Cloudflare Tunnel w/ Service Token Unresponsive On Web Browser
I've been running immich for a long time now, love it. I have been having been experiencing some weird behavior with cloudflare zero trust though. Wanted to see if anyone else has seen this before I dig in too far myself...
Setup:
Docker compose runs both Immich and Cloudflare tunnel, the tunnel is setup with two policies, one regular allow via either GitHub SSO or Email Auth, the other is a bypass policy setup for the mobile app using a service token. (Not shure what guide I followed to setup the service token awhile back).
Issue: Ever since setting up the service token I can only successfully log-in to Immich web if I am in a private browser window or clear browser data (Consistent across multiple devices). If I attempt to log-in using on a browser that had been logged in sense resetting browser data it appears as though CF does create the tunnel, because I can see the Immich Logo, but it just sits there and spins (screenshot)...
Troubleshooting Steps:
I did try and move some CF policies around thinking that the order of policies was causing issues, that didn't make any difference. The fact that I am getting to the Immich logo makes me think that it's something on the Immich side, not CF?
Any ideas?
1 Reply
:wave: Hey @yeethan,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.
Successfully submitted, a tag has been added to inform contributors. :white_check_mark: