Public hostname not working for mobile (android) app
I have added a public domain through Cloudflare which works perfectly for the web access, but when I try to setup the server endpoint URL (https://my.public.link) through the app and authenticate with my credentials, I always get an error to check the link, username or password.
The last 2 are, of course, correct. The app works normally when I use my local http://ip:2383. App version is v1.53.0. Attached the .env and .yml files.
Probably I'm missing something, but curious as to what as I seem to have followed all the relevant instructions.
Edit: updated title to more relevant since IMMICH_API_URL_EXTERNAL is not related to this.
35 Replies
You only need to set that env var if you're running a nonstandard deployment, a normal reverse proxy setup should work without it
okay, so I commented this line out and run but nothing changed really with the error in the app. Could it be something different to look at?
Can you check whether it works if you add /api?
And what is the output of https://my.public.link/.well-known/immich ?
{"api":{"endpoint":"/api"}}
Already tried the /api before but didn't work.
It is a valid SSL certificate, right? A bad certificate is one reason the web might work and the mobile app won't.
seems like it, yes
Is it also from a trusted CA?
I think cloudflare etc. takes care of these, that's why i went with this as a first step for testing before I start digging more into better options
Can you get the log file from the app and post it here?
The Logs option from the app doesn't seem to capture anything relevant and same from docker. Not sure if I'm looking at the right place though.
That's the spot. I'm pretty sure it's supposed to log auth problems 🤔
It's never logged auth errors iirc
https://github.com/immich-app/immich/blob/main/mobile/lib/modules/login/providers/authentication.provider.dart#L71
Or is that not the user-visible logger?
Which has made debugging this exact situation a pain.
Yup
That might not write anything to the user log
update: I've also put a layer OIDC (authentik) which, again, works for web access but nothing changed for the mobile app. I have tried including app.immich:/ and without it + enable "REDIRECT URI OVERRIDE"
Are you using any other DNS related service from cloudflare?
I would say no. Just a basic free account only for immich and authentik for now
Does it work on the phone on mobile data, not on your local wifi?
the localhost works normally on the app and on wifi. when I switch to the public domain I get these errors in the app. The web access of the public domain works normally outside the home network
Idk. The only thing that i can think of would be a certificate related problem. Connectivity seems to be fine.
Unfortunately the debugging info for those types of errors is missing from the logs right now
If you add /api on the end does that change anything?
nope
Can you successfully run this
openssl s_client -debug -connect www.thedomaintocheck.com:443
sorry for the delay, had to troubleshoot why openssl wasn't running but after I figured that out looks like it runs normally
it's also strange that while the Login with OAuth option is available when using localhost in the app, when I use again the public host (incl. all variations) it doesn't show anymore. Let me know if this is any hint, else I guess my only choice is to replace cloudflare tunnel with something else.
That makes sense as the http request to get the OAuth settings is probably failing
Probably for the same reason the login request fails
Does your phone use a proxy or custom DNS server or settings?
I did have a private dns configured on the phone, but I removed it and unfortunately didn't help. nice catch, though. It did give me hope for a second 😅
Cached maybe?
i see that cached dns on android is only on the browser-level, would it affect the app login? I did uninstall & restart though
also cleared the cache for the app & browsers but nothing new
Probably not that then 😁
Bumping this thread since i'm facing the same issue: Can access photos.jeromestephan.de on the web no problem, but with the android app I'm getting a 404 not found as it tries to hit photos.jeromestephan.de/api/.well-known/immich
Anything in the mobile app logs?
Sadly nothing at all. Just if I'm running httpry on the server I see that that it tries to hit that and gives back a 404
update: After using https instead of http it seems to work. Sometimes its the little mistakes...
Nice that you solved it! I still have the same while using https