Modifications necessary to run with provided proxy?

[Cantello]

Is it possible to run immich-duplicates with the built-in/provided proxy? I struggle with setting up traefik or nginx just for this while Immich quite happily runs via a cloudflare tunnel. Any ideas how to add the necessary CORS proxy header to the provided proxy immich-proxy container?

[agross]

Hello,

you would have to replace immich-proxy's default nginx config with one that was extended by the CORS settings from the Readme (also check the "location" link, it shows where to insert the statements). If you use docker then a bind-mount would be the way to achieve that easily.

Does that help?

[Cantello]

Yes, this does help (somewhat), thanks. However, I do have an existing nginx.conf in an Immich config folder (using docker with a volume mount) but Immich does not appear to use this conf file (this was probably from an earlier version where the container had the nginx config mounted externally). Plus, I cannot bash into the immich-proxy container to check the location in order to obtain the exact location. I can see in the log that it should be /etc/nginx/conf.d/default.conf - is that correct?

Sorry for the bother and that you have to spell it out for me!

[agross]

However, I do have an existing nginx.conf in an Immich config folder (using docker with a volume mount) but Immich does not appear to use this conf file

The config that is uses is located under /etc/nginx/conf.d/default.conf. You can search for the file named default.conf and look at its contents using these commands:

$ docker exec immich-proxy-1 find / -type f -name default.conf
/etc/nginx/conf.d/default.conf
find: /proc/tty/driver: Permission denied
find: /root: Permission denied

$ docker exec immich-proxy-1 cat /etc/nginx/conf.d/default.conf
map $http_upgrade $connection_upgrade {
...

Remember that your containers need to be recreated whenever you change mounts or other settings.

Plus, I cannot bash into the immich-proxy container

immich-proxy does not come with bash installed. You can use sh instead.

$ docker exec immich-proxy-1 bash
OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown

$ docker exec -it immich-proxy-1 sh
/ $

[agross]

but Immich does not appear to use this conf file

You can check if the container has that config file mounted using docker inspect <container> -f '{{ .Mounts }}'

[Cantello]

That (mount bind of a modified nginx-default.conf) worked, thanks a lot! Now for the rather tedious task of removing the duplicates... :-/

[frachop]

I tried to change default.conf file within the container (using docker exec -it immich_proxy /bin/sh followed by nginx -s reload but I still have the CORS issues :( Could you detail how you did that change in default.conf file and restart nginx please ?

[agross]

@frachop

Save this as nginx.conf:

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

map $http_x_forwarded_proto $forwarded_protocol {
  default $scheme;

  # Only allow the values 'http' and 'https' for the X-Forwarded-Proto header.
  http http;
  https https;
}

upstream server {
  server immich-server:3001;
  keepalive 2;
}

upstream web {
  server immich-web:3000;
  keepalive 2;
}

server {
  listen 8080;

  access_log off;
  client_max_body_size 50000M;

  # Compression
  gzip on;
  gzip_comp_level 2;
  gzip_min_length 1000;
  gzip_proxied any;
  gzip_vary on;
  gunzip on;

  # text/html is included by default
  gzip_types
    application/javascript
    application/json
    font/ttf
    image/svg+xml
    text/css;

  proxy_buffering off;
  proxy_request_buffering off;
  proxy_buffer_size 16k;
  proxy_busy_buffers_size 24k;
  proxy_buffers 64 4k;
  proxy_force_ranges on;

  proxy_http_version 1.1;
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Host $http_host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $forwarded_protocol;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  location /api {
    # Changes for immich-duplicates start here.
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'X-Api-Key, User-Agent, Content-Type';
      add_header 'Access-Control-Max-Age' 1728000; # 20 days
      add_header 'Content-Type' 'text/plain; charset=utf-8';
      add_header 'Content-Length' 0;
      return 204;
    }

    # This needs to be set in the location block.
    add_header 'Access-Control-Allow-Origin' '*' always;
    # Changes for immich-duplicates end here.

    rewrite /api/(.*) /$1 break;

    proxy_pass http://server;
  }

  location / {

    proxy_pass http://web;
  }
}

Then mount that file in the proxy container, e.g. with docker compose:

...
  proxy:
    image: ghcr.io/immich-app/immich-proxy:${IMMICH_VERSION:-release}
    volumes:
      - /path/to/the/file/above/nginx.conf:/etc/nginx/conf.d/default.conf:ro
...

Then restart the composition with e.g. docker compose up. The proxy container will be recreated with the file mounted.