Token lasts less than 2 minutes then results in "you need to provide a valid access token or user credentials to access this api"

[iarp]

I posted this here because the note below says "Please open the issue in gotify/android instead if it is only related to the android client" and my browser tab has never experienced issues. I'm not 100% sure if its the server invalidating the token or something going wrong in android.

Can the issue be reproduced with the latest available release? (y/n)

yes

Which one is the environment gotify server is running in?

• Docker
• Linux machine
• Windows machine

Docker startup command or config file here (please mask sensitive information)

# Example configuration file for the server.
# Save it to `config.yml` when edited

server:
  keepaliveperiodseconds: 0 # 0 = use Go default (15s); -1 = disable keepalive; set the interval in which keepalive packets will be sent. Only change this value if you know what you are doing.
  listenaddr: "" # the address to bind on, leave empty to bind on all addresses
  port: 80 # the port the HTTP server will listen on

  ssl:
    enabled: false # if https should be enabled
    redirecttohttps: false # redirect to https if site is accessed by http
    listenaddr: "" # the address to bind on, leave empty to bind on all addresses
    port: 443 # the https port
    certfile: # the cert file (leave empty when using letsencrypt)
    certkey: # the cert key (leave empty when using letsencrypt)
    letsencrypt:
      enabled: false # if the certificate should be requested from letsencrypt
      accepttos: false # if you accept the tos from letsencrypt
      cache: data/certs # the directory of the cache from letsencrypt
      hosts: # the hosts for which letsencrypt should request certificates
       - gotify.domain.com
#      - mydomain.tld
#      - myotherdomain.tld

  responseheaders: # response headers are added to every response (default: none)
#    X-Custom-Header: "custom value"

  cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
    alloworigins:
      - ".+.domain.com"
      - "moz-extension://a419db6d-a40b-4b85-b77a-e4e46991f967"
    allowmethods:
      - "GET"
      - "POST"
      - "OPTIONS"
      - "DELETE"
    allowheaders:
      - "Authorization"
      - "content-type"
  stream:
    pingperiodseconds: 45 # the interval in which websocket pings will be sent. Only change this value if you know what you are doing.
    allowedorigins: # allowed origins for websocket connections (same origin is always allowed)
      - ".+.domain.com"
      - "a419db6d-a40b-4b85-b77a-e4e46991f967"
#      - "otherdomain.com"

database: # for database see (configure database section)
#  dialect: sqlite3
#  connection: data/gotify.db
  dialect: postgres
  connection: host= port=5432 user= dbname= password= sslmode=disable

defaultuser: # on database creation, gotify creates an admin user
  name: admin # the username of the default user
  pass: admin # the password of the default user
passstrength: 10 # the bcrypt password strength (higher = better but also slower)
uploadedimagesdir: data/images # the directory for storing uploaded images
pluginsdir: data/plugins # the directory where plugin resides
registration: false # enable registrations

Do you have an reverse proxy installed in front of gotify server? (Please select None if the problem can be reproduced without the presense of a reverse proxy)

• None
• Nginx (jc21/NginxProxyManager)
• Apache
• Caddy

Reverse proxy configuration (please mask sensitive information)

# ------------------------------------------------------------
# gotify.domain.com
# ------------------------------------------------------------



map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

server {
  set $forward_scheme http;
  set $server         "gotify";
  set $port           80;

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;


  server_name gotify.domain.com;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-15/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-15/privkey.pem;

  # Force SSL
  include conf.d/include/force-ssl.conf;

  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $http_connection;
  proxy_http_version 1.1;


  access_log /data/logs/proxy-host-24_access.log proxy;
  error_log /data/logs/proxy-host-24_error.log warn;

  include /data/nginx/ip_ranges.conf;
  include /data/nginx/fix-ip.conf;


  location / {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;

    # Proxy!
    include conf.d/include/proxy.conf;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

On which client do you experience problems? (Select as many as you can see)

• WebUI
• gotify-cli
• Android Client
• 3rd-party API call (Please include your code)

What did you do?

Login to gotify server, 2 minutes later I'm getting "Error unreachable (see logs), trying to reconnect in 1 minute". Logs states "Expected Http 101 but received 404"

I will note that if I open gotify manually and refresh the connection, it'll load messages, but in the background it never wil

What did you expect to see?

A working gotify instance with message.

What did you see instead? (Include screenshots, android logcat/request dumps if possible)

[05/Dec/2024:20:40:31 -0500] - 401 401 - GET https gotify.domain.com.ca "/stream?token=C9EOB2D3mxYuAeX" [Client ...] [Length 141] [Gzip -] [Sent-to gotify] "okhttp/4.12.0" "-"
[05/Dec/2024:20:42:27 -0500] - 401 401 - GET https gotify.domain.com.ca "/stream?token=C9EOB2D3mxYuAeX" [Client ...] [Length 141] [Gzip -] [Sent-to gotify] "okhttp/4.12.0" "-"

gotify android log.txt

Details

[jmattheis]

Please post your gotify/server log while the error occurs.

When you use the web-ui do you receive new messages without refreshing the page?

Could logout and login in the android app, wait for the error and then post the logs here?

[iarp]

webui works without issue.

Logged out of android and back in, here's the logs

2024-12-06T18:58:00-05:00 | 200 |     2.79355ms |      172.23.0.3 | DELETE   "/client/13"
2024-12-06T18:59:14-05:00 | 200 |      47.486µs |      172.23.0.3 | GET      "/version"
2024-12-06T18:59:18-05:00 | 200 |   67.422583ms |      172.23.0.3 | GET      "/current/user"
2024-12-06T18:59:20-05:00 | 200 |   66.015501ms |      172.23.0.3 | POST     "/client"
2024-12-06T18:59:20-05:00 | 200 |    2.853257ms |      172.23.0.3 | GET      "/current/user"
2024-12-06T18:59:20-05:00 | 200 |    1.819067ms |      172.23.0.3 | GET      "/message?limit=1&since=0"
2024-12-06T18:59:20-05:00 | 200 |      29.228µs |      172.23.0.3 | GET      "/version"
2024-12-06T18:59:20-05:00 | 200 |     977.552µs |      172.23.0.3 | GET      "/application"
2024-12-06T18:59:20-05:00 | 200 |     662.292µs |      172.23.0.3 | GET      "/stream?token=[masked]"
2024-12-06T18:59:20-05:00 | 200 |    1.726648ms |      172.23.0.3 | GET      "/application"
2024-12-06T18:59:20-05:00 | 200 |    1.684159ms |      172.23.0.3 | GET      "/message?limit=100&since=0"
WebSocket: ReadError read tcp 172.23.0.4:80->172.23.0.3:39612: i/o timeout
2024-12-06T19:04:34-05:00 | 200 |     2.42836ms |      172.23.0.3 | GET      "/stream?token=[masked]"
2024-12-06T19:04:34-05:00 | 200 |    1.979579ms |      172.23.0.3 | GET      "/message?limit=10"
2024-12-06T19:05:24-05:00 | 401 |     741.704µs |      172.23.0.3 | GET      "/stream?token=[masked]"
Error #01: you need to provide a valid access token or user credentials to access this api

[jmattheis]

Hmm weird. How do you run gotify/server with docker?

[iarp]

docker run
  -d
  --name='gotify'
  --net='intra'
  --pids-limit 2048
  -e 'GOTIFY_DEFAULTUSER_PASS'='admin'
  -p '8070:80/tcp'
  -v '/mnt/user/appdata/gotify/':'/app/data':'rw'
  -v '/mnt/user/appdata/gotify/config/':'/etc/gotify':'rw'
  --no-healthcheck 'gotify/server:latest'

So i tried logging out, logging back in, restarting my phone and it worked well for a few hours but by the time i woke up it was right back to token failure.

[jmattheis]

Hmm looks okay too, could you try using sqlite3 as database?

[iarp]

I'm now on sqlite3, server logs still showing Error #01: you need to provide a valid access token or user credentials to access this api after 4 days now.