Unable to change port for webui

[jonchaka]

When setting the WebUI port during new installation, or editing a existing installation (Redeploy),

The webui port variable is ignored. It will still only work on 8080. Tried setting another port variable for 80->8080, still no dice.

[martabal]

Can you share your docker-compose.yml ?

[jonchaka]

Installed via Unraid Apps.

Output during creation:

docker run
  -d
  --name='immich'
  --net='eth0'
  --ip='192.168.11.25'
  -e TZ="Australia/Brisbane"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="JKC-Server"
  -e HOST_CONTAINERNAME="immich"
  -e 'TCP_PORT_8080'='80'
  -e 'DB_HOSTNAME'='192.168.11.20'
  -e 'DB_USERNAME'='immich'
  -e 'DB_PASSWORD'='<Removed>'
  -e 'DB_DATABASE_NAME'='immich'
  -e 'REDIS_HOSTNAME'='192.168.11.20'
  -e 'DISABLE_MACHINE_LEARNING'='false'
  -e 'DISABLE_TYPESENSE'='false'
  -e 'DB_PORT'='5432'
  -e 'REDIS_PORT'='6379'
  -e 'REDIS_PASSWORD'=''
  -e 'MACHINE_LEARNING_WORKERS'='1'
  -e 'MACHINE_LEARNING_WORKER_TIMEOUT'='120'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='022'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:80]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/imagegenius/templates/main/unraid/img/immich.png'
  -v '/mnt/user/immich/uploads/':'/photos':'rw'
  -v '/mnt/cache/appdata/immich-machine-learning':'/config/machine-learning':'rw'
  -v '/mnt/cache/appdata/immich':'/config':'rw' 'ghcr.io/imagegenius/immich'

It works fine accessing from port 8080, it won't load with port 80. When accessing via http://IP, it will redirect to htttps, and fail. It will still load fine accessing http://IP:8080

The port shown in unraid's docker UI is still Host 8080, Container 8080. The port shown in the Unraid UI doesn't update.

[hydazz]

You are using host/ipvlan networking, port mapping will not work. You will need to use the bridge network or overwrite the nginx config

(or use a reverse proxy in front of the container...)

[jonchaka]

Ahh yes, completely forgot about this.

If anyone else has this niche issue, this is what I did to fix it.

I went with this solution because I didn't want to break anything else, this means access via 8080 or 80. So the app on android can be set to 8080 and ensuring it's connectivity should the port forwarding break. Was only after port 80 for internal dns via web browser. I use macvlan in my use case for internal dns making web browser access easier for family without worrying about ports. I don't use a reverse proxy and while it would handle this, I went with a different method. Only a few containers are exposed via cloudflare tunnels and the rest are via wireguard with automate running on devices to automate the wireguard tunnel.

In this situation I'm using macvlan, but it will apply for ipvlan or any other custom network.

Enable NET_ADMIN for the container. This can be done easily in portainer, or through CLI.

Enter into the bash shell of the container.

apt update
apt install iptables -y

Run command: echo 1 | tee /proc/sys/net/ipv4/ip_forward

edit: /etc/sysctl.conf:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Run command: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

I'll create a script later to run after the container is updated, check if the iptables package exists, run the above if not. That should fix the eventual breakage when the container updates.

[hydazz]

It would be much more elegant just to overwrite /defaults/default.site

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;

    access_log off;
    client_max_body_size 50000M;

    # Compression
    gzip on;
    gzip_comp_level 2;
    gzip_min_length 1000;
    gzip_proxied any;
    gzip_vary on;
    gunzip on;

    # text/html is included by default
    gzip_types
    application/javascript
    application/json
    font/ttf
    image/svg+xml
    text/css;

    proxy_buffering off;
    proxy_request_buffering off;
    proxy_buffer_size 16k;
    proxy_busy_buffers_size 24k;
    proxy_buffers 64 4k;
    proxy_force_ranges on;

    proxy_http_version 1.1;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto http;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    location /api {
        rewrite /api/(.*) /$1 break;
        proxy_pass http://localhost:3001;
    }

    location / {
        proxy_pass http://localhost:3000;
    }
}

[jonchaka]

Wouldn't this break when the container is updated? There's probably a way to check if that modification is in the file, but I'd have to figure it out.

[hydazz]

not if you put the config in the appdata directory, and mount it over the existing one docker run -v immich.conf:/defaults/default.site. this file has also not been updated in 6 months (theres no need to...)

[jonchaka]

Thanks! I'll undo the iptables and go with your suggested method.

[hydazz]

Thanks! I'll undo the iptables and go with your suggested method.

you can recreate the container/stack and all the modifications made will be erased