Android App Error "Unknown Error" when attempting login to self hosted StandardNotes server

[e1025735]

As requested two days ago in the ticket "Unknown Error when attempting login to self hosted StandardNotes server" I create a new issue for this project.

Setup

I have taken the following steps to set up the selfhosted standardnotes application:

• Following the guide for the standalone with the following .env

  
  LOG_LEVEL=info
  NODE_ENV=production

JWT_SECRET=32 bit Key LEGACY_JWT_SECRET=32 bit Key AUTH_JWT_SECRET=32 bit Key

EXPOSED_PORT=5001

DB_HOST=db DB_REPLICA_HOST=db DB_PORT=3306 DB_USERNAME=std_notes_user DB_PASSWORD=32 bit Key DB_DATABASE=standard_notes_db DB_DEBUG_LEVEL=all DB_MIGRATIONS_PATH=dist/migrations/*.js

REDIS_URL=redis://cache

DISABLE_USER_REGISTRATION=false

ACCESS_TOKEN_AGE=5184000 REFRESH_TOKEN_AGE=31556926

EPHEMERAL_SESSION_AGE=259200

MAX_LOGIN_ATTEMPTS=6 FAILED_LOGIN_LOCKOUT=3600

PSEUDO_KEY_PARAMS_KEY=32 bit Key

SNS_TOPIC_ARN= SNS_AWS_REGION= SQS_QUEUE_URL= SQS_AWS_REGION= S3_AWS_REGION= S3_BACKUP_BUCKET_NAME=

USER_SERVER_REGISTRATION_URL= USER_SERVER_AUTH_KEY=

REDIS_EVENTS_CHANNEL=events

INTERNAL_DNS_REROUTE_ENABLED=false EXTENSIONS_SERVER_URL=http://extensions-server:3004 AUTH_SERVER_URL=http://auth:3000

EMAIL_ATTACHMENT_MAX_BYTE_SIZE=10485760

REVISIONS_FREQUENCY=300

NEW_RELIC_ENABLED=false NEW_RELIC_APP_NAME="Syncing Server JS" NEW_RELIC_LICENSE_KEY= NEW_RELIC_NO_CONFIG_FILE=true NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false NEW_RELIC_LOG_ENABLED=false NEW_RELIC_LOG_LEVEL=info

* Create a ngnix config for a reverse proxy

```server {
        listen 5000 ssl;

        ssl_certificate /etc/letsencrypt/certs/standardnotes.crt;
        ssl_certificate_key /etc/letsencrypt/certs/standardnotes.key;
        ssl_protocols TLSv1.2 TLSv1.3;

        location / {
                proxy_pass "http://127.0.0.1:5001";
        }
}

• following the web app guide with the following docker command

docker run -d -p 5003:3001 --env-file=/path/to/file/.env standardnotes/web:stable

with the following .env file

PORT=3001
WEB_CONCURRENCY=0
RAILS_LOG_TO_STDOUT=true
RAILS_SERVE_STATIC_FILES=true
SECRET_KEY_BASE=32 bit Key
APP_HOST=http://localhost:3001

EXTENSIONS_MANAGER_LOCATION=extensions/extensions-manager/dist/index.html
BATCH_MANAGER_LOCATION=extensions/batch-manager/dist/index.min.html
SF_DEFAULT_SERVER=https://STATIC_IP:5000

DEV_DEFAULT_SYNC_SERVER=https://STATIC_IP:5000
DEV_EXTENSIONS_MANAGER_LOCATION=public/extensions/extensions-manager/dist/index.html
DEV_BATCH_MANAGER_LOCATION=public/extensions/batch-manager/dist/index.min.html

NEW_RELIC_ENABLED=false
NEW_RELIC_THREAD_PROFILER_ENABLED=false
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_APP_NAME=Web
NEW_RELIC_BROWSER_MONITORING_AUTO_INSTRUMENT=false

• creating another ngnix reverse proxy for the web app

        listen 5002 ssl;

        ssl_certificate /etc/letsencrypt/certs/standardnotes.crt;
        ssl_certificate_key /etc/letsencrypt/certs/standardnotes.key;
        ssl_protocols TLSv1.2 TLSv1.3;

        location / {
                proxy_pass "http://127.0.0.1:5003";
        }
}

• restarting ngnix

sudo systemctl reload nginx.service

Problem

So far so good. The web app works as intended and lets me create notes with the freshly created user. BUT if I want to use the android app to connect to the URL https://STATIC_IP:5000 with the same user and password the following error is thrown in the mobile app: "Unknown Error". Therefore I ask the same question as in the mobile issue:

Is there a quick and easy way to show the user a better help text for the problem without having to debug the app? For example, the possibility to see an abbreviated StackTrace or to show the most common error sources: no HTTPS usage, a self-made certificate, which therefore will not be accepted or no internet access. The message "Unknown Error" is certainly true but hardly helps for the user.

However the following path might me help as well: Is there any documentation that describes what configuration must be done for the android app to work with a self-applied standalone StandardNotes? Or have I committed some other oversight that is obviously already apparent?

[moughxyz]

Android has issues with self-signed certificates if I recall correctly. Try accessing your endpoint via your Android web browser and see what it reports.

[famouzkk]

Same error, accessing server via android browser returns "{}", and "OK" on /heathcheck page.

[moughxyz]

Seems right. If it's working in your Android web browser (with https://) then it should work in the app. I would log on the server side to see what error is being thrown. ./server.sh logs is the command I believe.

[karolsojko]

@famouzkk @e1025735 can you supply us with some logs - would be helpful to debug this

[e1025735]

Sorry for the late reply. I have set the log level to "all" to intercept as much server information as I can and tried to log in with the mobile app :

To do this I have adjusted the following parameters: LOG_LEVEL=all in .env LOG_LEVEL="all" in docker/auth.env and docker/api-gateway.env

Small side note:

• Why are the two params different? all vs "all"
• The https://docs.standardnotes.org/self-hosting/configuration-options/ page does say that you can customize the log levels. But I only found the possible list of values in the .env file not on the site itself.

Anyway: no entries show up on the server logs when I try to connect with the mobile app. When I call the WebApp with the cell phone, there is "only" a warning about the certificate, but otherwise it works as expected.

So unfortunately I can't give any help to debug the problem, except that I'm now pretty sure it's a certificate problem.

I now chirp back to my first post: Is there any documentation that describes what configuration must be done for the android app to work with a self-applied standalone StandardNotes (note: e.g. Android problems with self-signed certificates)? How about a FAQ part in the mobile or standalone github page?

[jackyzy823]

I used to encounter similar issue before . it may be caused by lack of Intermediate Certificate in your cert.

A hint, check your cert , it should contains multi -----BEGIN CERTIFICATE-----

[tio-trom]

Same error here. It works to register a new user from the android app. Then to login with that on any device. But won't work if you try to create a user on a different device (say desktop), then try to login on android with that user. Can anyone check that? Because it may lead to the bug that's creating this.

As a side note, in the browser all works fine on mobile. It is just the app that refuses to work with an already registered account.

[twx99]

Same issue here using iPhone and self hosted docker-server. Encountered the issue trying to setup a new phone today, and couldn't login with the correct credentials. I'm still logged in on desktop and my old phone. Have tried changing password from the devices logged-in, but did not the resolve the issue. I'm currently troubleshooting this by trying to upgrade my rpi-server setup Dec 16 2020, so will see if it solves it.

Env: iphone/IOS (latest/14.6) and Standard Notes app (latest/3.6.15 (68)), Server: Can't find, but was latest docker setup @ 2020-12-16

[moughxyz]

Registration + syncing works on Android, but signing into existing account doesn't? Can you sign into an account on desktop that was registered on Android?

[tio-trom]

Tested it again.

Creating an account on either android or desktop app works. But if you create it via one of them, and try to login with that account via another one, it fails with Unknown Error. Basically: if you create an account via the Android app, you cannot use that account to login via the Desktop app. And vice-versa. Error: Unknown Error.

Second, if you create an account on either android or desktop, then log out, it does not work to login anymore on either of these apps. So, create an account via the Android app, then log out, and you can't login with the same account via the same Android standardnotes app again. Same error as above. Same behavior for the desktop app.

You can test with our server notesync.trom.tf and with the standardnotes android and desktop app to see.

Mind you there are no such issues if I use sync.standardnotes.org - the official server. Only happens with self hosted servers.

Another thing:

If I create an account via our own self hosted server at notesync.trom.tf then use our own client at notes.trom.tf, all works perfectly fine regardless where I created the account (web/android/desktop). No issues there. However if I use your official webapp https://app.standardnotes.org/ and add my own notesync.trom.tf server to try and login, I get the same Unknown Error.

However if I do the switcheroo and create an account with your server sync.standardnotes.org then use our own webapp notes.trom.tf I can login using sync.standardnotes.org and the account I just created.

Is as if your official server accepts requests from outside, but our own servers (self hosted) do not. Or I don't know. Maybe it is a permission issue....

I hope all of these help.

[moughxyz]

Hmm so our (latest) production app hits this endpoint when you try to sign in:

https://notesync.trom.tf/v1/login-params?email=foo@bar.com&api=20200115

This returns a 404 for your server, but not for ours.

Could you try upgrading your server infra with the latest changes, AND upgrading your client applications? It's essential that all platforms be in sync right now with latest upgrades because there's been a lot of movement here in recent weeks.

[twx99]

I hope a solution can be find that does not require server upgrade. My Standard Notes-server was setup Dec2020, and run on a Raspberry Pi. I tried upgrading it yesterday, but since the new Standalone-server docker-setup does not support Raspberry Pi/ARM, I have to buy a x86-server before upgrade is possible.

[tio-trom]

We have our instance installed via Yunohost and they said they will test that this weekend. To see if upgrading to the latest standardnotes will fix it. I will let you know!

[tio-trom]

An update: the Yunohost update to the latest standardnotes server fixed the issue for me. Now the desktop app and android app all work. https://github.com/YunoHost-Apps/snserver_ynh/issues/27

[platypusgit]

I get the same "unknown error" on Android (3.6.15-3.6.20), Desktop (flathub) works fine. I selfhosted Standardnotes on a Synology via Docker, so the setup is similar.

I only use SN in my local network; I don't own domain, ddns, etc. and therefore only selfsigned certificates. Is the missing official certificate the problem on Android or did I miss something?

[moughxyz]

I believe Android has issues with self-signed certificates. I recall these not ever having worked for Android.

[jameswsullivan]

I believe Android has issues with self-signed certificates. I recall these not ever having worked for Android.

I think so too, pls see my comments here.

However, I just deployed a Nextcloud server in my lab environment as well with self-signed certificates and everything was working, I assume if it's an Android issue with the self-signed certificates it won't accept any, not just the Standard Notes app? Just curious.

[JaspalSuri]

I personally am not sure as I haven't tested other apps that use self-signed certs. Hopefully someone who has can chime in on that.

[git5001]

I posted some information on the "standard notes mobile app" issue page on this topic https://github.com/standardnotes/mobile/issues/316

In short: Latest android versions don't allow http (probably also self signed) access unless the app lowers some security settings. Changing permissions in the app could fix this but raise security concerns.

• One solution might be additional docker images for the self hosted server which handle Let's encrypt certificates somehow automatically (also behind firewalls!).
• Alternatively, you could build a version of the mobile app for self hosters (if e.g. behind firewall - other use cases become insecure) which adds the security changes mentioned in my posts.

[JaspalSuri]

Thank you for the suggestions, @git5001! While I don't know if your first suggestions is feasible (without checking with the backend devs), we're unlikely to create an additional mobile app geared towards better self-hosting at the moment since it would surpass our current development bandwidth.