d00phy

I want to start by saying I recognize that everyone's needs & priorities are different.

My wife and I both have iPhones, and i have a Pixel 7 Pro I use for work (and sometimes to compare the camera to the iPhones). All of our photos are currently backed up to iCloud (Apple One Premier - 2TB storage) and via Synology Photos. The Pixel has "unlimited" storage for photo backup w/ Google, and also backs up to the Synology. In general, I would like to get off of Google, but it's 99% work stuff that I wouldn't miss if it was lost.

There's a lot that I really like about Immich, but there are also some real pain points for me. I'm not going to comment on the discrepancies between the mobile vs. web interfaces as I expect them to be addressed as the product matures.

• The rapid development is both a blessing and a curse. I love that the team are really working through the roadmap. But sometimes it feels like new features arrive somewhat half-baked. The most common example being something is released working on just the web or mobile app. But the pace also creates extra work for me in that every release requires me to look for breaking changes and make appropriate fixes. I get it, it's beta software, and heavy development often requires this.
• If it mis-identifies a face, the mechanism for correcting that is pretty clunky. I have to first, say it's a different person, and then, if I don't care about tagging that face, I have to go to People to hide it. I don't really care about faces that it completely misses because I don't consider facial recognition as a "archive-grade" feature. We have tags/keywords for that.
• The tagging is both cool and clunky. I love the nested tags and the drill-down tags interface. I hate that I can only add a new tag from the tags admin page. Would also like to see auto-tagging, or suggested tags implemented.
• Image rotation is half-addressed at best. For one, I'm not sure why it only works on the mobile interface since the web interface has direct access to ImageMagick. I mainly see image orientation issues w/ raw files. To fix this, I have to edit it on mobile, save it to my phone's library and upload the newly created JPG, which shows up as a separate file w/ metadata that doesn't align w/ the original (like creation date). It's just a mess.

I started playing with PhotoPrism a little bit, and while it addresses many of my complaints w/ Immich, it also raises some of its own pain points.

• Probably the biggest issue I have with PhotoPrism is the lack of mobile apps. There are some out there, but the recommended app is a third-party WebDav app called PhotoSync. I tried it and wasn't overly impressed. At least, not enough to pay for it. This would be a dealbreaker except that I can simply use the Synology Photo backup, and have PhotoPrism mount those directories as its library ( can also do this with Immich's "External Library" feature).
• The metadata editing is comprehensive. In this one regard it is streets ahead of Immich. Seriously, you have so much more access to the photo metadata. Unfortunately, it's hampered by the limited batch capabilities.
• Batch editing isn't really batch editing. It's just editing a smaller subset of individual files one at a time. So when go to to the next or previous file, it the next or previous one in the selected subset.
• Keywords are supports, and new ones can be created on the fly. That said, nested keywords don't appear to work.
• There's also labels. Both are auto-suggested, and both can be manually edited. Labels are also accessible from the sidebar. No nested labels, either, but it does auto sort labels into broad categories. For example, "dog" and "cat" are placed into an "animals" category. You can switch between showing/hiding the broad categories. You can also have favorite labels.
• Image orientation/rotation is done right in the photo editing dialog. One more area where PP beats Immich.

I currently haven't decided which one I will keep. I could use either with the Synology Photo app to back up my phones. PhotoPrism's lack of mobile app is really bad, but the mobile web interface is fine for navigating the library. Immich is a more wholistic solution, but it's handling of some key organizational and editing functions is pretty glaring as well. I know Immich is the overwhelming favorite of most self-hosting communities, but I found PhotoPrism to be pretty compelling in its own right - especially the metadata editing capabilities.

ETA: I see lots of people talking about Immich’s facial detection. Out of curiosity, what are your detection settings? I’ve found it to be pretty good compared to Photo Prism’s, but not exactly game changing. My settings are:

• Model: antelopeV2
• Min Score: 0.2
• Max distance: 0.5 Min recognized faces: 1

Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don't have to open any ports on my router for this to work, and I don't need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare's 100MG upload limit, but I can easily work around that, and it's not a limit I see myself hitting too often.

What's not clear to me is what I'm missing by not using Traefik or Caddy. Currently, the only thing I don't have in my setup is central authentication. I'm leaning towards Authentik for that, and I might look at putting it on a VPS, but that's the only thing I have planned. Other than that, almost everything's running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.

I've been banging my head on this for a few days now, and I can't figure this out. When I start up immich container, I see in docker ps:

CONTAINER ID   IMAGE                                                        COMMAND                  CREATED              STATUS                        PORTS                                                                                                             NAMES
1c496e061c5c   ghcr.io/immich-app/immich-server:release                     "tini -- /bin/bash s…"   About a minute ago   Up About a minute (healthy)   2283/tcp, 0.0.0.0:2284->3001/tcp, [::]:2283->3001/tcp                                                             immich

netstat shows that port 2283 is listening, but I cannot access http://IP_ADDRESS:2283 from Windows, Linux, or Mac host. If I SSH in and run a browser back through that, I can't access it via localhost. I even tried changing the port to 2284. I can see the change in netstat and docker ps outputs, but still no luck accessing it. I also can't telnet to either port on the host. I know Immich is up because it's accessible via the swag reverse proxy (I've also tried bringing it up w/ that disabled). I don't see anything in the logs of any of the immich containers or any of the host system logs when I try to access.

All of this came about because I ran into the Cloudflare upload size limit and it seems I can't get around it for the strangest reason!

A long long time ago, I bought a domain or two, and a shared hosting plan from Dreamhost w/ unlimited bandwidth/storage. I don't have root access, and can't do containers on this. It's been useful for a Piwigo instance to share scanned family photos. The problem I have is the limited resources really limit Piwigo's ability to handle the large TIF files involved in the archival scans. There are ways around this, but they all add time to the workflow that already eats into my free time enough. I'm looking at moving Piwigo to my local server that has plenty of available resources. That leaves me with little reason to keep the Dreamhost space. So what's a decent use case for cheap, shared hosting space anymore?

To be clear, I'm not looking for suggestions to move to a cheap VPS. I've looked into them, and might use one in the future, but don't need it right now. The shared hosting costs about $10.99/month at the moment. If there was a way I could leverage the unlimited bandwidth/storage as an offsite backup, that would be amazing, but I'm not sure it would be a great idea backing up stuff to a webserver where there best security I can add it via an .htaccess file.

Was in DC at the end of September staying at the Waldorf (Trump’s old hotel), and saw a bunch of black SUVs with this flag in the windshield parked on the curb by an entrance not open to regular traffic. Also saw press there and some folks walking around in military uniforms. An image search suggested it might be Gabon, but that flag didn’t include the seal in the middle.

Given the state of the GOP, and who would be beating the "liberal" candidate, this makes a lot of sense. Probably some decent reading for anyone still thinking they just won't vote because Harris isn't progressive enough. She might not be your cup of tea, but I'm betting the other guy is way less so.

I currently have my home services set up in a way I like, and think I understand. I have an S12 pro w/ *arr, Overseerr, Immich, paperless, etc running. The only things exposed are immich, paperless, and overseerr. This is via swag/dockerproxy over a cloudflare tunnel. This makes it so I don't have to do anything on the cloudflare end or my router to add a new service. DockerProxy picks up a new container, swag configures a reverse proxy automatically (assuming it recognizes the container, but it also supports custom configs) using the container_id as the subdomain.

I'm looking at setting up a VPS to host authentik and uptima kuma (to start - maybe ntfy in the future). What I'd like to do is have the public interface on these containers use the same cloudflare tunnel I'm currently using... or a second one, if necessary. For the interface back to my home server, I'd like to use Tailscale. I already have it running on my home server, and I expect I'll install it on my VPS. The goal here is the "public" connection uses the cloudflare tunnel, and the backend connection is over tailscale.

I've tested that I can spin up swag/dockerproxy on a second box in my lab and it will connect to cloudflare. I have not yet tested standing up a container on that box to see if the proxy works as expected.

So, questions:

• Tailscale on VPS: container or no? Obviously, if I can't install it locally, I'll put it in a container
• How to I configure a container to use these 2 networks? I'm fairily good on getting the cloudflare part working. The TS part is new to me, and all the documentation I've seen doesn't really cover other containers using the tailnet.
• Am I overthinking this? If I put these services on tailnet alone, will the cloudflare tunnel... tunnel back and forth to/from clients not on tailnet?

Seen in my email this morning. Obviously spam, but really!?

I have the arr stack and immich running on a beelink S12 pro based on geekau mediastack on GitHub. Basically, and I'm sure my understanding is maybe a bit flawed, it uses docker-proxy to detect containers and passes that to swag, which then sets up subdomains via a tunnel to Cloudflaire. I have access to my services outside of my LAN without any port forwarding on my router. If I'm not mistaken, that access is via the encrypted tunnel between swag & Cloudflaire (please, correct me if I'm wrong).

That little beelink is running out of resources! It's running 20 containers, and when immich has to make any changes, it quickly runs low on memory. What I would like to do is set up a second box that would also run the same "infrastructure" containers (swag, docker-proxy), and connect to the same Cloudflaire account. I'm guessing I need to set up a second tunnel? I'm not sure how to proceed.

Trying to do a couple things. I have 2 jump hosts I can use to get into my cluster login node. From my laptop to the jump hosts is password. From jump hosts to login node can be key-based, so if I do it all from CLI:

[me@home ~]$ ssh user@jump1
Password:
[user@jump1 ~]$ ssh user@login1
[user@login1 ~]$ 

Same process if I use jump2.

So first thing I'm trying to do is set up my ~/.ssh/config to use the ProxyJump host and key file to get to login1. I have the following:

Host jump1
  Hostname jump1.domain
Host jump2
  Hostname jump2.domain
Host login1
  Hostname login1.cluster
  ProxyJump jump1
  #ProxyJump jump2

I'm not sure how to configure the IdentityFile entries for each jump host. The user on the jump hosts has different id_rsa keys in ~/.ssh, but both are in the authorized_keys file on login1.

Second thing I'm trying to do is join or start a tmux session. From CLI, I can run:

tmux has-session -t mysession || tmux new -s mysession && tmux a -t mysession

I've learned that to just join a running session (tmux a -t mysession), I need to include "RequestTTY yes" in my ssh config entry for login1. What I can't get working is the conditional statement that will fire up a new tmux session if it doesn't already exist.

I’ve seen a lot of recommends for Immich on here, so I have an idea what the answer here is going to be, but I’m looking for some comparisons between it and Photoprism I’m currently using Synology Photos, and I think my biggest issue is it’s lack of metadata management. I’ve gotten around that with MetaImage and NeoFinder. I’m considering moving to something not tied to the Synology environment.