Android app not resolving immich API calls
On browser for both desktop and android Immich is resolved correctly (can log in, can click and enlarge images) but on the Android app DNS fails for some reason.
The DNS is dictated by tailscale and as I said, Immich works on browser. I think this has to do with how the app is resolving domain names not using the VPN DNS and using DHCP DNS instead?
also is likely a duplicate of https://github.com/immich-app/immich/issues/15547 since it works fine directly via IP
Is there a way to force it to use the correct DNS or should I wait for an update?
35 Replies
:wave: Hey @hyperboly,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs
docs
- Container Status: docker ps -a
docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
[Issue] Incorrect dns resolving of server URL in Android mobile app (immich-app/immich#15547)
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l
and df -h
).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close
command, and re-open it later if needed.
Successfully submitted, a tag has been added to inform contributors. :white_check_mark:Hi @hyperboly what OS is this, what do you mean "DNS dictated by Tailscale" and are you using ipv4 or v6
android app. the android dns server is set by tailscale
using ipv4
forgot to put versions
immich 1.139.4
android 1.138.0
tailscale points to a local DNS that includes the A record for immich if that helps
When you say works from browser, you mean the browser on the phone I assume?
is "Override local DNS" set to on?
yeah
yeah
Have you tried force closing the app and reopening, to dismiss any IP caching
the servers are accessible via a subnet router, which is active and working evident since other apps like jellyfin work

is there a special way to do this?
No, just closing it completely
I know for sure we don't hardcode dns addresses though, so definitely not that
ok
yeah i was thinking maybe the way you guys query is through a different API? im not sure
still not working, cleared cache and storage. server not accessible
still works on the browser
I remember hearing about this before but I can't seem to find it specifically
i think the github issue is the closest thing i saw to my issue
What if you use the tailscale magic dns name, does that connect?
the immich server doesnt have tailscale installed 🙁 i prefer to have it routed through the subnet router
i can try but it won't be a fix to my problem
btw the same way its routed works on jellyfin, gotify and proxmox apps
this is so i dont max out the free tier if i remember correctly on why i did that a couple years back
uhh
there's 100 devices in the free tier
You should use a proxy frontend on one device for services
i made the decision before the change and too lazy to change my whole setup now
yeah i have HAproxy running locally for htat
client -> tailnet -> subnet router -> DNS -> haproxy -> actual host
looks something like that
and it aint broke so i didn't touch it
oh yeah i forgot to mention the domain works on LAN if i disable the VPN
once the VPN is on it doesn't work
and your other apps keep working with this?
yes
why do you need vpn on lan 👀
heres a stacktrace
so i dont have to turn it off
and it doesnt work externally so i'd like to get this fixed regardless
Why would you need to turn it on/off, it does that automatically 😛
??
you can turn a VPN off when on LAN?
Tailscale has a built-in setting to turn off when you're connected to certain networks
or vice versa
cool
is that an option in the app?
Yes
It's right in the main menu, "VPN on Demand"
I have it set to always on except for my home wifi
not an option on andorid
wow sorry 🙁
I indeed have iOS
😭
there has to be a difference in the way something like gotify implements queries and immich because gotify works very well. same with chrome
We just use the Dart/Flutter library AFAIK
Not sure why the difference here
cc @shenlong-tanwen you might know
Just curious about the DNS resolving of the app, we use the OS DNS servers AFAIK?
thank you
The app uses the underlying OSes DNS list for resolution. So the issue is most likely with how the network is configured. I don’t use tailscale so I don’t have much knowledge with configuring it. But a quick search showed me that you can configure clients to be exit nodes, and if the routing goes through an exit node, we may also need to enable “Allow local network access” for them to access devices on the local network
exit node doesn't work. if its network configuration how come other apps work?
Have you checked your tailscale ACLs? And can you access your server with the IP address when tailscale is connected?
We don’t do anything different here, so i’m not exactly sure why it isn’t working only with the Immich app
ACLs look fine. IP addr can be connected to its just the domain
🙁
for now i'll use the web version, sorry to bother since its such a niche usecase