immich icon indicating copy to clipboard operation
immich copied to clipboard

Published 20 hours ago verified publisher icon immich-app

[BUG] Android version don't lets you enable self-signed SSL certificates

Open br4yd opened this issue 1 year ago • 5 comments

The bug

It is not possible to toggle the switch in the app settings on Android to allow self-signed SSL certificates, which makes it impossible to login to the instance for some setups where a signed SSL certificate is not possible on the server side.

The OS that Immich Server is running on

Synology DSM 7.2-64570 Update 1 (Container Manager)

Version of Immich Server

v1.89.0

Version of Immich Mobile App

v1.89.0

Platform with the issue

  • [ ] Server
  • [ ] Web
  • [X] Mobile

Your docker-compose.yml content

version: "3.8"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: ["start.sh", "immich"]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
      - 3001:3001
    depends_on:
      - redis
      - database
      - typesense
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends:
    #   file: hwaccel.yml
    #   service: hwaccel
    command: ["start.sh", "microservices"]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    depends_on:
      - redis
      - database
      - typesense
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - ./model-cache:/cache
    env_file:
      - .env
    restart: always

  typesense:
    container_name: immich_typesense
    image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd
    environment:
      - TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
      - TYPESENSE_DATA_DIR=/data
      # remove this to get debug messages
      - GLOG_minloglevel=1
    volumes:
      - ./tsdata:/data
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3
    restart: always

  database:
    container_name: immich_postgres
    image: postgres:14-alpine@sha256:28407a9961e76f2d285dc6991e8e48893503cc3836a4755bbc2d40bcc272a441
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
    volumes:
      - ./pgdata:/var/lib/postgresql/data
    restart: always

Your .env content

# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

# The location where your uploaded files are stored
UPLOAD_LOCATION=./library

# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=v1.89.0

# Connection secrets for postgres and typesense. You should change these to random passwords
TYPESENSE_API_KEY=some-random-text
DB_PASSWORD=XXX

# The values below this line do not need to be changed
###################################################################################
DB_HOSTNAME=immich_postgres
DB_USERNAME=XXX
DB_DATABASE_NAME=immich

REDIS_HOSTNAME=immich_redis

Reproduction steps

1. Open the mobile app on Android
2. Click on the settings gear
3. Scroll down to the last main category and expand it ("Sonstige" in German)
4. Try to enable self-signed SSL certificates. Trying to enable it does nothing or instantly disables it

Additional information

No response

br4yd avatar Dec 03 '23 19:12 br4yd

Can you try reinstalling the app and check if you can toggle the button then? It can be toggled only before logging in.

shenlong-tanwen avatar Dec 05 '23 15:12 shenlong-tanwen

Tried reinstalling the app but no I still can't toggle it.

Edit: Worked after cleaning cache and user data. However IMO you should be able to toggle this setting even without doing this. It doesn't make sense from a UX perspective to make it impossible to toggle that setting without reinstalling the app. Especially because the toggle is showed as "I'm toggable".

br4yd avatar Dec 07 '23 18:12 br4yd

I was also effected by this bug, because I changed internal domain name.

NextBlaubeere avatar Feb 07 '24 23:02 NextBlaubeere

The iOS app v.1.99.0 has the same issue.

veritas06 avatar Mar 21 '24 01:03 veritas06

Reinstalled the app, somehow managed to switch on this toggle, but error still persist.

Error toast message: There was an Handshake Exception with the server. Enable self-signed certificate support in the settings if you are using a self-signed certificate.

Error log: Failed to resolve endpoint. HandshakeException: Handshake error in client (OS Error: TLSV1_ALERT_ACCESS_DENIED(tls_record.cc:592)

Android v1.99.0

BoreasMun avatar Mar 23 '24 18:03 BoreasMun