Closed RockinChaos closed 1 week ago
Can you post sudo lsof -i | grep 300
's output?
Can you post
sudo lsof -i | grep 300
's output?
root@immich:~# sudo lsof -i | grep 300
gunicorn 140 immich 5u IPv4 35087227 0t0 TCP localhost:3003 (LISTEN)
immich_mi 141 immich 54u IPv4 35078125 0t0 TCP localhost:45300->localhost:redis (ESTABLISHED)
immich_mi 141 immich 59u IPv4 35078130 0t0 TCP localhost:3002 (LISTEN)
immich_se 142 immich 34u IPv4 35104146 0t0 TCP localhost:3001 (LISTEN)
redis-ser 145 redis 51u IPv4 35087357 0t0 TCP localhost:redis->localhost:45300 (ESTABLISHED)
gunicorn 191 immich 5u IPv4 35087227 0t0 TCP localhost:3003 (LISTEN)
root@immich:~#
Are you using a reverse https proxy? As those are only listening from localhost, you need a reverse proxy to access it from other than the local computer that it's running on.
See commit https://github.com/arter97/immich-native/commit/a089567e6937541eeebcfb1467e10b959d53eb00
Are you using a reverse https proxy? As those are only listening from localhost, you need a reverse proxy to access it from other than the local computer that it's running on.
See commit a089567
I do have a reverse proxy setup for external access on a dedicated lxc for apache. But I shouldn't need a reverse proxy to be able to access it via HTTP though from any computer on the same network right? Regardless though the reverse proxy I have set up works on v1.102.3 but doesn't on v1.103.1.
I don't see how that applies since it works fine on v1.102.3 and it doesn't work on v1.103.1. There's only about a two-week difference between these versions so I don't think what you are describing applies since it works fine as-is when I downgrade back to v1.102.3.
But I shouldn't need a reverse proxy to be able to access it via HTTP though from any computer on the same network right?
You do, because it's only listening to localhost (127.0.0.1). Local network (e.g., 192.168.0.0/16) isn't handled any differently. But you're right - this was changed in v1.100.0, so if v1.102.3 works properly, this is likely not the issue but I just wanted to make sure.
Just as a troubleshooting step, can you follow commit a089567e6937541eeebcfb1467e10b959d53eb00 's comment: comment out the sed command in install.sh's "Use 127.0.0.1" part
and see if it works?
But I shouldn't need a reverse proxy to be able to access it via HTTP though from any computer on the same network right?
You do, because it's only listening to localhost (127.0.0.1). Local network (e.g., 192.168.0.0/16) isn't handled any differently. But you're right - this was changed in v1.100.0, so if v1.102.3 works properly, this is likely not the issue but I just wanted to make sure.
Just as a troubleshooting step, can you follow commit a089567 's comment:
comment out the sed command in install.sh's "Use 127.0.0.1" part
and see if it works?
Huh... well that seems to work! I don't understand why as that isn't commented out in the v1.102.3 script. Is there any particular importance in having this? I assume it opens some security risks but I just don't understand why it was working before while it isn't now. But then continues to work when I downgrade.
Thanks for the help!~
EDIT: Okay I was able to resolve this now given the context you provided above about the reverse proxy. I have no idea why I thought I could just connect to it when it was only listening on loopback... I set up a reverse proxy locally which resolved the issue so I have my external reverse proxy -> immich server reverse proxy -> immich microservices.
I would still love to know how I have been able to connect to a loopback in v1.102.3 but w/e at this point. Thanks for putting up with my stupidity and thanks for providing such a great resource.
Huh... well that seems to work! I don't understand why as that isn't commented out in the v1.102.3 script.
Not entirely sure why v1.102.3 worked for you. Maybe different npm installation builds slightly differently..
Is there any particular importance in having this?
Yeah, you'd definitely want to use TLS (https) proxy. If these ports are exposed beyond your local network, that'd be the definition of a privacy nightmare.
Glad the issue is solved. Make sure you're not exposing raw unencrypted ports :)
I performed the following;
After doing this I cannot access the server through the web or the mobile app when the server is running v1.103.1. The logs report nothing, it just says server(s) were started. Checking the journal also results in nothing useful, just states the server has started.
Both ports 3001, 3002, and 3003 have a successful bind and report as listening so it's clear the servers are running.
What does work (downgrading);
Now it works fine... I don't quite know what the difference is between the two versions and why I don't see any issues in the logs. Comparing both v1.102.3 and v1.103.1 logs, they look identically so I don't understand what's happening. I checked the immich Github and couldn't find any issues similar to mine so I am unsure if it's an issue with the native install or if it's an issue with immich itself.
Any help would be great, thanks for your time!