so, i have immich set up behind an nginx reverse proxy, here is the configuration:

server {
    server_name [my domain];
    client_max_body_size 50000M;

       location / {
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_redirect off;

    listen 80;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[my domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[my domain]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

#server {
#    if ($host = [my domain]) {
#        return 301 https://$host$request_uri;
#     } # managed by Certbot

#    server_name [my domain]
#    listen 443 ssl
#    client_max_body_size 50000M;
#    listen 80;
#    return 404; # managed by Certbot

http works at all times, (when connecting thru domain) and https ONLY WORKS if i am not on the local network (the sever is an old laptop) i i am using a vpn (or in another building) it works fine, and DNS requests from inside the same network resolve to the public IP, as expected.

I am stumped.

ps: the connection times out when connecting to it on the same network (with domain) and tcpdump and access.log dont pick up anything

Edit: formatting Edit2: the pinging works from the router (it has a debugging feature), but not from my pc (with https)

Edit3: i had wireshark open while curling the domain, and it pings my home ip (the good one) but receives no reply

      8 months ago

      Most routers have an option to point at a custom DNS first with a fall through for external DNS providers. Best bet is to log into your router and poke around