search

immich-app / immich

High performance self-hosted photo and video management solution.
https://immich.app
GNU Affero General Public License v3.0
44.69k stars 2.17k forks source link

Immich App - Video playback error when using TLS Client certificates (Android) #11418

Closed olokelo closed 1 month ago

olokelo commented 1 month ago

The bug

I'm very excited for the new client certificates TLS feature ( thanks @yjiang-c ) as I'm using them for all my self hosted apps.

However after installing newest version of android app and importing necessary certificate, none of my videos are playing. If I try to play them from the app they turn into grey screen immediately after being loaded. When I turn off certificate verification on my proxy server (Nginx Proxy Manager) the playback starts without any issue.

The OS that Immich Server is running on

Docker 27.1.1 on Debian 12

Version of Immich Server

v1.110.0

Version of Immich Mobile App

v1.110.0

Platform with the issue

Your docker-compose.yml content

version: '3.5'
services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - ./Data:/Data:ro
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
      - 80:3001
    depends_on:
      - redis
      - database
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  redis:
    container_name: immich_redis
    image: docker.io/redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
    volumes:
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    healthcheck:
      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
    restart: always

volumes:
  model-cache:

Your .env content

UPLOAD_LOCATION=./containers-storage/immich
DB_DATA_LOCATION=./containers-storage/immich-db
TZ=Europe/Warsaw
IMMICH_VERSION=release
DB_PASSWORD=***
DB_USERNAME=postgres
DB_DATABASE_NAME=immich

Reproduction steps

1. Install newest android app (v1.110.0)
2. Import your client cert
3. Log in
4. Try playing back any video

Relevant log output

Relevant adb logcat portion
...
07-29 00:42:13.896  5272  5298 I flutter : Enabled high refresh mode
07-29 00:42:13.903  5272  5298 I flutter : [INFO] [2024-07-29 00:42:13.902938] Setting client certificate
07-29 00:42:15.624  5272  5298 I flutter : Current themeMode system
07-29 00:42:15.630  5272  5298 I flutter : App Init Completed
07-29 00:42:15.957  5272  5298 I flutter : [INFO] [2024-07-29 00:42:15.957763] Pinging server with response code 200
07-29 00:42:16.079  5272  5298 I flutter : Attempting to connect to websocket
07-29 00:42:16.079  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.079395] ignoring socket cache for https://my.external.domain
07-29 00:42:16.079  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.079480] readyState closed
07-29 00:42:16.079  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.079521] opening https://my.external.domain
07-29 00:42:16.079  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.079614] creating transport "websocket"
07-29 00:42:16.080  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.080215] setting transport websocket
07-29 00:42:16.080  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.080285] connect attempt will timeout after 20000
07-29 00:42:16.080  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.080336] readyState opening
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241520] socket receive: type "open", data "{"sid":"xSEy6bUBFy4ow9qJAABM","upgrades":[],"pingInterval":25000,"pingTimeout":20000,"maxPayload":1000000}"
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241627] socket open
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241641] open
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241650] cleanup
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241677] transport is open - connecting
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241691] writing packet {type: 0, data: null, nsp: /}
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241701] encoding packet {type: 0, data: null, nsp: /}
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241747] encoded {type: 0, data: null, nsp: /} as 0
07-29 00:42:16.241  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.241764] flushing 1 packets in socket
07-29 00:42:16.256  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.256510] socket receive: type "message", data "0{"sid":"jE-TUriO0etDg_3RAABN"}"
07-29 00:42:16.256  5272  5298 I flutter : Established Websocket Connection
07-29 00:42:16.266  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.266463] socket receive: type "message", data "2["on_server_version",{"options":{},"loose":false,"includePrerelease":false,"raw":"1.110.0","major":1,"minor":110,"patch":0,"prerelease":[],"build":[],"version":"1.110.0"}]"
07-29 00:42:16.275  5272  5298 I flutter : [FINE] [2024-07-29 00:42:16.275751] socket receive: type "message", data "2["on_new_release",{"isAvailable":false,"checkedAt":"2024-07-28T21:21:28.394Z","serverVersion":{"major":1,"minor":110,"patch":0},"releaseVersion":{"major":1,"minor":110,"patch":0}}]"
07-29 00:42:16.489  5272  5298 I flutter : refreshRemoteAssets full took 91ms
07-29 00:42:16.491  5272  5298 I flutter : refreshRemoteAlbums took 411ms
07-29 00:42:16.499  5272  5298 I flutter : changedUsers: true, newRemote: false, newLocal: false
07-29 00:42:16.500  5272  5298 I flutter : [INFO] [2024-07-29 00:42:16.500015] Load assets: 399ms
07-29 00:42:22.474  5272  5298 I flutter : PlatformException(VideoError, Video player had error y2.r: Source error, null, null)
07-29 00:42:22.476  5272  5298 I flutter : #1      AsyncError.value (package:riverpod/src/common.dart:494:0)
07-29 00:42:22.476  5272  5298 I flutter : #2      VideoViewerPage.build (package:immich_mobile/pages/common/video_viewer.page.dart:36:0)
07-29 00:42:22.476  5272  5298 I flutter : #3      _ConsumerState.build (package:flutter_riverpod/src/consumer.dart:476:0)
07-29 00:42:22.476  5272  5298 I flutter : #4      StatefulElement.build (package:flutter/src/widgets/framework.dart:5599:0)
07-29 00:42:22.476  5272  5298 I flutter : #5      ConsumerStatefulElement.build (package:flutter_riverpod/src/consumer.dart:539:0)
07-29 00:42:22.476  5272  5298 I flutter : #6      HookElement.build (package:flutter_hooks/src/framework.dart:438:0)
07-29 00:42:22.476  5272  5298 I flutter : #7      ComponentElement.performRebuild (package:flutter/src/widgets/framework.dart:5487:0)
07-29 00:42:22.476  5272  5298 I flutter : #8      StatefulElement.performRebuild (package:flutter/src/widgets/framework.dart:5650:0)
07-29 00:42:22.476  5272  5298 I flutter : #9      Element.rebuild (package:flutter/src/widgets/framework.dart:5203:0)
07-29 00:42:22.476  5272  5298 I flutter : #10     BuildOwner.buildScope (package:flutter/src/widgets/framework.dart:2905:0)
07-29 00:42:22.476  5272  5298 I flutter : #11     WidgetsBinding.drawFrame (package:flutter/src/widgets/binding.dart:1136:0)
07-29 00:42:22.476  5272  5298 I flutter : #12     RendererBinding._handlePersistentFrameCallback (package:flutter/src/rendering/binding.dart:443:0)
07-29 00:42:22.476  5272  5298 I flutter : #13     SchedulerBinding._invokeFrameCallback (package:flutter/src/scheduler/binding.dart:1392:0)
07-29 00:42:22.476  5272  5298 I flutter : #14     SchedulerBinding.handleDrawFrame (package:flutter/src/scheduler/binding.dart:1313:0)
07-29 00:42:22.476  5272  5298 I flutter : #15     SchedulerBinding._handleDrawFrame (package:flutter/src/scheduler/binding.dart:1171:0)
07-29 00:42:22.476  5272  5298 I flutter : #16     _invoke (dart:ui/hooks.dart:312:0)
07-29 00:42:22.476  5272  5298 I flutter : #17     PlatformDispatcher._drawFrame (dart:ui/platform_dispatcher.dart:419:0)
07-29 00:42:22.476  5272  5298 I flutter : #18     _drawFrame (dart:ui/hooks.dart:283:0)
07-29 00:42:22.476  5272  5298 I flutter : [SEVERE] [2024-07-29 00:42:22.476293] FlutterError - Catch all

Relevant logs from my Nginx Proxy Manager instance
...
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/server-info/ping" [Client x.x.x.x] [Length 14] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/.well-known/immich" [Client x.x.x.x] [Length 27] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/users/me" [Client x.x.x.x] [Length 386] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/users/me/preferences" [Client x.x.x.x] [Length 254] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - POST https my.external.domain "/api/auth/validateToken" [Client x.x.x.x] [Length 19] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/server-info/version" [Client x.x.x.x] [Length 33] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/server-info/features" [Client x.x.x.x] [Length 240] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/users" [Client x.x.x.x] [Length 269] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/users" [Client x.x.x.x] [Length 269] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/assets/memory-lane?day=29&month=7" [Client x.x.x.x] [Length 27529] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/server-info/config" [Client x.x.x.x] [Length 155] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/partners?direction=shared-by" [Client x.x.x.x] [Length 2] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/partners?direction=shared-by" [Client x.x.x.x] [Length 2] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/partners?direction=shared-with" [Client x.x.x.x] [Length 152] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/partners?direction=shared-with" [Client x.x.x.x] [Length 152] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/albums" [Client x.x.x.x] [Length 2] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - POST https my.external.domain "/api/sync/delta-sync" [Client x.x.x.x] [Length 50] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:17 +0000] - 200 200 - GET https my.external.domain "/api/assets/memory-lane?day=29&month=7" [Client x.x.x.x] [Length 27529] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:20 +0000] - 200 200 - POST https my.external.domain "/api/auth/validateToken" [Client x.x.x.x] [Length 19] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"
[28/Jul/2024:22:42:20 +0000] - - 400 - GET https my.external.domain "/api/assets/a0c25328-c05c-4bdf-83fd-edf06818a224/video/playback" [Client x.x.x.x] [Length 234] [Gzip -] [Sent-to ] "ExoPlayer" "-"
[28/Jul/2024:22:42:20 +0000] - - 400 - GET https my.external.domain "/api/assets/a0c25328-c05c-4bdf-83fd-edf06818a224/video/playback" [Client x.x.x.x] [Length 234] [Gzip -] [Sent-to ] "ExoPlayer" "-"
[28/Jul/2024:22:42:21 +0000] - - 400 - GET https my.external.domain "/api/assets/a0c25328-c05c-4bdf-83fd-edf06818a224/video/playback" [Client x.x.x.x] [Length 234] [Gzip -] [Sent-to ] "ExoPlayer" "-"
[28/Jul/2024:22:42:23 +0000] - - 400 - GET https my.external.domain "/api/assets/a0c25328-c05c-4bdf-83fd-edf06818a224/video/playback" [Client x.x.x.x] [Length 234] [Gzip -] [Sent-to ] "ExoPlayer" "-"
[28/Jul/2024:22:42:32 +0000] - 101 101 - GET https my.external.domain "/api/socket.io/?EIO=4&transport=websocket" [Client x.x.x.x] [Length 506] [Gzip -] [Sent-to immich.home] "Dart/3.4 (dart:io)" "-"

Additional information

I'm using Android 14 (LineageOS 21) on Oneplus 7T. App was installed from GitHub apk file. Original videos are encoded in AV1, transcoding is disabled completely. They are playing back just fine in the app when using http or https without client certs. Based on the logs above I suspect ExoPlayer might not be presenting client certificate to the server properly.

The Immich web app handles video playback without issues. Here are Nginx Proxy Manager logs when playing video in the browser

[28/Jul/2024:22:52:52 +0000] - 200 200 - GET https my.external.domain "/photos" [Client 10.2.3.3] [Length 1131] [Gzip 2.72] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-"
[28/Jul/2024:22:52:52 +0000] - 101 101 - GET https my.external.domain "/api/socket.io/?EIO=4&transport=websocket" [Client 10.2.3.3] [Length 1439] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-"
[28/Jul/2024:22:52:52 +0000] - 304 304 - GET https my.external.domain "/custom.css" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:52 +0000] - 304 304 - GET https my.external.domain "/favicon.ico" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:52 +0000] - 304 304 - GET https my.external.domain "/api/users/me" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:52 +0000] - 304 304 - GET https my.external.domain "/api/users/me/preferences" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 304 304 - GET https my.external.domain "/api/server-info/about" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 200 200 - GET https my.external.domain "/api/server-info/storage" [Client 10.2.3.3] [Length 181] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 304 304 - GET https my.external.domain "/api/timeline/buckets?isArchived=false&size=MONTH&withPartners=true&withStacked=true" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 304 304 - GET https my.external.domain "/api/assets/memory-lane?day=29&month=7" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 304 304 - GET https my.external.domain "/api/server-info/storage" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 304 304 - GET https my.external.domain "/api/server-info/features" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:53 +0000] - 304 304 - GET https my.external.domain "/api/server-info/config" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:54 +0000] - 304 304 - GET https my.external.domain "/api/timeline/bucket?isArchived=false&size=MONTH&timeBucket=2024-07-01T00%3A00%3A00.000Z&withPartners=true&withStacked=true" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:54 +0000] - 200 200 - GET https my.external.domain "/sw.js" [Client 10.2.3.3] [Length 1131] [Gzip 2.72] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/sw.js"
[28/Jul/2024:22:52:54 +0000] - 304 304 - GET https my.external.domain "/api/server-info/about" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:54 +0000] - 304 304 - GET https my.external.domain "/api/server-info/about" [Client 10.2.3.3] [Length 0] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
[28/Jul/2024:22:52:56 +0000] - 206 206 - GET https my.external.domain "/api/assets/a0c25328-c05c-4bdf-83fd-edf06818a224/video/playback?c=qcQQtAKKngkb7ymquhPYWuUPGNQ%3D" [Client 10.2.3.3] [Length 999016] [Gzip -] [Sent-to immich.home] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "https://my.external.domain/photos"
mmomjian commented 1 month ago

I feel like this is probably related to #5553

olokelo commented 1 month ago

@mmomjian Thank you for quick response. This issue might be related however I'm not using self signed CA. I have a proper TLS server certificate issued by Let's Encrypt.

yjiang-c commented 1 month ago

@mmomjian I will have a look. But based on my understanding, it could be same root cause in #5553. If allow self signed certificate setting can cause the issue, the client certificate setting could have the same issue because both settings are SSL options.

bo0tzz commented 1 month ago

This'll be the same root cause indeed, so I'm closing this as a duplicate.