Unable to access Immich over Cloudflare Tunnel

The bug

Last time I accessed my Immich server, I was running 1.106.4 and it was working as expected. Today I tried to access it again, through the Cloudflare Tunnel I set up, and after entering my email and password, I was presented the message:

🚨 Error - Something went wrong

Invalid or unexpected token (500)

I tried to clean the cache, icognito mode, even other browsers, and got the same result. Then I tried accessing straight via network, using the local IP address and it just logged in and worked just fine. I noticed that it had been update to v1.107.2.

I thought something could be wrong with the Cloudflare setup, so I tried to tweak some things, even bypassing the tunnel authentication entirely, and I still couldn't get it to work. Finally I tried to downgrade the server. I teste with 1.106.4 again, then 1.107.0 and 1.107.1 and they all worker. Something must be happening specifically with 1.107.2, I suppose.

The OS that Immich Server is running on

Ubuntu Server 24.04

Version of Immich Server

v1.107.2

Version of Immich Mobile App

Platform with the issue

[X] Server
[ ] Web
[ ] Mobile

Your docker-compose.yml content

#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#

name: immich

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      - immich_library:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
      - photos:/mnt/photos
    deploy:
      resources:
        limits:
          cpus: "6"
          memory: 4G
    env_file:
      - .env
    ports:
      - 2283:3001
    depends_on:
      - redis
      - database
    restart: unless-stopped

  immich-machine-learning:
    container_name: immich_machine_learning
    # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - model-cache:/cache
    deploy:
      resources:
        limits:
          cpus: "2"
          memory: 1G
    env_file:
      - .env
    restart: unless-stopped

  redis:
    container_name: immich_redis
    image: docker.io/redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
    healthcheck:
      test: redis-cli ping || exit 1
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 128M
    restart: unless-stopped

  database:
    container_name: immich_postgres
    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
    volumes:
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    deploy:
      resources:
        limits:
          cpus: "2"
          memory: 1G
    healthcheck:
      test: pg_isready --dbname='${DB_DATABASE_NAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
    restart: unless-stopped

volumes:
  model-cache:
  photos:
    driver: local
    driver_opts:
      type: cifs
      device: //${SMB_HOST}/photos
      o: username=${SMB_USERNAME},password=${SMB_PASSWORD},iocharset=utf8,rw,uid=1000
  immich_library:
    driver: local
    driver_opts:
      type: cifs
      device: //${SMB_HOST}/photos/.immich
      o: username=${SMB_USERNAME},password=${SMB_PASSWORD},iocharset=utf8,rw,uid=1000

Your .env content

# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

UPLOAD_LOCATION="./library"
DB_DATA_LOCATION="./postgres"

TZ="America/Sao_Paulo"

IMMICH_VERSION="release"

DB_DATABASE_NAME="immich"
DB_PASSWORD='redacted'
DB_USERNAME="immich"

# SMB Shares
SMB_HOST="redacted"
SMB_USERNAME="redacted"
SMB_PASSWORD='redacted'

Reproduction steps

1. Setup Immich v1.107.2
2. Validate that you can access it via local network
3. Setup Cloudflared Tunnel connecting a domain to your `http://local_ip:2283`
4. Try to log-in using the tunnel

Relevant log output

From the Chrome debug console:
.z76-2vVy.js:2 [hooks.client.ts]:handleError Invalid or unexpected token SyntaxError: Invalid or unexpected token (at favorite-action.DocxO_Td.js:1:1)
ie @ app.z76-2vVy.js:2
D @ entry.BiGLZ5Ak.js:1
Le @ entry.BiGLZ5Ak.js:1
await in Le (async)
Y @ entry.BiGLZ5Ak.js:1
Se @ entry.BiGLZ5Ak.js:1
en @ entry.BiGLZ5Ak.js:1
ln @ entry.BiGLZ5Ak.js:1
(anonymous) @ photos:79
Promise.then (async)
(anonymous) @ photos:78

Additional information

No response

immich-app / immich