search

arter97 / immich-native

Immich hosted without Docker
31 stars 2 forks source link

Immich web & mobile inaccessable after upgrading from v1.102.3 to v1.103.1. #6

Closed RockinChaos closed 1 week ago

RockinChaos commented 1 week ago

I performed the following;

After doing this I cannot access the server through the web or the mobile app when the server is running v1.103.1. The logs report nothing, it just says server(s) were started. Checking the journal also results in nothing useful, just states the server has started.

Both ports 3001, 3002, and 3003 have a successful bind and report as listening so it's clear the servers are running.

What does work (downgrading);

Now it works fine... I don't quite know what the difference is between the two versions and why I don't see any issues in the logs. Comparing both v1.102.3 and v1.103.1 logs, they look identically so I don't understand what's happening. I checked the immich Github and couldn't find any issues similar to mine so I am unsure if it's an issue with the native install or if it's an issue with immich itself.

Any help would be great, thanks for your time!

arter97 commented 1 week ago

Can you post sudo lsof -i | grep 300's output?

RockinChaos commented 1 week ago

Can you post sudo lsof -i | grep 300's output?

root@immich:~# sudo lsof -i | grep 300
gunicorn  140          immich    5u  IPv4 35087227      0t0  TCP localhost:3003 (LISTEN)
immich_mi 141          immich   54u  IPv4 35078125      0t0  TCP localhost:45300->localhost:redis (ESTABLISHED)
immich_mi 141          immich   59u  IPv4 35078130      0t0  TCP localhost:3002 (LISTEN)
immich_se 142          immich   34u  IPv4 35104146      0t0  TCP localhost:3001 (LISTEN)
redis-ser 145           redis   51u  IPv4 35087357      0t0  TCP localhost:redis->localhost:45300 (ESTABLISHED)
gunicorn  191          immich    5u  IPv4 35087227      0t0  TCP localhost:3003 (LISTEN)
root@immich:~#
arter97 commented 1 week ago

Are you using a reverse https proxy? As those are only listening from localhost, you need a reverse proxy to access it from other than the local computer that it's running on.

See commit https://github.com/arter97/immich-native/commit/a089567e6937541eeebcfb1467e10b959d53eb00

RockinChaos commented 1 week ago

Are you using a reverse https proxy? As those are only listening from localhost, you need a reverse proxy to access it from other than the local computer that it's running on.

See commit a089567

I do have a reverse proxy setup for external access on a dedicated lxc for apache. But I shouldn't need a reverse proxy to be able to access it via HTTP though from any computer on the same network right? Regardless though the reverse proxy I have set up works on v1.102.3 but doesn't on v1.103.1.

I don't see how that applies since it works fine on v1.102.3 and it doesn't work on v1.103.1. There's only about a two-week difference between these versions so I don't think what you are describing applies since it works fine as-is when I downgrade back to v1.102.3.

arter97 commented 1 week ago

But I shouldn't need a reverse proxy to be able to access it via HTTP though from any computer on the same network right?

You do, because it's only listening to localhost (127.0.0.1). Local network (e.g., 192.168.0.0/16) isn't handled any differently. But you're right - this was changed in v1.100.0, so if v1.102.3 works properly, this is likely not the issue but I just wanted to make sure.

Just as a troubleshooting step, can you follow commit a089567e6937541eeebcfb1467e10b959d53eb00 's comment: comment out the sed command in install.sh's "Use 127.0.0.1" part and see if it works?

RockinChaos commented 1 week ago

But I shouldn't need a reverse proxy to be able to access it via HTTP though from any computer on the same network right?

You do, because it's only listening to localhost (127.0.0.1). Local network (e.g., 192.168.0.0/16) isn't handled any differently. But you're right - this was changed in v1.100.0, so if v1.102.3 works properly, this is likely not the issue but I just wanted to make sure.

Just as a troubleshooting step, can you follow commit a089567 's comment: comment out the sed command in install.sh's "Use 127.0.0.1" part and see if it works?

Huh... well that seems to work! I don't understand why as that isn't commented out in the v1.102.3 script. Is there any particular importance in having this? I assume it opens some security risks but I just don't understand why it was working before while it isn't now. But then continues to work when I downgrade.

Thanks for the help!~

EDIT: Okay I was able to resolve this now given the context you provided above about the reverse proxy. I have no idea why I thought I could just connect to it when it was only listening on loopback... I set up a reverse proxy locally which resolved the issue so I have my external reverse proxy -> immich server reverse proxy -> immich microservices.

I would still love to know how I have been able to connect to a loopback in v1.102.3 but w/e at this point. Thanks for putting up with my stupidity and thanks for providing such a great resource.

arter97 commented 1 week ago

Huh... well that seems to work! I don't understand why as that isn't commented out in the v1.102.3 script.

Not entirely sure why v1.102.3 worked for you. Maybe different npm installation builds slightly differently..

Is there any particular importance in having this?

Yeah, you'd definitely want to use TLS (https) proxy. If these ports are exposed beyond your local network, that'd be the definition of a privacy nightmare.

Glad the issue is solved. Make sure you're not exposing raw unencrypted ports :)