Can't connect on local network

[cacharle]

I have a photoprism instance on my local network I'd like to sync to with my phone.

When I try to connect to it with this client, I get the following error:

Error: CLEARTEXT communication to photoprism.home not permitted by network security policy

I do not have HTTPS setup for this instance.

I tried with another webdav client (on my desktop) and it worked.

[phpbg]

Hi, thanks for your report.

Indeed connecting over HTTP is forbidden by android security policy since android 9.

While I understand it complicates your home setup, it is an important security measure. When you connect over HTTP, all your data (including login/password) is transmitted in clear.

• If your photoprism instance is exposed over internet, I highly suggest you get proper HTTPS. For example you can use Let's Encrypt with Certbot which are free to use and easy to setup.
• If your photoprism instance is not exposed over internet, you can setup HTTPS with a self signed certificate. In that case you will have to make android trust your certificate, by adding it in android Settings > Encryption and Credentials

Photoprism documentation is a bit light on HTTPS setup. They suggest Traefik or Caddy, but i would personally use either apache, nginx or HAProxy...

NB: it seems photoprism does not preserve file creation/modify timestamps (but it reads them from exif image metadata). Please let me know if you manage to get it work...

[cacharle]

It's not exposed to the internet ofc 😄.

I'll try to get a certificate, thx.

[cacharle]

But I'm confused because I was able to connect to it with DAVx5 (davx5.com). How can it be an Android limitation if another app is able to connect to it?

[phpbg]

You can allow clear text at application level: https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic

DAVx5 did this by adding a custom security policy

I find it dangerous, especially for mobile device that connects to many random networks...

[cacharle]

aah, I see, thank you

[stokito]

I'm using a local WebDAV server on a router and having the TLS really just adds problems. Maybe we can show a warning to a user for the plain HTTP urls?

[phpbg]

That could be a solution (showing a warning). I'll keep this open.

[stokito]

I do have a cert on my router from LetsEncrypt but it's expired. The EasySync just discards the cert without asking. This is probably a correct behavior but I beleive that even self signed certs won't be accepted.

[phpbg]

I do have a cert on my router from LetsEncrypt but it's expired. The EasySync just discards the cert without asking. This is probably a correct behavior but I beleive that even self signed certs won't be accepted.

It is the correct behavior for an expired certificate. Self signed cert should work if you add it to android certificates store, but I havent tried yet...

[phpbg]

Hi @cacharle http is available with latest release.

Please either wait for v1.4 release on google playstore (within few hours), or download the latest version here.

Can you report back if this works for you? (I am also intersted on a photoprism feedback...)

[cacharle]

will do :)

[cacharle]

Just tested it and it works as expected (allows it but shows a warning). Thank you for your work

[phpbg]

Good to know!

Does it integrate well with photoprism? (as we preserve android naming scheme, like "DCIM" folder, I wonder how it looks like in photoprism...)

[cacharle]

Photoprism handles the folder structure without any problem.

It's just a bit annoying that my music and other unrelated files have been copied to my photoprism instance aswell :sweat_smile:. But I saw there is already an issue opened for that #3