Hello all, The first thing I setup to self-host was NextCloud, and I followed instructions and built the stack directly on the host computer. It’s hosted on port 80, and I created a Cloudflare tunnel from “cloud.mydomain.com” which points to http://192.168.1.111 and everything works perfectly. I can access the site from wherever, and everything felt great. Now for the thing I really want, an Immich server.

I followed the instructions and set up Immich in a docker container. Everything seems to be working great, I can access it from within my network and backup photos just like I was hoping. Within the same Cloudflare tunnel, I tried to add a new Public Hostname. I want “photos.mydomain.com” to point to the same host but on port 2283. I added the public hostname and pointed it to http://192.168.1.111:2283, but whenever I point a browser there I get the “502 Bad Gateway” error from cloudflare.

I assume this is a Cloudflare configuration issue, but I’m not 100% sure. Do I need to do anyting special with docker if I intend to access it through Cloudflare? I THINK docker is set up correctly because I am able to access the Immich from a different computer on my local network. I thought using Cloudflare made it so that I don’t to worry about setting up a reverse proxy. Is that maybe not true?

Or does Immich need something specific to tell it to accept traffic outside of my network? I remember having to set up NextCloud with “trusted domains” but when that wasn’t correct, I got an error message from NextCloud, not from Cloudflare.

Any help would be appreciated. I’ve poked around a bunch and I’m pretty sure I can’t solve this on my own.

  • I eat words@group.lt
    link
    fedilink
    English
    arrow-up
    11
    ·
    11 months ago

    first you should check logs of cloudflare tunnel - most likely it cannot access your docker network. if you are using cloudflare container - it should use same network as a Immich instance.

    in short: find the tunnel log and see what is happening there.

    • jrubal1462OP
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      The logs just say 2023-12-16T03:32:18Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.1.111:2283...

      Assuming it is the problem of Docker containers not being able to talk to each other, I added the option --network="bridge" to the docker command that launches the cloudflare tunnel. Then in the docker-compose file for Immich, I added the line network_mode: bridge to each service. No dice. I think next I’ll try installing the cloudflare tunnel as a service directly on that computer.

      Thanks for taking the time to help out, I appreciate it.

      • jrubal1462OP
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        Hey! Running the cloudflare tunnel through systemd right on the machine worked wonders! Thanks! Probably not the most secure way, but at least I know I can play with networks at a later date. For now it appears to be up and running. Thanks a bunch!

  • Krafting@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    11 months ago

    I would recommend you setup a Reverse Proxy, such as NGINX Proxy Manager, Cloudflare free tier only allow to forward 80 and 443 port. A reverse proxy would listen on port 443 and 80 for all connection and forward request to the right site using the hostname.

    • SteveTech@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      11 months ago

      Cloudflare Tunnels will let you proxy any port, as long as it’s HTTP(S) or SSH, even on free tier.

      Also I believe there’s a thing now for proxying other ports anyway on free tier without tunnels, but I haven’t looked too much into it.

    • jrubal1462OP
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Thanks. I was hoping (but not sure) that cloudflare would act as a proxy by sending the traffic to the port I wanted, and that would sort things out (since it’s all running off of one machine). Still, maybe setting up Nginx is the way to go. I’ll have to put that a little ways down the to do list.

      Thanks for reaching out, I appreciate it.

      • Krafting@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        Well, in my setup I use both, Cloudflare point to my proxy manager, so there is a dual proxy in a way. but the users always hit cloudflare first and never my own proxy, so I can use CF security feature as well (blocking other country, ip, known bad actors etc)

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CF CloudFlare
    HTTP Hypertext Transfer Protocol, the Web
    SSH Secure Shell for remote terminal access

    [Thread #358 for this sub, first seen 16th Dec 2023, 11:55] [FAQ] [Full list] [Contact] [Source code]