Cannot sync to selfhosted instance on Android 10

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

Apologies if this should be posted under the "server" repository instead but every other client works fine with my setup.

Describe the Bug

I have a self-hosted instance running at ports 8393 for HTTP and 8394 for HTTPS, behind an nginx reverse proxy routing to port 8393. SSL is configured at reverse proxy level. I can access everything and sync properly fine from browser add-ons and the desktop client, but not the mobile client on Android 10.

The app manages to log in to my instance but whenever I try to sync I get a toast with "Syncing Failed".

Steps To Reproduce

1. Open App.
2. Log in to self-hosted instance.
3. Click on the context menu on top right.
4. Click on "Sync".

Expected Result

My vault entries appearing on the mobile app.

Actual Result

A toast displaying "Syncing failed"

Environment

• Device: OnePlus 6
• Operating system: Android 10.3.2
• Build Version (go to "Settings" → "About" in the app): 2.3.1 (2257)
• Is this a Beta release? N

Additional Context

The instance I am trying to connect to is self-hosted and is behind a reverse proxy so I can run it alongside other servers on my machine and not have it bind to 80 / 443. I also installed the cert I have on the reverse proxy manually to the android device to no avail. It also seems like I can connect fine to the vault using the phone's browser, it's just the app not working.

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

Check your server's SSL config here: https://www.digicert.com/help/

Any issues?

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

Nope, all green.

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

This is the official Bitwarden server? Or some other community edition?

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

I am using the official Bitwarden server self hosted via its docker image as described in this this guide, not Bitwarden_rs or similar, if that's what your question is.

The main difference is that I have it running on ports other than 80 and 443, and then I am accessing the instance via a reverse proxy on my own nginx server (outside of the docker network), and it's at that proxy level where SSL is set up, which I think is probably the issue here.

Do you have any ideas on how I could debug the android client's connection to my Bitwarden instance? Are there any logs I could check on either side?

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

I would like to add that I just tested it with the iOS version of the client, and that works fine. So it seems to be just the Android version of the mobile client that is having this issue.

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

The only time I have never seen this occur is when there is some SSL related issue. Could you share your server URL here or via email so I could test against it?

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

Sure, I would prefer sharing it via e-mail though. What address should I mail it to?

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

support@bitwarden.com and just put "attention kspearrin" with a link to this issue.

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

Sent and included the phrase in both the title and body, thank you for any help in advance!

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

I debugged your server and here is the response I am getting when calling any authenticated API from the android app:

<html>
<head><title>400 Request Header Or Cookie Too Large</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
</body>
</html>

It seems you need to update your nginx proxy to allow larger header sizes.

[O0ZNXFUAlh3KFOmpdNBBj3BISSNkamDOfR1rWKi]

Perfect, thank you so much for taking your time to debug this.

For future reference I solved this by adding the following to my server block and it now works fine with the Android client.

server {
    ....
    large_client_header_buffers 4 32k;
    ...
}