Local invidious server over SSL marked as invalid - but reachable over web Invidious works

[gianpo86]

I host my invidious on a server (docker) that is reachable over x.x.x.x:port on the LAN. A nginx reverse proxy in front takes care of the SSL and Invidious is reachable over domain at https://invidious.mydomain.org (only LAN) (443 as port, nginix makes the rest)

The config in the invidious API shows that the url is set properly . I can access invidious over Web.

I can also access invidious over Clipious via direct ip adress/port (changing the docker file configs)

If I try to enter the server address in the setup page of Clipious I just get a "Invalid Server" withouth any further error message.

SSL verification is enabled

Fresh installation of Clipious 1.17.4 on Android TV

I would like to add some logs or so, the problem is I have no idea how to get to the logs on the Android TV

[lamarios]

Is it a self sign ssl certificate ?

[gianpo86]

It is a Let’s Encrypt certificate, issued via Ngnix Proxy Manager and provided via .mywire.org over DynDns

[lamarios]

which android version is your android tv ? there are some issues with old box sets where root CAs are not updated there and ssl verification would fail, disabling the verification would help in that case.

I need to improve the error message though.

[gianpo86]

Thanks for your reply, It is a Philips 65oled857 from early 2023, Android TV™ 11 (R). I doubt it is due to the age of the TV OS cause it is pretty new . Moreover, I can access all the public invidious Server listed in the app. What is strange it is just with my domain and I suppose there is smth with my certificate.

I also tried with disabling the ssl verification in clipious…

what I also tried is changing the Ngnix reverse proxy settings (force SSL, Use HTST and so on…no change helped so far)…

I would really like to provide a log 😔

[lamarios]

can you give me the content of whats in /api/v1/stats url on your server ?

[lamarios]

I've implemented a fix for better error handling when adding a server. If you know how to build a branch and use it feel free to have a try otherwise, it will be in the next release, this week end maybe.

https://github.com/lamarios/clipious/pull/405

[gianpo86]

can you give me the content of whats in /api/v1/stats url on your server ?

{"software":{"name":"invidious","version":"2023.12.01-d76fed5","branch":"master"}}

[gianpo86]

I've implemented a fix for better error handling when adding a server. If you know how to build a branch and use it feel free to have a try otherwise, it will be in the next release, this week end maybe.

405

It is a matter of time :D maybe I have the time to build and install, otherwise if you are quicker I get it on the release. Many thanks for the effort!!!!

[lamarios]

can you give me the content of whats in /api/v1/stats url on your server ?

{"software":{"name":"invidious","version":"2023.12.01-d76fed5","branch":"master"}}

This looks correct. Even more puzzling 😅

[gianpo86]

Super eager to log on the TV... I am sure it is a mini thing on my Cert/SSL settings

[lamarios]

I released the app, please give it a try to we can see what's going on.

[gianpo86]

Thanks a lot for the fastest release ever 📦 !!! Now I am very curious to know why this issue pops up! This is the message I get after trying to add the server:

ClientException with SocketException: No route to host (OS Error: No route to host, errno = 113), address =
invidious.mydomain.mywire.org, port = 58504, uri=https://invidious.mydomain.mywire.org/api/v1/stats

Of course the port is wrong I guess...

Though my docker_compose:

      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: user
          password: pass
          host: invidious-db
          port: 5432
        check_tables: true
        captcha_enabled: false
        default_user_preferences:
          locale: de
          region: DE
        external_port: 443
        domain: invidious.mydomain.mywire.org
        hmac_key: some-key
        https_only: true

Why the heck does it try to connect on 58504?

[lamarios]

Yeah that's a weird one. Do you have any firewall or middle ware that could do such things?

[gianpo86]

Honestly, not that I would be aware of. That domain is made available over local DNS by Pinhole and the destination is reverse proxyied by Ngnix where the Invidious port is 8888 …nothing exotic…and the domain resolution works both on browser and pinging by every side of the network..

can you tell me where does Clipious reads/infers the port from? Than maybe I find the root cause

[wbradley93]

Seeing this same behavior (trying to access the instance on a random port) on Android TV (Accrescent v1.21.2), but not on mobile Android (F-Droid v1.20.0), where I'm able to access my instance without any issue.

Edit to add: I reinstalled via F-Droid on my tv (same version - 1.20.0) and got the same error, so it seems to be something specific to Android TV. Also, entering the server url and hitting 'ok' a bunch of times resulted in a number of error popups with the same message as above - the interesting thing is that the port Clipious tried to connect over was different for each one. So it seems like a random port is being chosen (always in the 3XXXX range - server port is 3000 and it's being proxied into over 443 via nginx), rather than being read from a proper source.