Hello everyone!
I’m currently looking to self host some photos to get my girlfriend off of Google Photos. I’m wondering what has been good in your experience.
I never thought about self-hosting the before but a LTT video (I’m sorry) popped up in my feed and I got curious.
I looked into Ente.io and PhotoSync so far but unsure if there are any better options. Also saw that LibrePhotos exist but I haven’t looked into it yet.
What are you using? Have you had any issues? Missing features etc.?
Another question: I set up the Immich docker image and I’m using Mullvad VPN, however Mullvad VPN removed in-app port forwarding last year. I’m curious whether there is a solution to use Split Tunneling for Immich via another VPN to setup secure remote access outside of the home network?
https://github.com/immich-app/immich/discussions/8299
I just got this working today and can say it’s quite an elegant solution. It means anyone with a Google account (that I allow through Cloudflare settings) can take advantage of immich. I plan to be the storage server for my family so they can have automatic photo backups.
If you decide to go that route and have questions, hit me up. I spent a while troubleshooting issues caused by not creating a SaaS application in Cloudflare, so read the directions exactly.
Thank you for the comment, a very interesting solution! I’m thinking of using Google as little as possible however. I would like to look into how to setup some access from outside the network via some VPN shenanigans.
I was also looking at automating backups with Cron - both DB and images to other disks and devices.
I got Immich up and running but have had some stuff come in the way to spend more time with it.
Yeah, I would prefer not to use Google, so I’m going to figure out how to use another authenticator. I wish Proton had the ability to be an authenticator, but I haven’t seen a way to do that yet.
But all my family has a Google account, so it just makes things easier.
Mullvad is great for outbound VPN, but inbound is a PITA without port forwarding (as you’ve said). I just host a Wireguard container for inbound connectivity now, and it works flawlessly.
I’m confused as to how outbound and inbound would be different. Would the traffic not go from the VPN endpoint to your device?
This may take us down a bit of a rabbit hole but, generally speaking, it comes down to how you route traffic.
My firewall has an always-on VPN connected to Mullvad. When certain servers (that I specify) connect to the outside, I use routing rules to ensure those connections go via the VPN tunnel. Those routes are only for connectivity to outside (non-LAN) addresses.
At the same time, I host a server inside that accepts incoming Wireguard client VPN connections. Once I’m connected (with my phone) to that server, my phone appears as an internal client. So the routing rules for Mullvad don’t apply - the servers are simply responding back to a LAN address.
I hope that explains it a bit better - I’m not aware of your level of networking knowledge, so I’m trying not to over-complicate just yet.
I also route everything through my pfsense firewall to mullvad VPN. I’ve been looking at various ways to access the internal network from the outside internet safely, and I’m a bit hesitant to open that hole just yet. Cloudflare tunnel seems like the easiest option but apparently they can see everything you put through the tunnel and I’m not real comfortable with that.
Does one need a dynamic dns to use wireguard to tunnel back in, or is there another way of ensuring you can connect to the correct location? Does the wireguard server run on docker?
You do need to be able to reach your public IP to be able to VPN back in. I have a static IP, so no real concerns there. But, even if I didn’t, I have a Python script that updates a Route53 DNS record for me in my own domain - a self-hosted dynamic DNS really.
You certainly can run Wireguard server in a docker container - the good folks over at Linuxserver have just the repo for you.
Thanks, I’ll give this a shot in the coming week!
PIA allows split tunneling in their app