Hetzner community provides official full-disk encryption documentation:
https://community.hetzner.com/tutorials/install-debian-with-...
Letsencrypt gives free reliable SSL. You can easily hide Immich behind Nginx proxy that handles SSL for you.
Add cron based automated backup of the entire Immich data to a local encrypted NAS and there you go. Reliable, end-to-end, encrypted at rest setup. So far, it required exactly 0 maintenance.
It’s also more secure because I just drop traffic from all but 3 geographies at the IP level. And you can also add a WAP on the Nginx proxy.
It is also more more secure than Google/iCloude because the „employee of the company“ attack vector is much smaller. It’s documented that Google looks at your photos and is perfectly happy to file false police reports: https://www.eff.org/deeplinks/2022/08/googles-scans-private-...
By comparison, yes it is theoretically possible for Hetzner employees to access my server physically and extract the encryption key from RAM, or setup a fake SSH server to try to steal the key, but that is far more complicated attack and hasn’t been documented yet. And it risks detection.
Actually, moving from Google Photos to Immich after I hit my 100GB storage limit was the whole reason I got into self-hosting, and what a fun ride that has been!
I can't believe self-hosted products of this caliber are free. Huge shout-out to HomeAssistant, PiHole, paperless-ngx, Dawarich, and countless others for the same reason.
Congrats to the team on the release and thank you for helping me catalogue my personal memories
Lets say burglars break in and steal your homelab. Because you don't have e2ee, they can see all the photos you saved of your dead grandmother! Oh no!
Or, in the more likely scenario that something happens to your phone, the lack of e2ee means that even if you lost your keys you didn't lose the only memories that remain of your grandma - you just copy across the .jpgs to a new device.
It's cool they keep the server open and selfhostable instead of only open clients like many e2ee projects do.
I like how you can share an album and anyone can contribute to it without an account. Another cool feature is that you can select photos to lock when you hand your phone to somebody so they can only see the ones you selected without your device unlock.
They rely on immich-go project, which is ridden with bugs and basically abandonware by now. Their own iOS app, which can also be used for syncing iCloud gallery, has outstanding, 2 y/o or so bugs that will fail to upload the Live Motion photos.
My photos exported to Immigh have some 9000 broken, half imported Live Photos and I just don't have time to fix that.
The fact that THIS is not their priority, the most comprehensively A-B tested feature is beyond me. Who cares about OCR if you can't trust that they didn't butcher your imported memories? I just don't get it!
I've downloaded all the chunks once, only to find them corrupted due to... Their 50gb size and using a browser in theory. One also cannot seem to use wget or alternatives because of the auth / session cookies required via Google takeout.
I've yet to even broach the aspect of importing each giant bundle into immich because I've not had success in even grabbing the takeout files correctly, but would LOVE pointers on the best way of importing the roughly 700gb into the database without it ALL going wrong.
I've had great success with immich running in docker for the past year or so, although I have yet to upgrade to the newest version. Google photos backups have been disabled on my phone for a year or so, but I yet to haul in all of the past years.
Also, anyone know if I can get immich to upload the photos without... Running immich once in a while? Would be great if it just automatically sent them to "my cloud".
Great software.
I know they were working on it, but haven't kept up, I just want to know if it works better now and I should try again.
Does this fix this problem? https://github.com/immich-app/immich/discussions/12748
It's a pretty big issue for me having multiple devices and multiple people who want to pool pictures of our cats together in one album.
Currently I have to do this kind of set up:
1. Syncthing sync our photos back to the homelab server hosting immich - /mnt/Syncthing/a1/cats/ - /mnt/Syncthing/a2/cats/ - /mnt/Syncthing/b/cats/
2. cron job copying (hard-link) the photos to a folder mounted as read-only external library volume - /mnt/immich/ext-lib/cats/
3. cron job to run a script that automatically creates albums from external library folder structure: https://github.com/Salvoxia/immich-folder-album-creator
4. cron job clean up photos in the syncthing folder that are older than a year to free up space for our phones (~1TB total. Yes we have problem)
--------------
That said, congrat on the 3.0 release. Although I'm slightly bumped out because I literally just discovered this program a month ago and stabilized my self-host set up just one week ago.
I tried Nextcloud, but the apps/server end up failing to sync after at most a couple month, and it's painful to recover from that. So it doesn't work for me.
I have been considering Immich and Ente, but I would love to know if somebody has experience with that.
Everything is indexed and searched locally, so the photos never leave the device.
The biggest complaint has always been how hard it is to self-host it, but that's not true anymore. If you have a good underlying system that handles all the boring stuff, you can actually have a pretty good experience.
I'm biased because I'm building an OS for this, and it makes spinning up imich so easy.
Which I am yet to do...
These make my albums feel like small blogs which really adds to the experience when sharing e.g. travel albums.
It got to where I had 20% of my space was just thumbnails for each user, even though it was one set of images in the external storage.
Maybe that's changed recently.
Unfortunately Immich is not end-to-end encrypted. If that would have be the case i'd use https://pixelunion.eu/
Seems like a great app though. So... i'm still pondering what to do :-)