immich-app/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2026-03-01 11:20:12 +03:00
Code Issues 783 Packages Projects Releases 12 Wiki Activity

[BUG] mobile preview video failed when using self signed certificate #2004

New Issue
Closed
opened 2026-02-05 04:43:16 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2026-02-05 04:43:16 +03:00
Owner
Copy Link

Originally created by @hellomcp on GitHub (Jan 17, 2024).

The bug

nginx provide proxy service using self signed certificate.

My Androidi device set the domain like this : "https://domain:7800"

I login the immich app successfully, However , when I failed to preview the video.

When I open the domain(https://domain:7800) in browser like chrome on windows,It's ok to preview the video.

image

So, I try to use fiddler to capture the package, the result is show in the screenshot.

It seem immich app send http request when previewing video resource.

Is this a Bug?

The OS that Immich Server is running on

centos docker

Version of Immich Server

1.92.1

Version of Immich Mobile App

1.92.1

Platform with the issue

  • Server
  • Web
  • Mobile

Your docker-compose.yml content

version: "3.8"

#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#

name: immich

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: [ "start.sh", "immich" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends:
    #   file: hwaccel.yml
    #   service: hwaccel
    command: [ "start.sh", "microservices" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    depends_on:
      - redis
      - database
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:c5a607fb6e1bb15d32bbcf14db22787d19e428d59e31a5da67511b49bb0f1ccc
    restart: always

  database:
    container_name: immich_postgres
    image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
    volumes:
      - pgdata:/var/lib/postgresql/data
    restart: always

volumes:
  pgdata:
  model-cache:

Your .env content

# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

# The location where your uploaded files are stored
UPLOAD_LOCATION=./library

# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release

# Connection secret for postgres. You should change it to a random password
DB_PASSWORD=postgres

# The values below this line do not need to be changed
###################################################################################
DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich

REDIS_HOSTNAME=immich_redis

Reproduction steps

1. run immich docker service
2. Setting nginx conf with ssl
3. open app and set domain with allowing self signing certificate
4. failed to preview video with app

Additional information

my nginx conf is show below

upstream immich {
    server 192.168.0.125:2283;
}

server {
    listen 7325 ssl;
    ssl_certificate /etc/nginx/cert/server.crt;
    ssl_certificate_key /etc/nginx/cert/server.key;
    server_name mydomain;
    client_max_body_size 50000m;
    access_log /var/log/nginx/immich-access.log;
    error_log /var/log/nginx/immich-error.log;
    location / {
        proxy_pass http://immich/;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_redirect off;
    }
}
Originally created by @hellomcp on GitHub (Jan 17, 2024). ### The bug nginx provide proxy service using self signed certificate. My Androidi device set the domain like this : "https://domain:7800" I login the immich app successfully, However , when I failed to preview the video. When I open the domain(https://domain:7800) in browser like chrome on windows,It's ok to preview the video. ![image](https://github.com/immich-app/immich/assets/8003424/f35347e8-9790-4411-9c5d-abb6e6e3a01f) So, I try to use fiddler to capture the package, the result is show in the screenshot. It seem immich app send http request when previewing video resource. Is this a Bug? ### The OS that Immich Server is running on centos docker ### Version of Immich Server 1.92.1 ### Version of Immich Mobile App 1.92.1 ### Platform with the issue - [ ] Server - [ ] Web - [X] Mobile ### Your docker-compose.yml content ```YAML version: "3.8" # # WARNING: Make sure to use the docker-compose.yml of the current release: # # https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml # # The compose file on main may not be compatible with the latest release. # name: immich services: immich-server: container_name: immich_server image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} command: [ "start.sh", "immich" ] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env ports: - 2283:3001 depends_on: - redis - database restart: always immich-microservices: container_name: immich_microservices image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} # extends: # file: hwaccel.yml # service: hwaccel command: [ "start.sh", "microservices" ] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env depends_on: - redis - database restart: always immich-machine-learning: container_name: immich_machine_learning image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} volumes: - model-cache:/cache env_file: - .env restart: always redis: container_name: immich_redis image: redis:6.2-alpine@sha256:c5a607fb6e1bb15d32bbcf14db22787d19e428d59e31a5da67511b49bb0f1ccc restart: always database: container_name: immich_postgres image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee env_file: - .env environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} volumes: - pgdata:/var/lib/postgresql/data restart: always volumes: pgdata: model-cache: ``` ### Your .env content ```Shell # You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables # The location where your uploaded files are stored UPLOAD_LOCATION=./library # The Immich version to use. You can pin this to a specific version like "v1.71.0" IMMICH_VERSION=release # Connection secret for postgres. You should change it to a random password DB_PASSWORD=postgres # The values below this line do not need to be changed ################################################################################### DB_HOSTNAME=immich_postgres DB_USERNAME=postgres DB_DATABASE_NAME=immich REDIS_HOSTNAME=immich_redis ``` ### Reproduction steps ```bash 1. run immich docker service 2. Setting nginx conf with ssl 3. open app and set domain with allowing self signing certificate 4. failed to preview video with app ``` ### Additional information my nginx conf is show below ``` upstream immich { server 192.168.0.125:2283; } server { listen 7325 ssl; ssl_certificate /etc/nginx/cert/server.crt; ssl_certificate_key /etc/nginx/cert/server.key; server_name mydomain; client_max_body_size 50000m; access_log /var/log/nginx/immich-access.log; error_log /var/log/nginx/immich-error.log; location / { proxy_pass http://immich/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_redirect off; } } ```
OVERLORD commented 2026-02-05 04:43:24 +03:00
Author
Owner
Copy Link

@marcelo-mbwr commented on GitHub (Feb 13, 2024):

Already have found a workaround? I have the same problem. With the "Load original" setting enabled I also get the following error message in the log of my Immich Android app:

FlutterError - Catch all error:  - Exception: Invalid image data - image resource service - resolving an image codec - #0      _futurize (dart:ui/painting.dart:6959)
#1      ImageDescriptor.encoded (dart:ui/painting.dart:6773)
#2      instantiateImageCodecWithSize (dart:ui/painting.dart:2307)
#3      PaintingBinding.instantiateImageCodecWithSize (package:flutter/src/painting/binding.dart:141)
#4      ImageLoader.loadImageAsync.<anonymous closure> (package:cached_network_image/src/image_provider/_image_loader.dart:65)
<asynchronous suspension>
#5      ImageLoader._load (package:cached_network_image/src/image_provider/_image_loader.dart:124)
<asynchronous suspension>
#6      new MultiImageStreamCompleter.<anonymous closure> (package:cached_network_image/src/image_provider/multi_image_stream_completer.dart:26)
<asynchronous suspension>

I can also confirm that this bug still exists in app version 1.94.1 and server version 1.94.1 build.121.

@marcelo-mbwr commented on GitHub (Feb 13, 2024): Already have found a workaround? I have the same problem. With the "Load original" setting enabled I also get the following error message in the log of my Immich Android app: ``` FlutterError - Catch all error: - Exception: Invalid image data - image resource service - resolving an image codec - #0 _futurize (dart:ui/painting.dart:6959) #1 ImageDescriptor.encoded (dart:ui/painting.dart:6773) #2 instantiateImageCodecWithSize (dart:ui/painting.dart:2307) #3 PaintingBinding.instantiateImageCodecWithSize (package:flutter/src/painting/binding.dart:141) #4 ImageLoader.loadImageAsync.<anonymous closure> (package:cached_network_image/src/image_provider/_image_loader.dart:65) <asynchronous suspension> #5 ImageLoader._load (package:cached_network_image/src/image_provider/_image_loader.dart:124) <asynchronous suspension> #6 new MultiImageStreamCompleter.<anonymous closure> (package:cached_network_image/src/image_provider/multi_image_stream_completer.dart:26) <asynchronous suspension> ``` I can also confirm that this bug still exists in app version `1.94.1` and server version `1.94.1 build.121`.
OVERLORD commented 2026-02-05 04:43:27 +03:00
Author
Owner
Copy Link

@bo0tzz commented on GitHub (Apr 24, 2024):

Dupe: #5553

@bo0tzz commented on GitHub (Apr 24, 2024): Dupe: #5553
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
changelog:enhancement
changelog:security
changelog:skip
changelog:translation
cli
date-time
dependencies
documentation
external-library
format
good first issue
mobile-beta
mobile-beta
mobile-beta
needs-answer
nice to have
pull-request
Mirrored from GitHub Pull Request
 sharing
tech-debt
📱mobile
🖥️web
🗄️server
🧠machine-learning
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: immich-app/immich#2004
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?