400 Bad Request error Android app

[AwareSuperCC]

Just installed the docker version of gotify, Website works fine, but the android app doesn't. It detects the server and Logs in but then shows the 400 Bad Request Error.
The server is running on a Raspberry Pi 4

My Nginx config

server {
    listen 443 ssl;
    server_name gotify.domain.com;

    ssl_certificate           /etc/letsencrypt/live/gotify.domain.com/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/gotify.domain.com/privkey.pem;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/domain.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the  ^`^|It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:8124;
      proxy_read_timeout  36000;
      proxy_send_timeout  36000;

      proxy_redirect      http://localhost:8124 https://gotify.domain.com;
    }
}

Android App Log

[jmattheis]

See https://gotify.net/docs/nginx

[AwareSuperCC]

Changed the nginx config but app still doesnt work, with the same error in logs

[jmattheis]

show your full nginx config, with the changes.

[AwareSuperCC]

upstream gotify {
  # Set the port to the one you are using in gotify
  server 127.0.0.1:8124;
}

server {
  listen 80;

  # Here goes your domain / subdomain
  server_name gotify.domain.com;

  location / {
    # We set up the reverse proxy
    proxy_pass         http://gotify;
    proxy_http_version 1.1;

    # Ensuring it can use websockets
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection upgrade;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto http;
    proxy_redirect     http:// $scheme://;

    # The proxy must preserve the host because gotify verifies the host with the origin
    # for WebSocket connections
    proxy_set_header   Host $http_host;

    # These sets the timeout so that the websocket can stay alive
    proxy_connect_timeout   1m;
    proxy_send_timeout      1m;
    proxy_read_timeout      1m;
  }
}

[jmattheis]

so you are accessing gotify with http? Does gotify/server output any errors?

[AwareSuperCC]

so you are accessing gotify with HTTP?

I just realized I have to use an admin account to view the messages from an APP created by an admin. And I switched to the admin account.
In HTTP everything is fine, It shows listening on http://gotify.domain.com in the notification bar of my phone
In HTTPS I receive the messages now that I switched from a newly created user to admin, but the 400 Bad request error still remains

[jmattheis]

You need to add the headers that are defined in https://gotify.net/docs/nginx also for your nginx config for https.

[AwareSuperCC]

I have my config same as that in https://gotify.net/docs/nginx

[jmattheis]

Then you do not have a problem because http works fine?

[AwareSuperCC]

Then you do not have a problem because http works fine?

Isnt not using https insecure?

[jmattheis]

yes. In the gotify docs only http is configured, thus, you need to add set header things also to your https config.

[AwareSuperCC]

Thanks for your help. HTTPS works now.

This is my current nginx config

upstream gotify {
  # Set the port to the one you are using in gotify
  server 127.0.0.1:8124;
}

server {
  listen 443;

  # Here goes your domain / subdomain
  server_name gotify.domain.com;

  ssl_certificate           /etc/letsencrypt/live/gotify.domain.com/fullchain.pem;
  ssl_certificate_key       /etc/letsencrypt/live/gotify.domain.com/privkey.pem;

  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  location / {
    # We set up the reverse proxy
    proxy_pass         http://gotify;
    proxy_http_version 1.1;

    # Ensuring it can use websockets
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto http;
    proxy_redirect     http:// $scheme://;

    # The proxy must preserve the host because gotify verifies the host with the origin
    # for WebSocket connections
    proxy_set_header   Host $http_host;

    # These sets the timeout so that the websocket can stay alive
    proxy_connect_timeout   1m;
    proxy_send_timeout      1m;
    proxy_read_timeout      1m;
  }
}

[AwareSuperCC]

Thanks to jmattheis I was able to fix the problem. Just needed to add ssl configs to the recommended nginx config from https://gotify.net/docs/nginx

Adding this into the docs would be really helpful for users in the future

upstream gotify {
  # Set the port to the one you are using in gotify
  server 127.0.0.1:8124;
}

server {
  listen 443;

  # Here goes your domain / subdomain
  server_name gotify.domain.com;

  ssl_certificate           /etc/letsencrypt/live/gotify.domain.com/fullchain.pem;
  ssl_certificate_key       /etc/letsencrypt/live/gotify.domain.com/privkey.pem;

  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  location / {
    # We set up the reverse proxy
    proxy_pass         http://gotify;
    proxy_http_version 1.1;

    # Ensuring it can use websockets
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto http;
    proxy_redirect     http:// $scheme://;

    # The proxy must preserve the host because gotify verifies the host with the origin
    # for WebSocket connections
    proxy_set_header   Host $http_host;

    # These sets the timeout so that the websocket can stay alive
    proxy_connect_timeout   1m;
    proxy_send_timeout      1m;
    proxy_read_timeout      1m;
  }
}

[jmattheis]

I don't think so. The http & https config don't differ much, basically the ssl config is just the http config with extra settings.