The Zotero app on iOS cannot connect to the Synology system's WebDAV

edited May 29, 2024
Currently, successful connection to WebDAV on the Windows 10 platform: No error code is returned in the Zotero app on iOS, displaying "could not connect to WebDAV server", while on the Android version of zoo for zotero, it returns "405 Method Not Allowed".
iOS, Android, Windows 10, and Synology form a virtual local area network through tailscale for mutual connections without being exposed to the public internet.
I do not understand why it can be successfully configured on the computer, but not on mobile devices.
  • "Could not connect to WebDAV server" should generally mean what it says, but if you provide a Debug ID for trying to verify the server on iOS, we can confirm that.
  • edited May 30, 2024
    Okay, my Debug ID:D1214154501
  • The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
    You have to use HTTPS to connect to a non-local address due to iOS restrictions.
  • Despite using HTTPS, connection still fails - D1748143670

    I hope this time it's not an issue with the SSL certificate, as I don't have a public IP to configure an SSL certificate
  • An SSL error has occurred and a secure connection to the server cannot be made.
    Yes, it's a certificate error. A self-signed certificate won't work. You can get a free trusted certificate from Let's Encrypt or similar.
  • Oh, but you're saying you're only connecting via a private Tailscale IP, not a public domain. Seems like this still might be possible:

    https://tailscale.com/blog/tls-certs
  • I have a similar setup at home (I don't use Synology, I'm running a TrueNAS on my machine) and I can connect to local http IP address with TailScale without issue. I don't have a public IP either.

    When you connect to your TailScale node, can you access other local services on your Synology? Can you access your webdav directly through Safari?
  • edited May 31, 2024
    I think the issue here is that @QQWWQW is connecting to a Tailscale 100.x.y.z address, which is a reserved range but not part of the standard private ranges (192.168.0.0/16, 10.0.0.0/8). It seems like iOS's default App Transport Security policy allows HTTP requests to the private ranges but not 100.x.y.z, which is why @QQWWQW got an ATS error above and had to switch to HTTPS.

    So @QQWWQW, if you're able to switch to one of the standard private ranges instead, you could just go back to connecting via HTTP instead of HTTPS.
  • I just tried it on Safari on my iPad. When I connect to a TailScale node, Safari can access other local services on Synology. I don't understand how to access webdav through Safari, but I tried using the built-in "Files" app on iOS to access webdav, and as expected, it didn't work. I think the problem is that due to iOS restrictions, I must use HTTPS to connect to non-local addresses, and in the HTTPS connection, my current self-signed certificate will not work. When I have some free time, I will use tailscale cert to obtain a new certificate.
  • Did you read what I wrote, though?
  • Ah, I just discovered your new message, I am reading it now.
  • You're probably just not using TailScale right. Do you have their iOS app installed on your device? Through the iOS app you can connect to your TailScale node and then you can just use your local/private IP addresses as if you were sitting at home.

    So if your Synology is let's say on http://192.168.1.100, you will connect to TailScale through their iOS app and then in Safari/Files app/Zotero you can just safely use the same private IP address http://192.168.1.100 to connect to your local services.

    You don't have to connect through TailScale IP address (100.x.y.z), TailScale uses those internally pretty much.
  • edited May 31, 2024
    我尝试使用 192.168.x.y (0<x,y<255) 进行HTTP连接,得到了一个新的调试 ID: D751020550
  • You've got a "The request timed out.", not sure I can say much more about it. You were able to connect via Files app this time?
  • The Files app also cannot make a WebDAV connection. Currently, only Windows has successfully connected to WebDAV, whether it's 100.x.y.z or 192.168.x.y
  • In that case we can't really help you any further. You've got something misconfigured. If you have it working in Files app and not in Zotero, we can try taking a look again.
  • I tried many times but couldn't connect, so I switched the "Files" app on the iPad to ES File Explorer, and this time I successfully connected to WebDAV. The connection used TailScale IP address (100.x.y.z), both HTTP and HTTPS could connect (the certificate for HTTPS remained unchanged).
    However, the address 192.168.x.y couldn't connect at all, including accessing the login page via Safari was also unsuccessful (100.x.y.z could access the login page), I'm afraid I can only make adjustments targeting 100.x.y.z now.
    I also don't know how ES File Explorer's WebDAV managed to bypass iOS restrictions, allowing both HTTP and HTTPS to connect.Can we take another look at the connection issue with WebDAV.
  • edited May 31, 2024
    Thank you for your help. I now understand three solutions. One is to obtain a free and trustworthy certificate from Let's Encrypt or similar websites for HTTPS; another is to use the standard private range (192.168.0.0/16, 10.0.0.0/8) in HTTP; the last one is to connect to a local service using the same private IP address http://192.168.1.100 (which now seems to have failed). Even though I don’t know how ES File Explorer can connect to WebDAV so conveniently, nor if the Zotero application can also do this, I have your solutions to use. With this in mind, thank you again for your help.
  • actualy,the IOS files app doesnt support webdav connection.so far,i have tried with 100.1.x.y of tailscale, magic DNS like DEVICE.tail9152e6.ts.net allowing https connection which tailsacle provides.I even establish a local webdav with ios alist server to transform the ip to the form of 127.0.0.1/192.168.1.x. but none of them succeed . i dont think there is something misconfigured cuz i have try the ways above in many other apps and they all goes well.maybe zotero should change their way to treat the restriction of IOS or add some support to VLAN
  • @Bichun_Chen: It works as we've described above. If you're having trouble, please start a new thread and provide a Debug ID for a Verify Server attempt that fails.
  • My debug ID is D267254664,As far as my understanding,the reason of the situation is that accessing the device in local network needs the IOS permission of local network ,but zotero never asks for it. So IOS forbids this kind of connection.
  • (+0000019): HTTP OPTIONS https://[…].tail[…].ts.net:5244/dav/[…]/zotero/ failed with -1
    [ERROR] Zotero(+0000000): sessionTaskFailed(error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
    @Bichun_Chen: No, that's not correct. This is an SSL failure. I don't know how Tailscale works on iOS, but if it installs a configuration profile in order to add a custom certificate, that's not something that would work in Zotero. You should be able to configure it to allow you to connect over HTTP to a local IP (e.g., 192.168.*.*) address, as Michal says above.
Sign In or Register to comment.