cloudflare - DNS provider and handles challenging the SSL certificate.
- Cloudflare Tunnel - Tunnel to hide my public IP.
- Immich - Self-Hosted Photo sharing website
- ✅ Setup
immichonunraid- Tutorial Complete. Can see Immich from local network
- ✅ Setup
traefikonunraid- Tutorial Complete. Can se whoami from local network.
- ✅ Setup
traefikwithLet's Encryptto handle SSL Certification so the website can be https.- Tutorial Complete. Can see whoami from local network with successful https certification.
- ✅ Setup
traefikas the reverse proxy in front ofimmich_proxycontainer, as described in immich's documentation referred by u/altran1502.- I.E. Connect
traefikto immich
- I.E. Connect
- ☐ Setup
Cloudflare Tunnelto hide my ip address.- Christian Lempa's tutorial here as referred by u/admecoach's post
This configuration is now working. The config files have been updated to the functional version.
Configuration Files:
Immich and Traefik containers are running, accessble from the local network. External access isn't configured correctly.
Unraid Docker Dashboard
Traefik is running, and appears to be forwarding requests sent to host photos.codyduncan.net towards immich_proxy.
Traefik Dashboard
When using image: nginx:latest for immich_proxy
Visiting photos.codyduncan.net shows the nginx welcome page.
When using image: ghcr.io/immich-app/immich_proxy:${IMMICH_VERSION:-release} for immich_proxy
Visiting photos.codyduncan.net shows bad gateway.
Visiting 192.168.1.104:2283 shows the immich welcome screen.
Visiting 192.168.16.9:8080, which I think is the frontend to immich_proxy, says The connection has timed out.
http://photos.codyduncan.net/show the welcome page. The https versionhttps://photos.codyduncan.net/shows404 page not found. How do I configure routing for https?immich_proxyis an nginx instance. How do I configuretraefikto point atimmich_proxy, andimmich_proxyto point atimmich, so thathttps://photos.codyduncan.net/shows the immich website?
(Isimmich_proxyalready pointing atimmich_web?)
The issue was that traefik.http.services.immich_proxy.loadbalancer.server.port was set to port 80. This means that traefik was told to send data to port 80.
The immich_proxy container was NOT listening on port 80; it was listening on port 8080, per the setting:
ports:
- 2283:8080 # HOST_PORT(external):CONTAINER_PORT(internal)
The fix was to tell traefik to send (internal) traffic to the port immich_proxy was listening on in its container, 8080, by setting traefik.http.services.immich_proxy.loadbalancer.server.port=8080.
See the change to immich_docker_compose.yml here.
- The unraid docker page's column reads
Port Mappings (App to Host). Entries look like192.168.16.9:8080/TCP <-> 192.168.1.104:2283. Which direction is this going? Is this saying that traffic towards (right-side) Host192.168.1.104:2283is sent to (left-side) App192.168.16.9:8080/TCP, or the other way around? Bidirectional?- Answer: Entries in docker-compose look like
2283:8080, i.e.HOST_PORT:CONTAINER_PORT.
The host is the IP and port of the machine docker is running on (external).
The container is an IP and port of the container, used for inter-container communication or listens on for incoming connnections (internal).
Unraid shows the ports in the reverse order of docker-compose configuration, Container <-> Host.
- Answer: Entries in docker-compose look like
- Where is the nginx.conf for immich_proxy on unraid? What directory path?
- This did not end up needing to be configured.