#Public hostname not working for mobile (android) app

I have added a public domain through Cloudflare which works perfectly for the web access, but when I try to setup the server endpoint URL (https://my.public.link) through the app and authenticate with my credentials, I always get an error to check the link, username or password.
The last 2 are, of course, correct. The app works normally when I use my local http://ip:2383. App version is v1.53.0. Attached the .env and .yml files.

Probably I'm missing something, but curious as to what as I seem to have followed all the relevant instructions.

Edit: updated title to more relevant since IMMICH_API_URL_EXTERNAL is not related to this.

You only need to set that env var if you're running a nonstandard deployment, a normal reverse proxy setup should work without it

okay, so I commented this line out and run docker compose up -d but nothing changed really with the error in the app. Could it be something different to look at?

Can you check whether it works if you add /api?

And what is the output of https://my.public.link/.well-known/immich ?

{"api":{"endpoint":"/api"}}

Already tried the /api before but didn't work.

It is a valid SSL certificate, right? A bad certificate is one reason the web might work and the mobile app won't.

seems like it, yes

Is it also from a trusted CA?

I think cloudflare etc. takes care of these, that's why i went with this as a first step for testing before I start digging more into better options

Can you get the log file from the app and post it here?

The Logs option from the app doesn't seem to capture anything relevant and same from docker. Not sure if I'm looking at the right place though.

That's the spot. I'm pretty sure it's supposed to log auth problems 🤔

It's never logged auth errors iirc

https://github.com/immich-app/immich/blob/main/mobile/lib/modules/login/providers/authentication.provider.dart#L71

Or is that not the user-visible logger?

Which has made debugging this exact situation a pain.

Yup

That might not write anything to the user log

Public hostname not working for mobile (android) app

update: I've also put a layer OIDC (authentik) which, again, works for web access but nothing changed for the mobile app. I have tried including app.immich:/ and without it + enable "REDIRECT URI OVERRIDE"

Are you using any other DNS related service from cloudflare?

I would say no. Just a basic free account only for immich and authentik for now

Does it work on the phone on mobile data, not on your local wifi?

the localhost works normally on the app and on wifi. when I switch to the public domain I get these errors in the app. The web access of the public domain works normally outside the home network

Idk. The only thing that i can think of would be a certificate related problem. Connectivity seems to be fine.

Unfortunately the debugging info for those types of errors is missing from the logs right now

If you add /api on the end does that change anything?

nope

Can you successfully run this

openssl s_client -debug -connect www.thedomaintocheck.com:443

sorry for the delay, had to troubleshoot why openssl wasn't running but after I figured that out looks like it runs normally

it's also strange that while the Login with OAuth option is available when using localhost in the app, when I use again the public host (incl. all variations) it doesn't show anymore. Let me know if this is any hint, else I guess my only choice is to replace cloudflare tunnel with something else.

That makes sense as the http request to get the OAuth settings is probably failing

Probably for the same reason the login request fails

Does your phone use a proxy or custom DNS server or settings?

I did have a private dns configured on the phone, but I removed it and unfortunately didn't help. nice catch, though. It did give me hope for a second 😅

Cached maybe?

i see that cached dns on android is only on the browser-level, would it affect the app login? I did uninstall & restart though

also cleared the cache for the app & browsers but nothing new

Probably not that then 😁

Bumping this thread since i'm facing the same issue: Can access photos.jeromestephan.de on the web no problem, but with the android app I'm getting a 404 not found as it tries to hit photos.jeromestephan.de/api/.well-known/immich

Anything in the mobile app logs?

Sadly nothing at all. Just if I'm running httpry on the server I see that that it tries to hit that and gives back a 404

update: After using https instead of http it seems to work. Sometimes its the little mistakes...