mobile icon indicating copy to clipboard operation
mobile copied to clipboard
verified publisher icon standardnotes

Unknown Error when attempting login to self hosted StandardNotes server

Open bwoodworth opened this issue 5 years ago • 11 comments

I have a self hosted instance of StandardNotes running in docker. When I try to log in using the android app on my phone it just shows 'Unknown Error'.

I am able to log in using the windows application without any issue so I know the server is working properly.

bwoodworth avatar Nov 11 '20 23:11 bwoodworth

Hey @bwoodworth, is your server HTTPS enabled? If not, then you can't use the Android app with that server (this is because HTTP requests are not allowed in latest Android versions).

johnny243 avatar Nov 12 '20 00:11 johnny243

@johnny243 is that a restriction of android or the mobile app? i was wishing to use a server hosted as a tor onion service, which doesn't greatly benefit from https and would likely need to be self-signed. i'm assuming the app does not like self-signed certs either?

lrdvimnnc avatar Jan 16 '21 21:01 lrdvimnnc

Sry for reactivating the ticket, but I feel there is room for improvement here. I have set up a standalone instance of StandartNotes using Docker and secured it with a SSL certificate using ngnix. Using both the app.standardnotes.org app and my local instance of the WebApp I can get to the server. However, when I try to access the URL using my android app, I only get the following error: "Unknown Error". Is there a quick and easy way to show the user a better help for the problem without having to debug the app? For example, the possibility to see an abbreviated StackTrace or to show the most common error sources: no HTTPS usage, a self-made certificate, which therefore will not be accepted or no internet access. The message "Unknown Error" is certainly true but hardly helps the user. As always, however, such problems can also be solved also differently: Is there any documentation that describes what configuration must be done for the android app to work with a self-applied standalone StandardNotes?

e1025735 avatar May 25 '21 19:05 e1025735

@e1025735 can you open a new issue in https://github.com/standardnotes/standalone? Unsure which server configuration you're using (we just launched a new Docker configuration).

Historically I do recall that Android has issues with self-signed certificates.

moughxyz avatar May 26 '21 13:05 moughxyz

Got the same problem with different clients and created a new issue as suggested by @mobitar : https://github.com/standardnotes/standalone/issues/21

mhellmeier avatar Jul 14 '21 15:07 mhellmeier

In my case, I use a 2020 server version, installed directly on the system (without Docker), one day, configuring my new Android phone showed "Unknown Error" on login, and my current phone didn't sync my notes with the session started.

  • After searching in the changelogs I found API updates, to continue using my current setup, I revert the client versions:

My server version is: v3.14.1 (installed directly on the Linux system)

And the last supported versions in desktop and android for my server are: Desktop: v3.8.3 Android: v3.6.10

After revert to those versions and block updates, all work again, I plan to migrate all to Docker in the future to use the last client versions.

CsarGabriel avatar Sep 07 '21 00:09 CsarGabriel

From Android Pie (or so) HTTP request are blocked by default on Android. The Standard Notes android app can now not work easily with a self hosted server (since you might not want to bother with the troubles of a certificate for a server behind a firewall).

Could you please add HTTP network permissions to your app so that self hosting is again possible without trouble? Proposed solution is:

Create a new network_security_config.xml file inside the folder named xml:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

Now in your manifest application tag, add this code

<application ... android:networkSecurityConfig="@xml/network_security_config">
...
</application>

and HTTP traffic should be allowed for your application.

git5001 avatar Oct 04 '21 14:10 git5001

Hmm, downgrading overall security to allow a subset of self-hosters easier config might not be the best idea.

moughxyz avatar Oct 04 '21 15:10 moughxyz

Admittedly you have a point about the security. However, I don't think one should wave the issue away too easily. Getting a (Lets encrypt) certificate behind a firewall and setup a self host with it is not a little bit an "easier config". It more or less kills this use case (unless you have some ease way I don't know about). Also the question is whether the self hoster with vpn behind a firewall is really a small subset or whether this is not a valid use case.

Some suggestions:

  • At very least you should address the error message in the app. "Unknown error" is not good and it took ages to find out what the actual problem was. It should be pointed out in the error message.
  • It might be possible to implement the reduced security and print a BIG warning dialog when someone enters a http address so that the risk is known.
  • If your build process allows it: Would it be possible to build an in-official second app with the reduced security explicitly targeting this use case

Without addressing this issue you surely completely loose this use case.

git5001 avatar Oct 04 '21 19:10 git5001

Getting a (Lets encrypt) certificate behind a firewall and setup a self host with it is not a little bit an "easier config".

@git5001: the DNS-01 solves this issue https://letsencrypt.org/docs/challenge-types/

this does not solve the issue with tor onion services, but i do understand the reasoning why this would not be implemented.

EDIT: also thanks for investigating what actually causes the issue, @git5001. i need to consider building the app myself.

lrdvimnnc avatar Oct 04 '21 19:10 lrdvimnnc

Yes, I am familiar with DNS-01. But this just changes the problem from "impossible" to "quite difficult" :-) You need to:

  • Have a public webhost with proper public name available where you can upload a challenge file for Let's encrypt
  • You need to automate this process to repeat it automatically every 90 days
  • You need to setup an NGINX reverse proxy with the so generated certificate
  • You need to fiddle you local DNS resolution so that the public hostname address is mapped to your internal server when using Standard Notes (as an internal name or IP address will conflict with the certificate)
  • (and of course you need to run the docker images for the standard notes self host)

I think that somewhere along these steps you lost most users.

Maybe an idea would be to add the certificate generation and proxy setup to the standard notes self host docker images. Its 6 or 7 containers anyway so a few more won't matter ;-)

git5001 avatar Oct 05 '21 09:10 git5001