Selfhosted

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you're running your services behind Wireguard so there isn't too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you're more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won't know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

Congrats !!!!

Only one day? Lucky you ! It took me a whole week to get it to work with self-signed ssl certificate behind Traefik + docker + Adguardhome.

Adguard home rewrites and the correct certificate configuration solved most of my isues (android can be picky with self-signed root certificates). But I learned ALOT through the whole week, so I didn't waste my time :).

I hope you too learned alot :) but if I may, I would switch from AdguardHome to Pi-hole.

I know... AdguardHomes functionalities and UI are awesome and overpass Pi-Holes' but since I saw they add some strange trackers and very sketchy DNS request in their AdguardVPN android application, I don't trust them anymore !

If you only access your local domain name inside your LAN and via VPN you can also use Caddy to have local SSL certificates https://caddyserver.com/docs/automatic-https#local-https Have not tried this myself yet but I like the idea of not getting any warnings in browser, and this is safe as long as the Caddy CA root certificate is safe.

I used chatgpt to create the exact steps, commands and configurations I needed for my setup and achieved this the seemingly cheatful way. I used nginx and certbot. Worked like a charm. Congrats!

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

10 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

[Thread #719 for this sub, first seen 28th Apr 2024, 06:25] [FAQ] [Full list] [Contact] [Source code]

I just click the "install" button on Yunohost 🤷

I also host all my stuff on 192.168.1.2. It's just my gaming pc with a bunch of services for piracy but it's good enough until I can build a proper server in the future.

That’s a lovely desktop picture.

I'm running immich on a Debian machine at home. Anyone can point me to a detailed tutorial on how to achieve this including SSL and with no payments or subscriptions needed?

This exactly what I'm trying to do, get valid https certificates via a domain name on cloudflare. I have nginx proxy manager running and working to serve a couple of sites like home assistant. The problem I'm having is how do I get valid certificates for my internal services via npm but only be able to access them inside my lan not the internet?