[Feature] Honor HTTP_PROXY/HTTPS_PROXY/NO_PROXY in Immich server

[dani]

Hi. I'm trying to install Immich in a somewhat restrictive (security wise) environment, on a Nomad cluster. Most things seems to work, except oAuth2. The reason is that any outbound http req must be done through an outbound proxy, including to reach my oidc server (checking updates is also affected). Immich server container seems to ignore https_proxy env var. Is there an option I missed to configure this ?

[dani]

After some more search, it looks like it's not possible for now. So I guess it's a new feature request :-)

In some environments, using a proxy for outbound web requests is mandatory (in mine, it's for security reasons : audit, and whitelisting).
The machine-learning Docker image correctly honors the mostly standard HTTP_PROXY/HTTPS_PROXY/NO_PROXY env var, but not the server (the others like microservices and typesense are not doing any outbound connection so are not affected).

At least two requests should be able to be routed through a proxy: the check-update, and requests to the oAuth2 server when configured.

http-from-env node modules seems to be pulled already, but not being used

[jrasm91]

I think specifically the oauth client library doesn't use those automatically, but that is something we can add support for.

[Phles]

If you add this feature, can you add support for SOCKS proxies to the machine learning image and server images while you're at it?
It just requires the python package PySocks to be added to the dependencies of each of the relevant containers.

I get the following error in the machine learning image due to its absence:

...
immich_machine_learning  |                              │ /opt/venv/lib/python3.11/site-packages/requests │
immich_machine_learning  |                              │ /adapters.py:64 in SOCKSProxyManager            │
immich_machine_learning  |                              │                                                 │
immich_machine_learning  |                              │    61 except ImportError:                       │
immich_machine_learning  |                              │    62 │                                         │
immich_machine_learning  |                              │    63 │   def SOCKSProxyManager(*args, **kwargs │
immich_machine_learning  |                              │ ❱  64 │   │   raise InvalidSchema("Missing depe │
immich_machine_learning  |                              │    65                                           │
immich_machine_learning  |                              │    66                                           │
immich_machine_learning  |                              │    67 if typing.TYPE_CHECKING:                  │
immich_machine_learning  |                              ╰─────────────────────────────────────────────────╯
immich_machine_learning  |                              InvalidSchema: Missing dependencies for SOCKS      
immich_machine_learning  |                              support.    

[Mathpro]

Hello,
I'm facing the same issue
Having a forward proxy in front on my host, HTTP_PROXY and HTTPS_PROXY are well pushed to the container, but seems that Immich is not using them

I can see by tcpdump that the container is doing DNS request of my OAuth provider URL and trying to reach it direcly

It would be really nice to have this supported :)

Thanks in advance for considering it !
BR