Problem with connecting from an android application after configuring an additional proxy on nginx
Hi!
I am trying to connect using the https://immich.localdomain/api from an android application and I get an error: "Could not connect to server"
Logs of the android application are empty, logs of the additional proxy are empty, logs of the built-in proxy are empty.
Network packets from the phone reach the server (I see it through tcpdump)
My config:
Additional nginx proxy is running in docker with network_mode: "host"
proxy.conf:
server {
listen 443 ssl;
server_name immich.localdomain;
client_max_body_size 50000M;
access_log /opt/bitnami/nginx/logs/immich.log; error_log /opt/bitnami/nginx/logs/immich_error.log; ssl_certificate /opt/bitnami/nginx/certs/wildcard.local.pem; ssl_certificate_key /opt/bitnami/nginx/certs/wildcard.local.key; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_redirect off; proxy_pass http://localhost:2283; } } All immich containers are runing in custom bridged network with proxy's exposed ports: - "127.0.0.1:2283:8080" Immich .env: IMMICH_API_URL_EXTERNAL=https://immich.localdomain/api
access_log /opt/bitnami/nginx/logs/immich.log; error_log /opt/bitnami/nginx/logs/immich_error.log; ssl_certificate /opt/bitnami/nginx/certs/wildcard.local.pem; ssl_certificate_key /opt/bitnami/nginx/certs/wildcard.local.key; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_redirect off; proxy_pass http://localhost:2283; } } All immich containers are runing in custom bridged network with proxy's exposed ports: - "127.0.0.1:2283:8080" Immich .env: IMMICH_API_URL_EXTERNAL=https://immich.localdomain/api
7 Replies
Does it work fine in a browser from your phone?
yes
UPD: same problem on ios
Are you using a self signed certificate?
yes, and CA certificate was added to trusted on android
That won't work, the app doesn't support self signed certificates
We're using flutter, which doesn't use the system ca store
very sad, thank you
Fwiw you can get valid certs for free pretty easily from let's encrypt and others, it's worth using that