I HAVE FIXED IT

basically the issue was thaty router doesn’t support NAT loopback, and as such when a request for the routers external IP comes from the inside, the router throws it out. This can be fixed by editing your computer’s host file to redirect the domain to the local IP of the server, or by setting up a dnsmasq proxy to make any requests redirect to the internal IP of the server.!!!

=======================================================

so, i have immich set up behind an nginx reverse proxy, here is the configuration:

server {
    server_name [my domain];
    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
    client_max_body_size 50000M;

       location / {
        proxy_pass http://192.168.0.69:2283;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # http://nginx.org/en/docs/http/websocket.html
        proxy_http_version 1.1;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_redirect off;
}

    listen 80;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[my domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[my domain]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
#server {
#    if ($host = [my domain]) {
#        return 301 https://$host$request_uri;
#     } # managed by Certbot


#    server_name [my domain]
#    listen 443 ssl
    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
#    client_max_body_size 50000M;
#    listen 80;
#    return 404; # managed by Certbot
#}


http works at all times, (when connecting thru domain) and https ONLY WORKS if i am not on the local network (the sever is an old laptop) i i am using a vpn (or in another building) it works fine, and DNS requests from inside the same network resolve to the public IP, as expected.

I am stumped.

ps: the connection times out when connecting to it on the same network (with domain) and tcpdump and access.log dont pick up anything

Edit: formatting Edit2: the pinging works from the router (it has a debugging feature), but not from my pc (with https)

Edit3: i had wireshark open while curling the domain, and it pings my home ip (the good one) but receives no reply

  • Taleya
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    internally? On my main rig I just edited my host file to hard direct all traffic for that domain to the box’s internal IP. Not sure if that will work for you. Externally, well…there’s no issue.

      • Taleya
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Could try tweaking your modem settings, but that’s extremely equipment specific as to what will/won’t work. If you run your own dns or can define hosts higher on the hierarchy, hardcoding there would also work

      • Taleya
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        11 months ago

        main rig is a win system, so I modified C:\Windows\System32\drivers\etc\hosts. NOTE: Always make a copy of your existing config (eg: hosts.old)

        add the following line

        internal IP domain

        so eg:

        192.168.0.10 MyDomain.com

        then save and go.