Simple Immich + Nginx configuration with self-signed HTTPS access

compose.yml

name: immich

services:
  nginx:
    image: nginx:latest
    container_name: reverse_proxy
    ports:
      - 3001:3001
      - 3000:3000
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/certs:/etc/nginx/certs:ro
    depends_on:
      - immich-server

# immich server and DBs...

nginx.conf

events {}

http {
  server {
    listen 3001;
    server_name myserver.invalid;
    return 301 https://$host$request_uri;
  }

  server {
    listen 3000 ssl; # host on 3000
    server_name myserver.invalid;

    ssl_certificate /etc/nginx/certs/myserver.invalid.crt;
    ssl_certificate_key /etc/nginx/certs/myserver.invalid.key;

    sendfile on;
    client_max_body_size 0;

    location / {
      # websocket support
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      proxy_pass http://immich_server:2283;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }
}