RhubarbBread
RhubarbBread
PostsComments
IImmich
Created by RhubarbBread on 12/29/2024 in #help-desk-support
Mobile photo downloads fail through nginx HTTPS
Hello! I am having trouble getting file downloads to work on mobile (both Android and iOS) when I am connected to my Immich server through an HTTPS connection. If I switch to HTTP (i.e. change the listening port to 80 and comment out the ssl lines), downloads work as expected. HTTPS downloads work as expected in a web browser. I think this is a client-side issue because I don't see any web requests in the nginx access logs when I tap the download button. However, I am struggling to find any errors in the client logs, only a pop up message saying "download failed". The TLS certificate is a wildcard cert signed by my own internal CA which I also use on about a dozen other self-hosted services without issue. The internal CA is trusted by my devices, but I still had to enable the "Allow self-signed SSL certificates" within the app to get it to connect. Clients: Google Pixel 7a Android 14 Immich 1.123.0 build.172 Apple iPhone 13 mini iOS 18.1 Immich 1.123.0 build.186 Server: Ubuntu 24.04.1 Immich v1.123.0 installed via Docker Compose nginx/1.24.0 (Ubuntu) nginx site config: 
upstream primary {
    server localhost:2283;
}

server {
    listen 443;
    server_name photos.example.com;

    ssl on;
    ssl_certificate /etc/ssl/star_example_com_chain.crt;
    ssl_certificate_key /etc/ssl/private/star_example_com.key;

    client_max_body_size 50000M;

    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_http_version 1.1;
    proxy_set_header   Upgrade    $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_redirect     off;

    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    send_timeout       600s;

    location / {
        proxy_pass http://primary;
    }
}
upstream primary {
    server localhost:2283;
}

server {
    listen 443;
    server_name photos.example.com;

    ssl on;
    ssl_certificate /etc/ssl/star_example_com_chain.crt;
    ssl_certificate_key /etc/ssl/private/star_example_com.key;

    client_max_body_size 50000M;

    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_http_version 1.1;
    proxy_set_header   Upgrade    $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_redirect     off;

    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    send_timeout       600s;

    location / {
        proxy_pass http://primary;
    }
}
14 replies