"redirect uri mismatch" Google Auth self hosted not using https as redirect uri

I am using self-hosted appwrite, running on http on a custom port (8000). Then, I am using Caddy as reverse proxy to map my subdomain appwrite.domain.com to port 8000 and Caddy manages the TLS certificates. HTTPS works correctly on the admin panel. As you can see in screenshot 1, admin panel tells me to use https for my redirect uri. However, when I try to create an oauth session, I get the error redirect_uri_mismatch (Screenshot 2) As you can see in Screenshot 3, it tries using the URI with http instead of https.

How can I fix this?

When I set tls_insecure_skip_verify, I get "404 page not found" again.

But why would I set tls_insecure_skip_verify? After settings my app domain to localhost, I was actually relying on caddy for https on domain level, am I wrong?

I am not a Caddy user but my understanding is that it stops Caddy from requiring a valid certificate on your upstream server (appwrite).

Yes but I have my domain "appwrite.abc.com" and I have appwrite configured with APP_DOMAIN=localhost, so some service has to generate the TLS certificate for "appwrite.abc.com", that's Caddy in my case that's why I don't think setting tls_insecure_skip_verify would do any good

Have you checked if in the env., the parameter _APP_OPTIONS_FORCE_HTTPS is enabled ?

no it was disabled, but now I get ERR_TOO_MANY_REDIRECTS

I'm facing the same issue, trying to investigate how to solve it on my side too. Only difference : I'm using Cloudflare

Maybe this https://discord.com/channels/564160730845151244/1100400815065272320 can help you

I also opened this https://github.com/appwrite/appwrite/issues/8421

Now I have Error 412: project_provider_disabled, even if the provider (Google) is enable in the console. Feel I'm going backward 😂 Good luck!

But you're running appwrite on ports 80 and 443, aren't you?

Yes

I check documentation, _APP_OPTIONS_FORCE_HTTPS is used only for 80 & 443 default port. So probably not solving your problem

@Jamy I had the provider disabled error in appwrite after testing out the changing port in my reverse proxy to 80 and then back to 443. I did this to verify that appwrite's redirect URL was being generated according to which port it was being accessed by from the original issue in this thread. I believe I had to docker compose down and then docker compose up -d --remove-orphans Not sure if the removing orphans helped but that ended up resolving my issue. I am also using Cloudflare as well.

@Tobi696 regardless of whether you use 80 & 443, 8000 & 8443, etc. My tests show that the redirect URI is generated based on whether it was initiated on appwrite's HTTP port or HTTPS port. When you have your proxy pointing at the HTTP port it is going to generate an HTTP redirect according to my testing.

Back to the Caddy TLS insecure - Caddy still terminates the SSL for anything that is being proxied through Caddy so communication between client and caddy is encrypted. My understanding is that tls_insecure_skip_verify allows Caddy to proxy to an "insecure"/"invalid"/"self-signed" etc certificate. The data is still encrypted between Caddy and Appwrite, it just isn't with a publicly trusted certificate.

Thanks for your reply, don't want to spam here about my problem, sorry. I did what you suggested, but still the same issue :/ Tried also to disable/enable, and disable -> restart docker -> enable..

What client are you using to test with?

Not sure to understand. I'm using Flutter, on Android emulator. I will open a new thread, and let focus here about @Tobi696 issue

I ask because I think I had to clear app storage in Dev tools I think it was for flutter web or close all the way out and rebuild the app

Yeah if only I got it to work using the https port 🙈

How about trying to disable the port 80 forward on your firewall to force cloudflare to use 443?

I'm not using cloudflare

Do you can DM me the redirect URL?

What's the appwrite version you're using?