pcouy

I don't use nginx-proxy-manager, but if you want to share what you tried, I will try to help you figure what's not working

It's the clients (web/android app, probably iOS too) that are making these requests.

To the best of my knowledge, the Immich server inside the container is not making requests to the outside. It is merely sending a style.json to the client displaying a map, which then fetches tiles from the Cofractal URL inside this JSON.

Or you can quite easily configure nginx as your personal caching proxy with an arbitrarily long TTL/retention duration (you can check out my follow-up post for instructions on doing that)

I used to wonder what kind of nerd notices this kind of thing, now I'm one of them

Edit : If you want to join us :

• you can run Pi-hole which is a self-hosted DNS server that allow monitoring/blocking DNS requests from devices configured to use it. In its default configuration, it acts as a network wide ad/tracker blocker.
• On Android, you can install Rethink DNS. This will configure itself as a VPN on your device, forcing all traffic to go through it. This allows it to act as an on-device firewall that allow monitoring/blocking DNS requests and TCP/UDP connections. This is similar to the features of Pi-hole, but the fact that it's on-device allows it to be app aware : the logs will detail which app is responsible for which connection, and the allow/block rules can be app-dependent. The app honestly goes beyond all my expectations :
  • it does a good job at being easy to use by default
  • it is very configurable which gives you a lot of control if you want/need/can handle it
  • You can configure it to route traffic (after applying firewall rules) to a Wireguard VPN or through Orbot. (Apps that act as VPNs are not compatible with each other : you can only have one active at a time)
  • You can even configure several Wireguard interfaces at the same time, and route specific apps through specific tunnels

I don't use Traefik myself, but this documentation page seems to suggest that Traefik only allows in-memory cache (which would eat RAM and not persist across reboots). You can probably run Nginx with this config inside a container for the caching, then use Traefik to handle requests to immich.your-domain.tld/map_proxy/* with the caching proxy container.

What do you mean ? Can you give me the exact link that's not working ?

At this point, I'll just assume you are trolling and stop replying after this comment.

This post is trying to provide a generic solution to the fact that there are no reasonable way to get map tiles without relying on a third party provider.

I additionally included instructions on how to set it up with Immich, but I don't see how a caching proxy in front of OSM should be part of Immich, a software focused on managing photo libraries.

How does an nginx config fit as a "diff" when the Immich repo and docker images do not include nginx (or any other reverse proxy) ?

Blocking the DNS was the first thing I did. This is intended to restore the map feature without having to trust a random company I've never heard of.

What do you mean by "a diff of a code fix" that would be simpler ?

You can, but you would not be able to display the map. Might as well disable the map server-wide

Not yet, but I will probably submit a PR to include this guide in the docs

I'll try clarifying what I had in mind :

I tried running maptiler to generate tiles from OSM's data, which required an insane amount of time and resources (not doable for most self-hosters including myself, even for a single country) to process the data and store the results. I was wondering if there would be a way to ask maptiler (or another equivalent tool) to only generate tiles that contain points from a given set (in this case, photos) and maybe the tiles adjacent to them. What about doing this for every zoom level ? This would require generating at most zoom_levels * n_photos (* 9) if we include adjacent) tiles, and a lot less for the typical person taking several photos at the same place.