immich-app/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2026-02-05 00:30:57 +03:00
Code Issues 11 Packages Projects Releases 10 Wiki Activity

[BUG] i get a popup saying "TLS/SSL communication failed: POST /oauth/config" #802

New Issue
Closed
opened 2026-02-04 22:46:03 +03:00 by OVERLORD · 8 comments
OVERLORD commented 2026-02-04 22:46:03 +03:00
Owner
Copy Link

Originally created by @ghost on GitHub (Apr 9, 2023).

The bug: i get a popup when trying to connect to the server

TLS/SSL communication failed: POST /oauth/config

I installed the app via apk on my phone.

The OS that Immich Server is running on

Windows 10

Version of Immich Server

v1.53.0

Version of Immich Mobile App

v1.53.0

Platform with the issue

  • Server
  • Web
  • Mobile

Your docker-compose.yml content

`version: "3.8"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:release
    entrypoint: ["/bin/sh", "./start-server.sh"]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
    env_file:
      - .env
    depends_on:
      - redis
      - database
      - typesense
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:release
    entrypoint: ["/bin/sh", "./start-microservices.sh"]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
    env_file:
      - .env
    depends_on:
      - redis
      - database
      - typesense
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:release
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  immich-web:
    container_name: immich_web
    image: ghcr.io/immich-app/immich-web:release
    entrypoint: ["/bin/sh", "./entrypoint.sh"]
    env_file:
      - .env
    restart: always

  typesense:
    container_name: immich_typesense
    image: typesense/typesense:0.24.0
    environment:
      - TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
      - TYPESENSE_DATA_DIR=/data
    logging:
      driver: none
    volumes:
      - tsdata:/data
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2
    restart: always

  database:
    container_name: immich_postgres
    image: postgres:14
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      PG_DATA: /var/lib/postgresql/data
    volumes:
      - pgdata:/var/lib/postgresql/data
    restart: always

  immich-proxy:
    container_name: immich_proxy
    image: ghcr.io/immich-app/immich-proxy:release
    environment:
      # Make sure these values get passed through from the env file
      - IMMICH_SERVER_URL
      - IMMICH_WEB_URL
    ports:
      - 2283:8080
    logging:
      driver: none
    depends_on:
      - immich-server
    restart: always

volumes:
  pgdata:
  model-cache:
  tsdata:
`

Your .env content

`###################################################################################
# Database
###################################################################################

DB_HOSTNAME=immich_postgres
DB_USERNAME=AyaanMAG
DB_PASSWORD=postgres
DB_DATABASE_NAME=immich

# Optional Database settings:
# DB_PORT=5432

###################################################################################
# Redis
###################################################################################

REDIS_HOSTNAME=immich_redis

# REDIS_URL will be used to pass custom options to ioredis.
# Example for Sentinel
# {"sentinels":[{"host":"redis-sentinel-node-0","port":26379},{"host":"redis-sentinel-node-1","port":26379},{"host":"redis-sentinel-node-2","port":26379}],"name":"redis-sentinel"}
# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJyZWRpcy1zZW50aW5lbDEiLCJwb3J0IjoyNjM3OX0seyJob3N0IjoicmVkaXMtc2VudGluZWwyIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6Im15bWFzdGVyIn0=

# Optional Redis settings:

# Note: these parameters are not automatically passed to the Redis Container
# to do so, please edit the docker-compose.yml file as well. Redis is not configured
# via environment variables, only redis.conf or the command line

# REDIS_PORT=6379
# REDIS_DBINDEX=0
# REDIS_USERNAME=
# REDIS_PASSWORD=
# REDIS_SOCKET=

###################################################################################
# Upload File Location
#
# This is the location where uploaded files are stored.
###################################################################################

UPLOAD_LOCATION=N:\Immich\


###################################################################################
# Typesense
###################################################################################
TYPESENSE_API_KEY=some-random-text
# TYPESENSE_ENABLED=false
# TYPESENSE_URL uses base64 encoding for the nodes json.
# Example JSON that was used:
# [
#      { 'host': 'typesense-1.example.net', 'port': '443', 'protocol': 'https' },
#      { 'host': 'typesense-2.example.net', 'port': '443', 'protocol': 'https' },
#      { 'host': 'typesense-3.example.net', 'port': '443', 'protocol': 'https' },
#  ]
# TYPESENSE_URL=ha://WwogICAgeyAnaG9zdCc6ICd0eXBlc2Vuc2UtMS5leGFtcGxlLm5ldCcsICdwb3J0JzogJzQ0MycsICdwcm90b2NvbCc6ICdodHRwcycgfSwKICAgIHsgJ2hvc3QnOiAndHlwZXNlbnNlLTIuZXhhbXBsZS5uZXQnLCAncG9ydCc6ICc0NDMnLCAncHJvdG9jb2wnOiAnaHR0cHMnIH0sCiAgICB7ICdob3N0JzogJ3R5cGVzZW5zZS0zLmV4YW1wbGUubmV0JywgJ3BvcnQnOiAnNDQzJywgJ3Byb3RvY29sJzogJ2h0dHBzJyB9LApd

###################################################################################
# Reverse Geocoding
#
# Reverse geocoding is done locally which has a small impact on memory usage
# This memory usage can be altered by changing the REVERSE_GEOCODING_PRECISION variable
# This ranges from 0-3 with 3 being the most precise
# 3 - Cities > 500 population: ~200MB RAM
# 2 - Cities > 1000 population: ~150MB RAM
# 1 - Cities > 5000 population: ~80MB RAM
# 0 - Cities > 15000 population: ~40MB RAM
####################################################################################

# DISABLE_REVERSE_GEOCODING=false
# REVERSE_GEOCODING_PRECISION=3

####################################################################################
# WEB - Optional
#
# Custom message on the login page, should be written in HTML form.
# For example:
# PUBLIC_LOGIN_PAGE_MESSAGE="This is a demo instance of Immich.<br><br>Email: <i>demo@demo.de</i><br>Password: <i>demo</i>"
####################################################################################

PUBLIC_LOGIN_PAGE_MESSAGE=

####################################################################################
# Alternative Service Addresses - Optional
#
# This is an advanced feature for users who may be running their immich services on different hosts.
# It will not change which address or port that services bind to within their containers, but it will change where other services look for their peers.
# Note: immich-microservices is bound to 3002, but no references are made
####################################################################################

IMMICH_WEB_URL=http://immich-web:3000
IMMICH_SERVER_URL=http://immich-server:3001
IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003

####################################################################################
# Alternative API's External Address - Optional
#
# This is an advanced feature used to control the public server endpoint returned to clients during Well-known discovery.
# You should only use this if you want mobile apps to access the immich API over a custom URL. Do not include trailing slash.
# NOTE: At this time, the web app will not be affected by this setting and will continue to use the relative path: /api
# Examples: http://localhost:3001, http://immich-api.example.com, etc
####################################################################################

#IMMICH_API_URL_EXTERNAL=http://localhost:3001`

Reproduction steps

I just tried to connect via my computer's DHCP assigned address.

Additional information

No response

Originally created by @ghost on GitHub (Apr 9, 2023). ### The bug: i get a popup when trying to connect to the server `TLS/SSL communication failed: POST /oauth/config` I installed the app via apk on my phone. ### The OS that Immich Server is running on Windows 10 ### Version of Immich Server v1.53.0 ### Version of Immich Mobile App v1.53.0 ### Platform with the issue - [ ] Server - [ ] Web - [X] Mobile ### Your docker-compose.yml content ```YAML `version: "3.8" services: immich-server: container_name: immich_server image: ghcr.io/immich-app/immich-server:release entrypoint: ["/bin/sh", "./start-server.sh"] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload env_file: - .env depends_on: - redis - database - typesense restart: always immich-microservices: container_name: immich_microservices image: ghcr.io/immich-app/immich-server:release entrypoint: ["/bin/sh", "./start-microservices.sh"] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload env_file: - .env depends_on: - redis - database - typesense restart: always immich-machine-learning: container_name: immich_machine_learning image: ghcr.io/immich-app/immich-machine-learning:release volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - model-cache:/cache env_file: - .env restart: always immich-web: container_name: immich_web image: ghcr.io/immich-app/immich-web:release entrypoint: ["/bin/sh", "./entrypoint.sh"] env_file: - .env restart: always typesense: container_name: immich_typesense image: typesense/typesense:0.24.0 environment: - TYPESENSE_API_KEY=${TYPESENSE_API_KEY} - TYPESENSE_DATA_DIR=/data logging: driver: none volumes: - tsdata:/data restart: always redis: container_name: immich_redis image: redis:6.2 restart: always database: container_name: immich_postgres image: postgres:14 env_file: - .env environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} PG_DATA: /var/lib/postgresql/data volumes: - pgdata:/var/lib/postgresql/data restart: always immich-proxy: container_name: immich_proxy image: ghcr.io/immich-app/immich-proxy:release environment: # Make sure these values get passed through from the env file - IMMICH_SERVER_URL - IMMICH_WEB_URL ports: - 2283:8080 logging: driver: none depends_on: - immich-server restart: always volumes: pgdata: model-cache: tsdata: ` ``` ### Your .env content ```Shell `################################################################################### # Database ################################################################################### DB_HOSTNAME=immich_postgres DB_USERNAME=AyaanMAG DB_PASSWORD=postgres DB_DATABASE_NAME=immich # Optional Database settings: # DB_PORT=5432 ################################################################################### # Redis ################################################################################### REDIS_HOSTNAME=immich_redis # REDIS_URL will be used to pass custom options to ioredis. # Example for Sentinel # {"sentinels":[{"host":"redis-sentinel-node-0","port":26379},{"host":"redis-sentinel-node-1","port":26379},{"host":"redis-sentinel-node-2","port":26379}],"name":"redis-sentinel"} # REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJyZWRpcy1zZW50aW5lbDEiLCJwb3J0IjoyNjM3OX0seyJob3N0IjoicmVkaXMtc2VudGluZWwyIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6Im15bWFzdGVyIn0= # Optional Redis settings: # Note: these parameters are not automatically passed to the Redis Container # to do so, please edit the docker-compose.yml file as well. Redis is not configured # via environment variables, only redis.conf or the command line # REDIS_PORT=6379 # REDIS_DBINDEX=0 # REDIS_USERNAME= # REDIS_PASSWORD= # REDIS_SOCKET= ################################################################################### # Upload File Location # # This is the location where uploaded files are stored. ################################################################################### UPLOAD_LOCATION=N:\Immich\ ################################################################################### # Typesense ################################################################################### TYPESENSE_API_KEY=some-random-text # TYPESENSE_ENABLED=false # TYPESENSE_URL uses base64 encoding for the nodes json. # Example JSON that was used: # [ # { 'host': 'typesense-1.example.net', 'port': '443', 'protocol': 'https' }, # { 'host': 'typesense-2.example.net', 'port': '443', 'protocol': 'https' }, # { 'host': 'typesense-3.example.net', 'port': '443', 'protocol': 'https' }, # ] # TYPESENSE_URL=ha://WwogICAgeyAnaG9zdCc6ICd0eXBlc2Vuc2UtMS5leGFtcGxlLm5ldCcsICdwb3J0JzogJzQ0MycsICdwcm90b2NvbCc6ICdodHRwcycgfSwKICAgIHsgJ2hvc3QnOiAndHlwZXNlbnNlLTIuZXhhbXBsZS5uZXQnLCAncG9ydCc6ICc0NDMnLCAncHJvdG9jb2wnOiAnaHR0cHMnIH0sCiAgICB7ICdob3N0JzogJ3R5cGVzZW5zZS0zLmV4YW1wbGUubmV0JywgJ3BvcnQnOiAnNDQzJywgJ3Byb3RvY29sJzogJ2h0dHBzJyB9LApd ################################################################################### # Reverse Geocoding # # Reverse geocoding is done locally which has a small impact on memory usage # This memory usage can be altered by changing the REVERSE_GEOCODING_PRECISION variable # This ranges from 0-3 with 3 being the most precise # 3 - Cities > 500 population: ~200MB RAM # 2 - Cities > 1000 population: ~150MB RAM # 1 - Cities > 5000 population: ~80MB RAM # 0 - Cities > 15000 population: ~40MB RAM #################################################################################### # DISABLE_REVERSE_GEOCODING=false # REVERSE_GEOCODING_PRECISION=3 #################################################################################### # WEB - Optional # # Custom message on the login page, should be written in HTML form. # For example: # PUBLIC_LOGIN_PAGE_MESSAGE="This is a demo instance of Immich.<br><br>Email: <i>demo@demo.de</i><br>Password: <i>demo</i>" #################################################################################### PUBLIC_LOGIN_PAGE_MESSAGE= #################################################################################### # Alternative Service Addresses - Optional # # This is an advanced feature for users who may be running their immich services on different hosts. # It will not change which address or port that services bind to within their containers, but it will change where other services look for their peers. # Note: immich-microservices is bound to 3002, but no references are made #################################################################################### IMMICH_WEB_URL=http://immich-web:3000 IMMICH_SERVER_URL=http://immich-server:3001 IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 #################################################################################### # Alternative API's External Address - Optional # # This is an advanced feature used to control the public server endpoint returned to clients during Well-known discovery. # You should only use this if you want mobile apps to access the immich API over a custom URL. Do not include trailing slash. # NOTE: At this time, the web app will not be affected by this setting and will continue to use the relative path: /api # Examples: http://localhost:3001, http://immich-api.example.com, etc #################################################################################### #IMMICH_API_URL_EXTERNAL=http://localhost:3001` ``` ### Reproduction steps ```bash I just tried to connect via my computer's DHCP assigned address. ``` ### Additional information _No response_
OVERLORD commented 2026-02-04 22:46:07 +03:00
Author
Owner
Copy Link

@bo0tzz commented on GitHub (Apr 9, 2023):

Does your oauth server have a valid https certificate?

@bo0tzz commented on GitHub (Apr 9, 2023): Does your oauth server have a valid https certificate?
OVERLORD commented 2026-02-04 22:46:09 +03:00
Author
Owner
Copy Link

@ghost commented on GitHub (Apr 9, 2023):

What's that? How do I get one? I didn't see it in the installation part of the documentation

@ghost commented on GitHub (Apr 9, 2023): What's that? How do I get one? I didn't see it in the installation part of the documentation
OVERLORD commented 2026-02-04 22:46:11 +03:00
Author
Owner
Copy Link

@thomasverelst commented on GitHub (Apr 9, 2023):

Can you access (or log in) on the mobile website via your Android's browser? In the app, when giving the server address, don't forget to add /api at the end of your url. e.g. http://192.168.1.23:2283/api.
Are you actually trying to login via Oauth? I so, did you setup Ouath in Immich's admin panel (with which provider)?

@thomasverelst commented on GitHub (Apr 9, 2023): Can you access (or log in) on the mobile website via your Android's browser? In the app, when giving the server address, don't forget to add /api at the end of your url. e.g. `http://192.168.1.23:2283/api`. Are you actually trying to login via Oauth? I so, did you setup Ouath in Immich's admin panel (with which provider)?
OVERLORD commented 2026-02-04 22:46:14 +03:00
Author
Owner
Copy Link

@alextran1502 commented on GitHub (Apr 9, 2023):

Can you check the server log? And make sure everything coming up as expected?

@alextran1502 commented on GitHub (Apr 9, 2023): Can you check the server log? And make sure everything coming up as expected?
OVERLORD commented 2026-02-04 22:46:18 +03:00
Author
Owner
Copy Link

@ghost commented on GitHub (Apr 9, 2023):

I'm so sorry i didn't know i had to include the /api at the end, this issue is solved

@ghost commented on GitHub (Apr 9, 2023): I'm so sorry i didn't know i had to include the /api at the end, this issue is solved
OVERLORD commented 2026-02-04 22:46:22 +03:00
Author
Owner
Copy Link

@ghost commented on GitHub (Apr 9, 2023):

Can you access (or log in) on the mobile website via your Android's browser? In the app, when giving the server address, don't forget to add /api at the end of your url. e.g. http://192.168.1.23:2283/api. Are you actually trying to login via Oauth? I so, did you setup Ouath in Immich's admin panel (with which provider)?

That was my mistake, i forgot to include the /api and I've marked the issue as solved but is there any chance you could explain to me what the /api at the end did and what broke when i didn't include it?

@ghost commented on GitHub (Apr 9, 2023): > Can you access (or log in) on the mobile website via your Android's browser? In the app, when giving the server address, don't forget to add /api at the end of your url. e.g. `http://192.168.1.23:2283/api`. Are you actually trying to login via Oauth? I so, did you setup Ouath in Immich's admin panel (with which provider)? That was my mistake, i forgot to include the /api and I've marked the issue as solved but is there any chance you could explain to me what the /api at the end did and what broke when i didn't include it?
OVERLORD commented 2026-02-04 22:46:25 +03:00
Author
Owner
Copy Link

@bo0tzz commented on GitHub (Apr 9, 2023):

When you go to http://192.168.1.23:2283/, that connects to the web UI (the immich-web container). When you add /api at the end, things are set up so that that goes to another container (immich-server), which is where both the app and the web UI need to talk to to get things done.

Can you check whether the web UI is working, in a browser on your computer? If it is, you shouldn't need to add /api.

@bo0tzz commented on GitHub (Apr 9, 2023): When you go to `http://192.168.1.23:2283/`, that connects to the web UI (the immich-web container). When you add `/api` at the end, things are set up so that that goes to another container (immich-server), which is where both the app and the web UI need to talk to to get things done. Can you check whether the web UI is working, in a browser on your computer? If it is, you shouldn't need to add `/api`.
OVERLORD commented 2026-02-04 22:46:27 +03:00
Author
Owner
Copy Link

@ghost commented on GitHub (Apr 9, 2023):

When you go to http://192.168.1.23:2283/, that connects to the web UI (the immich-web container). When you add /api at the end, things are set up so that that goes to another container (immich-server), which is where both the app and the web UI need to talk to to get things done.

Can you check whether the web UI is working, in a browser on your computer? If it is, you shouldn't need to add /api.

Yes, it works without /api in the browser. Thank you for the explanation, I understand now.

@ghost commented on GitHub (Apr 9, 2023): > When you go to `http://192.168.1.23:2283/`, that connects to the web UI (the immich-web container). When you add `/api` at the end, things are set up so that that goes to another container (immich-server), which is where both the app and the web UI need to talk to to get things done. > > Can you check whether the web UI is working, in a browser on your computer? If it is, you shouldn't need to add `/api`. Yes, it works without `/api` in the browser. Thank you for the explanation, I understand now.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
changelog:enhancement
changelog:security
changelog:translation
cli
date-time
documentation
external-library
format
good first issue
needs-answer
nice to have
sharing
tech-debt
📱mobile
🖥️web
🗄️server
🧠machine-learning
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: immich-app/immich#802
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?