search

damongolding / immich-kiosk

A web slideshow for Immich
GNU Affero General Public License v3.0
328 stars 14 forks source link

Reverse Proxy doesn't work #9

Closed Gamerayers closed 2 weeks ago

Gamerayers commented 1 month ago

Seems that the port MUST be the standard immich port. I typically run everything through my reverse proxy and https. This won't work with this setup.

Also, as a side note, SUPER cool. But I would LOVE the features that Immich Frame has for showing multiple people rather than just 1. Another thought would also to be link to 2 different users accounts (my wife and I are separate) and be able to pull in 2 different sets of people (we like to show both of our kids). Just ideas.

damongolding commented 1 month ago

Your right, it does force Immich’s standard port.I didn’t think nor test a reverse proxy.i did test Cloudflare tunnels but maybe I need to rethink forcing a port.

Adding more than one person is on my roadmap as is releasing the block on changing the URL and API KEY via queries which would allow multiple users/accounts.

bmeares commented 1 month ago

Setting KIOSK_IMMICH_URL to the public-facing URL (e.g. https://immich.example.com) does not work at the moment, though using Docker's internal routing works for most use cases. For those interested, here is my docker-compose.yaml for Immich and Kiosk which I later use for a reverse proxy:


name: immich

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    extends:
      file: hwaccel.transcoding.yml
      service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  redis:
    container_name: immich_redis
    image: docker.io/redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
    volumes:
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    healthcheck:
      test: pg_isready --dbname='${DB_DATABASE_NAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
    restart: always

  immich-kiosk:
    image: "damongolding/immich-kiosk:latest"
    container_name: "immich-kiosk"
    environment:
      TZ: "America/New_York"
      KIOSK_IMMICH_API_KEY: "$IMMICH_API_KEY"
      KIOSK_IMMICH_URL: "http://immich-server:3001"
      KIOSK_DATE_FORMAT: "2024-10-10"
      KIOSK_IMAGE_TIME_FORMAT: "12"
    ports:
      - "3001:3000"
    restart: "on-failure"

volumes:
  model-cache:
``
nordy1145 commented 1 month ago

Easy way around this is to just add port 443 if you're using SSL through a reverse proxy. So instead of https://photos.example.com you'd use https://photos.example.com:443 in the KIOSK_IMMICH_URL parameter.

I do not know Go, but looks like checkUrlFormat could be updated a bit to allow for a default https port.

damongolding commented 1 month ago

checkUrlFormat only adds http:// if no scheme is present e.g 192.168.1.1, https:// is allowed and passed through. It also currently forces a port if there isn’t one (Immich’s default) which is behaviour I need to remove.

damongolding commented 1 month ago

Remove the forced port issue in 0.3.1.

damongolding commented 1 month ago

Forgive me, I didn’t read your comment properly. Using any port on Immich_url (before and after 0.3.1) would work just fine. The issue popped up if none were present, which should be fixed now in 0.3.1. On 27 Jul 2024 at 8:16 PM +0100, Ryan @.***>, wrote:

Easy way around this is to just add port 443 if you're using SSL through a reverse proxy. So instead of https://photos.example.com you'd use https://photos.example.com:443 in the KIOSK_IMMICH_URL parameter. I do not know Go, but looks like checkUrlFormat could be updated a bit to allow for a default https port. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>