I'm a noob, I started 2 months ago with immich and tailscale. Now I have an unraid server, it's a slippery slope.
this post was submitted on 24 May 2024
68 points (93.6% liked)
Selfhosted
39980 readers
427 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
The tech-slope is a slippery slide into your wallet 😅
Lol yeh but it's partially funded by money saved from canceled subscriptions.
That's what they all say.
I-fucking-mmich!
Immich all the way my dude.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| IP | Internet Protocol |
| PIA | Private Internet Access brand of VPN |
| Plex | Brand of media server package |
| VPN | Virtual Private Network |
[Thread #761 for this sub, first seen 25th May 2024, 22:55] [FAQ] [Full list] [Contact] [Source code]
Another question: I set up the Immich docker image and I'm using Mullvad VPN, however Mullvad VPN removed in-app port forwarding last year. I'm curious whether there is a solution to use Split Tunneling for Immich via another VPN to setup secure remote access outside of the home network?
https://github.com/immich-app/immich/discussions/8299
I just got this working today and can say it's quite an elegant solution. It means anyone with a Google account (that I allow through Cloudflare settings) can take advantage of immich. I plan to be the storage server for my family so they can have automatic photo backups.
If you decide to go that route and have questions, hit me up. I spent a while troubleshooting issues caused by not creating a SaaS application in Cloudflare, so read the directions exactly.
Thank you for the comment, a very interesting solution! I'm thinking of using Google as little as possible however. I would like to look into how to setup some access from outside the network via some VPN shenanigans.
I was also looking at automating backups with Cron - both DB and images to other disks and devices.
I got Immich up and running but have had some stuff come in the way to spend more time with it.
Yeah, I would prefer not to use Google, so I'm going to figure out how to use another authenticator. I wish Proton had the ability to be an authenticator, but I haven't seen a way to do that yet.
But all my family has a Google account, so it just makes things easier.
Mullvad is great for outbound VPN, but inbound is a PITA without port forwarding (as you've said). I just host a Wireguard container for inbound connectivity now, and it works flawlessly.
I'm confused as to how outbound and inbound would be different. Would the traffic not go from the VPN endpoint to your device?
This may take us down a bit of a rabbit hole but, generally speaking, it comes down to how you route traffic.
My firewall has an always-on VPN connected to Mullvad. When certain servers (that I specify) connect to the outside, I use routing rules to ensure those connections go via the VPN tunnel. Those routes are only for connectivity to outside (non-LAN) addresses.
At the same time, I host a server inside that accepts incoming Wireguard client VPN connections. Once I'm connected (with my phone) to that server, my phone appears as an internal client. So the routing rules for Mullvad don't apply - the servers are simply responding back to a LAN address.
I hope that explains it a bit better - I'm not aware of your level of networking knowledge, so I'm trying not to over-complicate just yet.
I also route everything through my pfsense firewall to mullvad VPN. I've been looking at various ways to access the internal network from the outside internet safely, and I'm a bit hesitant to open that hole just yet. Cloudflare tunnel seems like the easiest option but apparently they can see everything you put through the tunnel and I'm not real comfortable with that.
Does one need a dynamic dns to use wireguard to tunnel back in, or is there another way of ensuring you can connect to the correct location? Does the wireguard server run on docker?
You do need to be able to reach your public IP to be able to VPN back in. I have a static IP, so no real concerns there. But, even if I didn't, I have a Python script that updates a Route53 DNS record for me in my own domain - a self-hosted dynamic DNS really.
You certainly can run Wireguard server in a docker container - the good folks over at Linuxserver have just the repo for you.
Thanks, I'll give this a shot in the coming week!
PIA allows split tunneling in their app
Definitely check this summary out: https://meichthys.github.io/foss_photo_libraries/. Everyone's use case and priorities will be a little different, but I'd vote for Immich as a Google Photos replacement that looks nice and is very easy to use. I was awestruck by the facial and object recognition, which wasn't even a feature I particularly cared about.
I tried Immich but did not like it, its also been sold so who know what will happen there. I have been using Nextcloud and loving it
It wasn't sold, it's being funded. There's a big difference. And the group behind the funding is a huge supporter of FOSS. They're gonna be "selling" immich licenses soon, but they're also going to keep all the source code open and available for anyone to download, modify, or use however they want.
The owner of the name and repo has changed hands in exchange for money, and is now going to be pushing licences to use it. You can say that is not "sold" if you like, but its the same to me.
It literally didn't. Read about it and stop spreading misinformation. The deal is essentially like an investment. The developer still maintains full autonomy on the projects direction and leadership. All FUTO is doing is providing them stable income so they can work full time on developing the project.
It’s not misinformation. I hear what you’re saying, and that this whole Futo thing seems like it should be net positive, but it was sold.
The developer still maintains full autonomy on the projects direction and leadership. All BLANK is doing is providing them stable income
This isn’t a good argument for Immich not being sold, because this is the exact description of what private equity firms do.
Piwigo.
Depending on what exactly you're looking for, Photostructure might be a good option. It's got a great UI for viewing photos, and it's meant to play well with other Metadata software.
I don't know why people recommend Immich. I found it to be the most bare-bone photo app I've ever used. It feels ten+ years old. I tried really hard to make it work but Plex photos is about 20% better and it still sucks.
I don't remember much about plex photos, but facial (and object) recognition, photo map, easy sharing through albums (without the other person needing an account), and being open source are some features I imagine plex photos does not have.
it seems barebones still, because it is a very young app, and the UI is not great, especially on mobile.
It is the best replacement for Google photos that I have seen though.
Fair enough. Plex may not have the bells and whistles but it's simple and intuitive to use. I've also tried the QuMagie app on my QNAP which does have all those features but found it to be a bit more cumbersome than it was worth.
I tried Google Photos briefly as well and was very shocked at how bad it is, compared to Apple Photos. It took me several days just to figure out how to delete more than one picture at a time. I have to assume it's much more robust on an Android than on an iPhone but even their web interface was horrible.
Thank you all for the responses! I will take look into Immich and if maintenance is too much of a hassle I might try out Ente!
I use Photoprism, mainly because it seems stable so far, and it's good enough for my needs
Same, just use FolderSync to get photos to it. Works like a cham.
Same here, Been using photoprism past few years also, loving it so far!! Few quirks but constantly being worked on
Ditto, though I'm getting more and more resentful by the day at the lack of multi user support. I'm not going to donate to them again.
Yeah, this is why I jumped ship to Immich last year. I was donating to PP, with the understanding that donating users would get access to multi-user features when they happened.
Then they put them behind a paid recurring subscription. For self-hosted users. That move broke all the trust with me.
They fucking what? I need to get off the couch and cancel my support too
Yep - they introduced paid subscription tiers and put multi-user support into those: https://www.photoprism.app/editions#compare
view more: next ›