Android App fails to upload over domain - Web works fine
I've got a fresh installation which works great, except for the mobile app over my subdomain. The web interface works and uploads just fine over the domain on other networks.
The only oddity I see in the logs is
HttpException(400): {"message":"Multipart: Unexpected end of form","error":"Bad Request","statusCode":400}167 Replies
:wave: Hey @NAKCity,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.What’s your proxy and network stack? Cloudflare?
Cloudflared
You’ll have to disable whatever they’re doing to chunk/break up the file. Immich doesn’t support it
Any idea if that's done server side or on the CF daemon?
Not sure, I assume on their web login but I have no idea
In case someone comes across this:
Cloudflare -> Zero Trust -> Networks -> Tunnels -> (Your hostname - NOT subdomain) -> Configure -> Additional application settings -> HTTP Settings -> Disable Chunked Encoding
Unfortunately, it still fails. I see a notification saying the upload is 100% complete, then it disappears and says failed.
Same message on the server logs, nothing interesting in app logs.
All services were restarted after the CF change
is the file over 100MB?
No. I actually made a small 500KB file to test
It still works fine over the web interface on my phone's cellular network or over the local ip wifi switch-over
I'll let it sit in case it takes time for the changes to propagate.
Still nothing. I logged the proxied requests from Android and Chrome and there are some key differences:
Android:
2025-04-15T18:02:00Z,POST https://REDACTED-DOMAIN/api/assets HTTP/1.1,http,{"content-length":0"connIndex":0"originService":"http://localhost:2283""ingressRule":8"path":"/api/assets""host":"REDACTED-DOMAIN""headers":{"Cdn-Loop":["cloudflare; loops=1"]"Cf-Connecting-Ip":["172.56.64.228"]"Cf-Ipcountry":["US"]"Cf-Ray":["930d59c77fb73198-MIA"]"Content-Type":["multipart/form-data; boundary=dart-http-boundary-pFMk9DPqiZp7Ct8xE9z6ukq2aIHuIsPyDmrVYTo6AQ5FMHp.X4w"]"User-Agent":["Dart/3.7 (dart:io)"]"X-Forwarded-For":["172.56.64.228"]"Accept-Encoding":["gzip br"]"Cf-Visitor":["{\"scheme\":\"https\"}"]"Cf-Warp-Tag-Id":["b585b749-6c4a-4d25-af72-5af322f93a77"]"X-Forwarded-Proto":["https"]"X-Immich-User-Token":["REDACTED-TOKEN"]}}
Chrome:
2025-04-15T18:09:46Z,POST https://REDACTED-DOMAIN/api/assets HTTP/1.1,http,{"originService":"http://localhost:2283""ingressRule":8"path":"/api/assets""content-length":1979180"connIndex":2"host":"REDACTED-DOMAIN""headers":{"Priority":["u=1 i"]"Cookie":["immich_access_token=REDACTED-TOKEN; immich_auth_type=password; immich_is_authenticated=true"]"Sec-Fetch-Site":["same-origin"]"X-Forwarded-For":["192.25.50.127"]"Accept":["*/*"]"Accept-Encoding":["gzip br"]"Cf-Ipcountry":["US"]"Content-Length":["1979180"]"Cf-Warp-Tag-Id":["b585b749-6c4a-4d25-af72-5af322f93a77"]"Content-Type":["multipart/form-data; boundary=----WebKitFormBoundaryaAt3xyCPf8xDzb0r"]"Origin":["https://REDACTED-DOMAIN"]"Sec-Ch-Ua":["\"Google Chrome\";v=\"135\" \"Not-A.Brand\";v=\"8\" \"Chromium\";v=\"135\""]"Accept-Language":["en-USen;q=0.9"]"Cdn-Loop":["cloudflare; loops=1"]"Cf-Connecting-Ip":["192.25.50.127"]"Cf-Visitor":["{\"scheme\":\"https\"}"]"X-Forwarded-Proto":["https"]"Sec-Ch-Ua-Mobile":["?0"]"Sec-Ch-Ua-Platform":["\"macOS\""]"Sec-Fetch-Dest":["empty"]"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML like Gecko) Chrome/135.0.0.0 Safari/537.36"]"Cf-Ray":["930d6555ce688398-SEA"]"Referer":["https://REDACTED-DOMAIN/photos"]"Sec-Fetch-Mode":["cors"]}}Sorry, you can wait some hours to see if it propagates, and then reach out to cloudflare since it’s an issue on their end
Ok, thanks @Zeus
@NAKCity im having the same problem
all day trying to upload from app, using CF proxy
most of them get 100%, but random files stuck on 100%, and none of them is on immich after
experiencing the same issue here. setting the network to detect the local WiFi and configuring the server LAN IP completely alleviates the issue.
doesnt do you any good away from home, but narrows the issue down a little
Me too, I have the same problem.
Hey there! I am facing the same issue. I have two immich instances in two separate networks and locations, both served via CF tunnels. The upload via mobile app (both ios and android) stopped working, if I try to manually upload a picture via the app, i get the "failed" message. Moreover, an upload via web interface on the browser, with the subdomains, works fine.
Same issue on iOS app here. Switched out of cloudflare for the moment.
same issue here, but only on Android (works fine for iOS and web)
Any progress on your search?
not a solution, but i turned off the tunnel and configured nginx for the time being.
which version of server are you using? A friend of mine, using server 1.130.1 dont have the issue, im using 1.131.3 and having issues with backup using CF proxy
Not an option for me. I can't figure nginx out so I'm stuck with Clouflare
I’m on the latest 1.131.3 version on both servers.
I have the same problem on version 1.131.3
same problem here on 1.131.3, been happening since 14/4
uploading over web works fine
just the app that's having an issue
(if yall are still stuck try using tailscale for now?)
I'm also running cloudflared
I don't have the fastest internet so it's not the best choice
valid
it works over slow data under 2mbps but it does cut speed by a bit
Why is cloudflare better than Tailscale for slow internet ..?
Ig it's because cf's server is faster? Idk but that's the result I got
Uh, it’s still going from cloudflare to your home server though
My download speed decrease by half and upload speed goes down to single digit
I'm using zero tier
Maybe your Tailscale is relayed through a slower server
only running immich on tailscale seems to be ok
I really don't know
yeah it should usually be a direct connection anyways
i mean its an option if cf continues to fail
if the speed is really slow just split tunnel everything else so only immich runs on it
Yeah it is but I'm not thrilled about having even slower speed than I have now
Still not a viable option since my family also uses my server
yeah only (few) problem(s) with tailscale is every device has to have it installed
Not if you use funnel
found the docs
Tailscale
Tailscale Funnel · Tailscale Docs
Securely route internet traffic to local services using Tailscale Funnel.
does this bypass cgnat?
that's the main reason why I use cloudflared
Yes
FWIW there’s a lot of other ways to bypass CGNAT
VPS tunnel TCP traffic to home proxy, reverse proxy in a VPS then backend VPN, pangolin, etc
yeah I tried to get a free vps from google and oracle but my visa card is not valid for some reasons 💀
I'm trying to setup a caddy server in my parent's house rn because they're not behind cgnat but I've been having a lot of issues with caddy
okay so Zeus is right, it's totally a cloudflare tunnel problem, I did test uploads from the app using my local ip and it uploads just fine, no idea why but that's how it look like from what I've tested.
Came here to find what's going on, just going to upload via tailscale. Faster and safer.
note to everyone: if youre on a samsung tailscale sometimes kills itself if you're using the app without funnel
Yeah samsung is one of the worst when it comes to killing apps lol
they dont support custom domain names
🙄
Anyone managed to figure out what's changed with Cloudflare?
i mean
compromises
Cloudflare is probably breaking it on purpose. Too many people getting positive results out of using it, can't have that 🙃
ok guys the problem is officially cross platform
android and ios unite
https://discord.com/channels/979116623879368755/1362841728603652308
would be weird if it wasnt
cloudflare hates android users ;_;
Yeah it doesn't matter if iOS or Android, both are broken with CF tunnels at the moment
Surprised no one made a issue here https://github.com/cloudflare/cloudflared
Also @NAKCity you could try asking here https://community.cloudflare.com/c/zero-trust/cloudflare-tunnel/46
I would probably wait for immich 1.132 before complaining to cloudflare in case our patch fixes it
(no ETA)
I'm pretty sure nothing was wrong with the app since it was only happening to me for 3 days and I updated wayyy before that
Cloudflare def did something but we changed something on our end that might be triggering it
I'll try downgrading the android app and see if anything changes
Edit: yeah didnt work either, I'll try making another immich container of an older version
I dont expect that to help. The change was almost certainly on the cloudflare side
Yeah I just finished testing and it still failed, both client and server was 1.131.0
I'm +1 on this issue too. 100% cloudflare did something
Same here, also experiencing the issue on Android outside of my home network
Yeah me too, I didn't realise until I added my daughter to immich, mine are uploaded using local URL
same here..
but auto selecting networks to local/wifi doesnt help
can someone tests this too...
im on lattest server and app
for me everthing fails to upload from app but uploading images from browser works
just now tried to login locally from ip and it works
Then maybe Immich 1.132 will fix it
We did make one small change for 1.132 that we think could be related, but most likely this is just something broken on cloudflare's end
I had a old version and it was affected so this is cloudflares doing. I have other apps that have broke since as well. Moving off of cloudflared (tunnels) and just using the proxy instead.
but for this, tailscale.
Hey, out of curiosity, what else broke for you? @SShizn
Can confirm switching to local server when on my wifi worked for me
temporary solutions for everyone:
1. revert to local server http://localhost:2283
2. tailscale (quite easy to set up from personal experience) https://tailscale.com/
a. tailscale funnel allows you to not need to download the app on every device https://tailscale.com/kb/1223/funnel
3. VPN to home https://docs.pi-hole.net/guides/vpn/wireguard/overview/
4. Reverse Proxy (anything but cloudflare) https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ and https://immich.app/docs/guides/remote-access#option-3-reverse-proxy
https://immich.app/docs/guides/remote-access
That's not really a solution to this bug. It would be fine if it was just me but I've given others access and they're the other side of the planet. Besides I've already invested my time into cloudflare. Cloudflare offers many more security features than the other options.
they serve as temp solutions until cloudflare fixes itself
tailscale funnel might serve its purpose for now
or nginx/caddy
but yeah setting everything up again does take a lot of effort
Do you guys recommend any additional safety measures when exposing via caddy/nginx?
Unfortunately Cloudflare is the security measure
Ironic because they read all your data 👀
Which is why you aim the tunnel at nginx and use https
The vast majority of people have it set up so that cloudflare terminates the client TLS and then starts a new connection from its backend
Easy enough to check by looking at what certificate you're being served
Yeah this doesn’t change the privacy concerns at all, they can still read all your traffic in plain text (unless you pay $$$$ for an enterprise plan and tunnel raw TCP)
Well they can see all my ex girlfriends nude photos I don't care /s
I use fireshare, honestly it shouldn't be behind cloudflared but it worked fine up until then. Some other UI's are slower to load than usual.
Not if it's encrypted through the tunnel. In my case it is, nginx handles this, cloudflare sees encrypted traffic
you are very mistaken, my friend
have you tried to inspect the actual SSL certificate that you get served when visiting the site? It will NOT be the same certificate as your home nginx uses
cloudflare terminates SSL in the cloud and then initiates a new connection to your home nginx
I'm not using cloudflare cert
you don't need to use a cloudflare cert
Here is an example from my site:
Most pages:
Pages that I run through CF:
you can test this with
curl -vactually if you are using warp to expose services they proxy tcp layer and not tls
so i'm getting Let's encrypt cert for my internal services
WARP requires the client app right? That is not what I am talking about here
A client app is the whole thing people try to avoid with cloudflare right? If an app is an option, just use any VPN...
just saying cloudflared and warp are the same service
no they are not
Cloudflare "Zero Trust"
so it can get mixed up in convo if anyone has it set up to not expose services to internet
but again why not just use a normal VPN at that point? cloudflare isn't really adding anything
What I can tell from a quick look:
WARP is client<>cloudflare
cloudflared is server<>cloudflare
They can be used together, but aren't necessarily
what I am referring to here is CF tunnel and CF proxy
either way, cloudflare is in your shit :P
for these two, they can always read your traffic in plain text
there is nothing you can do about that
What IS CF tunnel and CF proxy
Cloudflare tunnels... cloudflare proxy (orange cloud icon)
It is, most people use cloudflare with their custom domain. Custom domains don't work with Tailscale.
The nice thing that CF Tunnel is that you don't have to open any ports, install the software, configure the tunnel and all the magic happens
cloudflare zero trust
zero trust in cloudflare 👍
maybe i worded it poorly, they are part of same product
you can connect with warp to cloudflared services
Sure, but that's not a direct connection
it would never be
It's still going through cloudflare's servers
and they can see the plaintext traffic
only if you have enabled HTTP layer proxying
in zero trust settings
Man, do you all have tinfoil hats on your pictures?
by default its a "dumb" TCP proxy
to be fair yes i get your point
i just want it pointed out
for someone who might now know much
/uj I don't think it's that tinfoily to not want one of the biggest internet companies in the world to want to view all my data and datamine/scan/do whatever else they want 😉
that's one of the reasons I decided to self host
We don't think anyone is looking at our stuff
But they 100% can, easily, in plaintext
The Cloudflare Blog
Password reuse is rampant: nearly half of observed user logins are ...
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
that's the issue
Also a lot of their tools do actually look at your stuff automated, like the one Zeus just linked
not only could they in theory, they actually scan for passwords in a large portion of their client traffic
I know, I specifically meant a person looking at it directly 😛
Does cloudflare (DNS tab, "proxied" switch) proxy requests? yes
Does cloudflare Zero Trust (warp) proxy requests? no/yes, image
I guess everything is being read & checked, nonetheless we had something working and we deliberately chose for it
yes this makes sense. I think few people are using WARP but that's good to know
I think the benefits of WARP are very little
I agree, they are little
its free
nothing else
I use WARP (Zero Trust suite services) for my personal small business, to expose internal services to authorized people within VPN, for example grafana.internal.domain.com
i mean, so is tailscale, and I don't see why you couldn't do the same with that? Just set your domain name to the tailscale IP
Does anyone have a good tutorial on how to configure tailscale to work properly with a custom domain?
I tried funnel, but I receive many redirect errors
My DNS is in CF
they dont support custom domain for internet (external) connections
thats because of their internal structure where they handle it via SNI TLS extension
SNI tells server what domain was used to connect
hence the name Server Name Indication
So the way you would go about it is to make CNAME record pointing to tailscale domain (just like with cloudflare setup)
but since SNI says yourdomain.com they cant route it
(that's my guess)
If I didn't pay my custom domain until 2027 would have just used tailscale funnel but I also use CF zero trust for all my other apps
e.g. home assistant
afaik (dont take it for granted) hosting this type of stuff is against their TOS (that's what I was told by their community expert on their server)
it takes a lot of bandwidth etc
Plus I have my lastname.com which is also a flex
so its expected they wanted to restrict it a bit
Still doesn't explain why the problems only arise on mobile apps but not on the browser
it could be due to chunking, encoding, multiple possible reasons
app "just" has to use same "behavior/logic" as browser
still lame
it was cool setup with cloudflared and custom domain
Could just setup pangolin on a VPS as an alternative to cloudflare tunnel
as someone who doesn't want to rework his setup, but was already using nextcloud in addition to immich, a workaround i came up with is leveraging nextcloud's auto upload functionality combined with external storage support in immich. it works
now i get the same result: images are auto uploaded to immich, albeit in a rounabout way
welp lack of vps is exact reason anyone would want cloudflare tunnel
vps with static, public ip solves most problems
1.132 just dropped, lets hope for the best
It usually takes a day or two before the update gets pushed to Android phones
you can download apk and upgrade it with
adb install app(arm8 prob).apk
im sadly an iphone user and cant do that 🥲 thanks applebut why is still failing if i have set autoselect urls switching? i have set local ip and wifi.. then i connect to wifi and turn off mobile data and it still fails
or is it just me to have this problem
Did you set ip and port?
From my very limited testing the new version didn't fix the problem
its cloudflare
so update shouldnt help
wdym
@BuraG So the server and app had the same version for your testing? I'm waiting for google play store to push the update, cba to install an apk and reconfigure everything
Server is updated here to latest
yes, I updated my android app via github
To be clear, you're still experiencing issues uploading files <100MB via cloudflare tunnels with the latest app version?
yes
Not sure what else we can do then honestly, we don't do anything special in the app, cloudflare tunnels/proxy should just work unless cloudflare have implemented some changes to block this kind of usage
Not sure why they would do that surely there's other video apps causing bigger issues. It's more likely a bug
We started getting reports of this without a new release coming out, so it's unlikely it's on our side
That's possible
I found this video and apparently is't fixes the issue? I didn't have time to test it yet
https://www.youtube.com/watch?v=J4vVYFVWu5Q
Thomas Wilde
YouTube
Can't get past ClouldFlare Zero Trust on Mobile? Do THIS!
You've put your self-hosted Immich application behind a forward authentication layer like Cloudflare Zero Trust (or maybe a self hosted Authentik or Authelia?), but now you can't get the mobile application to work. Noooo!
It's ok! That's why we have service access tokens. So we can get our mobile app to still communicate with our API by bypas...
uploading photos through the nextcloud sync app still works so i wonder what they might be doing differently
Are you using the latest version of the immich app?
Can you send a screenshot showing the app version so we can confirm?
The latest version is not currently on the app store so it's only installed via the apk attached to the github release
ah
the new update fixed it! great!
do you know when it might land on f droid?
Honestly no idea, fdroid runs on their own schedule 😅
fair enough
Doesn't update with the apk from github, will just have to wait I guess haha
Yea it won't, you have to uninstall first which isn't great as it'll mean uploading everything from scratch 😛
It'll forget you've uploaded them before
WOAH fr man?
I already switch to pangolin with ms azure
yes it got fixed!!
Hell yeah
though you'll have to install the apk directly. the new update isn't on google play yet
Still cool that they fixed it tho
Next up
Chunking
They really really need to add chunking
immich works 🥰
ios 1.132 server 1.132 cloudflared 2025.4.0 confirmed on my side
Works for android also
Working here as well with the newest iOS app update
All works, I tested with Immich latest server version & Play store update. All the footage was uploaded through mobile data through CF tunnel
I'm really grateful for this service and software, but just for transparency. What was changed that made everything work again? What was the underlying issue?
https://github.com/immich-app/immich/pull/17671 I think is the one
Our belief is that cloudflare either moved to http2 by default or removed support for http1.1 which is the only place this header works
And somehow that entirely broke uploading
Confirm works on iOS. Thank you dear team!
Thx everyone !
Yes thanks immich legends!