this post was submitted on 24 May 2024
68 points (93.6% liked)

Selfhosted

40133 readers
1006 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello everyone!

I'm currently looking to self host some photos to get my girlfriend off of Google Photos. I'm wondering what has been good in your experience.

I never thought about self-hosting the before but a LTT video (I'm sorry) popped up in my feed and I got curious.

I looked into Ente.io and PhotoSync so far but unsure if there are any better options. Also saw that LibrePhotos exist but I haven't looked into it yet.

What are you using? Have you had any issues? Missing features etc.?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 5 months ago (3 children)

Another question: I set up the Immich docker image and I'm using Mullvad VPN, however Mullvad VPN removed in-app port forwarding last year. I'm curious whether there is a solution to use Split Tunneling for Immich via another VPN to setup secure remote access outside of the home network?

[–] [email protected] 2 points 5 months ago (1 children)

https://github.com/immich-app/immich/discussions/8299

I just got this working today and can say it's quite an elegant solution. It means anyone with a Google account (that I allow through Cloudflare settings) can take advantage of immich. I plan to be the storage server for my family so they can have automatic photo backups.

If you decide to go that route and have questions, hit me up. I spent a while troubleshooting issues caused by not creating a SaaS application in Cloudflare, so read the directions exactly.

[–] [email protected] 1 points 5 months ago (1 children)

Thank you for the comment, a very interesting solution! I'm thinking of using Google as little as possible however. I would like to look into how to setup some access from outside the network via some VPN shenanigans.

I was also looking at automating backups with Cron - both DB and images to other disks and devices.

I got Immich up and running but have had some stuff come in the way to spend more time with it.

[–] [email protected] 1 points 5 months ago

Yeah, I would prefer not to use Google, so I'm going to figure out how to use another authenticator. I wish Proton had the ability to be an authenticator, but I haven't seen a way to do that yet.

But all my family has a Google account, so it just makes things easier.

[–] [email protected] 1 points 5 months ago

PIA allows split tunneling in their app

[–] [email protected] 1 points 5 months ago (1 children)

Mullvad is great for outbound VPN, but inbound is a PITA without port forwarding (as you've said). I just host a Wireguard container for inbound connectivity now, and it works flawlessly.

[–] [email protected] 1 points 5 months ago (1 children)

I'm confused as to how outbound and inbound would be different. Would the traffic not go from the VPN endpoint to your device?

[–] [email protected] 3 points 5 months ago (1 children)

This may take us down a bit of a rabbit hole but, generally speaking, it comes down to how you route traffic.

My firewall has an always-on VPN connected to Mullvad. When certain servers (that I specify) connect to the outside, I use routing rules to ensure those connections go via the VPN tunnel. Those routes are only for connectivity to outside (non-LAN) addresses.

At the same time, I host a server inside that accepts incoming Wireguard client VPN connections. Once I'm connected (with my phone) to that server, my phone appears as an internal client. So the routing rules for Mullvad don't apply - the servers are simply responding back to a LAN address.

I hope that explains it a bit better - I'm not aware of your level of networking knowledge, so I'm trying not to over-complicate just yet.

[–] [email protected] 2 points 5 months ago (1 children)

I also route everything through my pfsense firewall to mullvad VPN. I've been looking at various ways to access the internal network from the outside internet safely, and I'm a bit hesitant to open that hole just yet. Cloudflare tunnel seems like the easiest option but apparently they can see everything you put through the tunnel and I'm not real comfortable with that.

Does one need a dynamic dns to use wireguard to tunnel back in, or is there another way of ensuring you can connect to the correct location? Does the wireguard server run on docker?

[–] [email protected] 1 points 5 months ago (1 children)

You do need to be able to reach your public IP to be able to VPN back in. I have a static IP, so no real concerns there. But, even if I didn't, I have a Python script that updates a Route53 DNS record for me in my own domain - a self-hosted dynamic DNS really.

You certainly can run Wireguard server in a docker container - the good folks over at Linuxserver have just the repo for you.

[–] [email protected] 1 points 5 months ago

Thanks, I'll give this a shot in the coming week!