this post was submitted on 20 Jan 2024
0 points (50.0% liked)

Selfhosted

40266 readers
1181 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
0
submitted 10 months ago* (last edited 10 months ago) by Shimitar@feddit.it to c/selfhosted@lemmy.world
 

After all the amazing reviews and post i read immich I decided to give it a try.

To be honest I am quite impressed, it's fast and polished, it just works.

But I found a few quirks, and hit a wall with the developer that doesn't seems kind to listen to users that much (on these issues at least!)

Maybe you guys have suggestions?

Here I go:

One: it does not support base URLs, witch means that I had to spin a dedicated sub domain to be able to access it over internet while all my other services are on a single sub domain. I can work with that, but why. Dev already shut this request down in the past as "insecure". Which I find baffling. (I mean use mydomain/immich instead of immich.mydomain)

Two: auth cannot be tied to reverse proxy. I get it, it provides OAuth. But it's much more complex than proxy based auth... And overkill for many cases, mine for sure.

Three: impossible to disable authentication at all, which would just work fine in my use case. There is a switch that seems for that, but no, it's only for using OAuth.

Four: I cannot find a way to browse by location, only by map. (Locations list seems to be half baked unless I am missing something).

Five: no way to deploy on bare metal, and I tried! due to lack of documentation (only info I found where very very outdated), and no willingness to provide info about that either. Seems that docker is so much better that supporting bare metal is a waste of time.

Six: basically impossible to manage easily public albums. like a public landing page. I get this might be outside immich scope.

Seven: even if now you can import existing libraries, it still does not detect albums withinbthem (sub folders) which is very annoying.

So, overall its a great project and very promising, faster and more reliable than Libre Photos in my use case, but still lacking some basic features that the Dev seems not interested in adding. He developed it to please his wife, I get it :) - no pun intended, doing all this take lots of time, I know.

These are the alternatives I know of:

Photo prism requires a subscription for reverse Geo coding.

LibrePhotos feels sluggish and kind if abandoned.

Are there any others? (Piwigo and Lytchee are great tools, but different kind of tools)

Let's hope for immich, Dev is working a lit, let's hope for the best.

all 26 comments
sorted by: hot top controversial new old
[–] DontNoodles@discuss.tchncs.de 2 points 10 months ago (1 children)

I stand with you for the subdomain and bare metal thing. There are many great applications that I'm facing trouble implementing since I don't have control over A domain settings within my setup. Setting mysite.xyz/something is trivial that I have full control over. Docker thing I can understand to some extent but I wish it was as simple as python venv kind of thing.

I'm sure people will come after me saying this or that is very easy but your post proves that I'm not alone. Maybe someone will come to the rescue of us novices too.

[–] Shimitar@feddit.it 1 points 10 months ago (1 children)

Us novices?

No, it's not that. The point is not that using a sub domain is easy or not, you might not have access to using one or maybe your setup is just "ugly" using one or you just don't want to use one.

Its standard practice in all web based software to allow base URLs. Maybe the choice of framework wasn't the best one from this point of view.

As for docker, deploying immich on bare metal should be fairly easy, if they provided binaries to download. The complex part is to build it not deploy.

But you gave me an idea: get the binaries from the docker image... Maybe I will try.

Once you have the bins, deploying will be simple. Updating instead will be more complex due to having to download a new docker image and extract again each time.

[–] DontNoodles@discuss.tchncs.de 1 points 10 months ago

Another such application that I wish had easy implementation for what you call base URLs is Apache Superset. Such a great application that I'm unable to use in my setup.

[–] beta_tester@lemmy.ml 1 points 10 months ago* (last edited 10 months ago) (1 children)

What's base url? Do you want to access immich via path? I.e. yourdomain.com/immich ?

Immich supports subdomains immich.ourdomain.com

Just auth via name password?

  1. not yet implemented

  2. podman/ docker is enough. Why on bare metal? Implementing the breaking changes would be a pain on bare metal

  3. not yet implemented

  4. if you ise the cli import it works. It's just not perfect. Immich is in it's infancy.

There isn't much we can do, only

  • donations, it has to be well funded to become wonderful very quickly.
  • using it
  • star it on github
  • reporting bugs
  • spreading the word
    • sharing albums with friends
    • talking with strangers on the internet and help them solve the problems
[–] Shimitar@feddit.it 3 points 10 months ago* (last edited 10 months ago) (2 children)

Yes I mean https://mydomain/immich, like all other self-hosted tools do.

Auth just with name, please why email??? And maybe get that name from already performed proxy auth, not many tools does, but some do. Its a neat feature.

But immich requires an EMAIL and will also enforce it, so you cannot fool it with a plain username. I just want consistency with the rest of the world.

Docker is enough? Maybe, but bare metal should always be an option. Always. Just write down some basic steps or publish the build script already in place for releases.

And for albums I mean that it should recognize that external libraries have already albums in the form of subfolders.

I will open tickets and feature requests of course, this post is here to share my findings and your aggressive reply is out of place.

By the way, I am talking with strangers on the internet and the objective is to help solve those issues.

[–] beta_tester@lemmy.ml 6 points 10 months ago* (last edited 10 months ago)
  1. Just use a subdomain. I wouldn't bother too much about this. It works. Just create immich.yourdomain.com in your reverse proxy service and bookmark it. Everytime you type immich, it'll be the first result, if not look into your browser settings and disable crap that is prefered to your bookmarks.
  2. On mobile you login once and that's it. Save the email and password in your password manager, that'll fill it automatically. Bitwarden and protonpass work perfectly fine

I'll keep your feedback in mind, thanks for that.

[–] beeng@discuss.tchncs.de 1 points 10 months ago (1 children)
  1. You request binaries but you havent said why

Why are you after bins? Maybe they dev in a container to start with. As you say, you can pull them out if you need...

[–] Shimitar@feddit.it 1 points 10 months ago* (last edited 10 months ago) (1 children)

Yes I can pull them out but upgrading would be a mess overtime.

If they released also binaries, I can write my install/upgrade scripts and voila, bare metal easy.

I already do this for a few tools not available trough gentoo package manager

[–] beeng@discuss.tchncs.de 1 points 10 months ago (1 children)

So you want binaries for the soul purpose of wanting to write an install script for them?

I was looking more for a functional or performance reason incase it was something I was not aware of.

[–] Shimitar@feddit.it 1 points 10 months ago (1 children)

In those cases I would have used the sources which are available...

Not having a binary release (docker doesn't count for practical reasons for my goal) hinders bare metal installation as the biggest limiting factor is building the sources, or better having the proper instructions to build them properly.

[–] beeng@discuss.tchncs.de 1 points 10 months ago* (last edited 10 months ago) (1 children)

You still have not said why you want it on bare metal?!!!

Why are you after bins?

[–] Shimitar@feddit.it 0 points 10 months ago (1 children)

While Docker is a great tool with lots of reasons to use it, why should it MUST be the only solution? Installing on bare-metal gives me more control of what and how i install and i fond it more fun than typing "docker compose up". There are already tons of package managers (including npm, pip etc) that another one, one on which you have even less control (let's talk about all these images created so that everything runs as root?), is not really needed for me at least.

I want the possibility to go bare-metal, and i will go bare-metal every time i have the possibility. Yes Docker might seems more convenient, but do i need a reason NOT to use Docker, really? Are we at this point? This is "self-hosting" which means doing things the way we prefer, not following the herd or going with packaged solutions. And i have more fun with bare-metal than Docker. Is this enough?

Why are you so much against giving the optional opportunity to go bare-metal then, can you elaborate?

[–] beeng@discuss.tchncs.de 1 points 10 months ago* (last edited 10 months ago)

...

You could have just said you "find it more fun than docker compose up" about 5 comments ago.

Got it. Thanks 👍

I just don't think immich Devs will take that as an answer to do more work, if infact they already dev in a container. Or use dockers networking layer etc.

This is why I was wanting to know why you want bins so bad. ...

But as "they" say.. "Not accepting Feature requests, but do accept Pull Requests"

[–] Decronym@lemmy.decronym.xyz 1 points 10 months ago* (last edited 10 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CA (SSL) Certificate Authority
DNS Domain Name Service/System
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption

3 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.

[Thread #444 for this sub, first seen 21st Jan 2024, 05:55] [FAQ] [Full list] [Contact] [Source code]

[–] bravesilvernest@lemmy.ml 1 points 10 months ago (2 children)

I've been using it for about a month, and love it.

My one complaint: self-signed certs on reverse proxies seem to break the android app backup. I'm not sure why, but internal CA seems to make things angry. Its more likely to be a local setup issue than anything in immich, but frustrating to pin down.

[–] Shimitar@feddit.it 2 points 10 months ago (1 children)

Why self sign? Use Let's Encrypt, its free and works just great. That's what I do

[–] bravesilvernest@lemmy.ml 1 points 10 months ago (2 children)

All the traffic is internal, so I can get away with it 🙃

Really was just interested in what cert generation entailed and did a fun little dive a few years back.

[–] conrad82@lemmy.world 5 points 10 months ago* (last edited 10 months ago) (1 children)

I also have internal only traffic, but I still use let's encrypt. I self signed for a couple of years, but switching to proper certificates made things much simpler and better. Especially on mobile.

I use a combination of my own domain and caddy. and duckdns, since my domain registrar does not have an api caddy can use, but I can point my domain to my duckdns domain and it works 👍

[–] bravesilvernest@lemmy.ml 1 points 10 months ago

I'm the bad guy that installed my CA where needed lol but nice!

[–] Shimitar@feddit.it 1 points 10 months ago (1 children)

Self signed certs needs to be allowed explicitly. If the app didn't took those into consideration then there is not much you can do.

Another point against immich I guess if you need self signed.

I will try to support immich actively in the future, even if my free time is really small nowadays.

[–] bravesilvernest@lemmy.ml 1 points 10 months ago (1 children)

My current backup strategy is BTSync, which while super easy to get going is a pain in the ass to look up old images. Using direct IP on the app works perfectly, and the DNS lookup only works internally anyways.

All that to say that I'm probably going to use it and remove the btsync approach in a couple months.

[–] Shimitar@feddit.it 1 points 10 months ago

Immich is very good for photo backup. I would say it's it best use. Be aware of the limitations above tough.

I find very annoying not having a bare metal installation way. Will try to make it work in the future maybe.

[–] lemmyvore@feddit.nl 1 points 10 months ago (1 children)

As explained in this discussion this seems to be a problem with the web interface only, caused by the framework used by the interface (Svelte). It seems that getting subpaths to work with Svelte is not supported, and the Immich devs are probably right to think it should be fixed by Svelte, not by Immich.

[–] Shimitar@feddit.it 1 points 10 months ago

I fully agree...