Same here for all of the 'self hosted' things. I've also just realized that my UDM has a wireguard implementation titled 'teleport' that seems to do basically the same thing. This is nice because sometimes the server at home that is hosting tailscale breaks, and the UDM will let me into the network at the router level. Knock on wood, that's yet to crash.
I host Immich in Hetzner (VPS w/ attached 1TB storage box) and connect to it using Tailscale which works pretty flawlessly on my phone. It's great, although the VPS is pretty slow and I might move to a home server at some point.
I might also just switch over to Ente so I don't have to deal with the self-hosting. Price for Ente is about equivalent for what I'm paying Hetzner right now.
I’m personally wary of uploading too much private data to any host. I am also a customer of Hetzner, and rent a couple of bare metal servers. But I mostly use it to store data that it wouldn’t be that big of a deal if it was stolen by someone.
I’ve previously experimented a bit with encrypted volumes that I manually decrypt over ssh, and even full disk encryption that I manually decrypt over ssh.
My experience with Hetzner has been good. It is really rare that the servers go down on their own. Reboots are usually my own doing, so I am already “around” to decrypt encrypted volumes.
I have experienced critical, unrecoverable hardware failure on Hetzner servers a couple of times over the years. But I’ve had offsite backups in place since day one, so I never ultimately lost any important data. Had to deprovision the broken server, reprovision a new one and restore from my offsite backup. Which is a bit of a hassle, but no biggie because the only one that relies on my servers is mostly myself. A few days of downtime because I am too busy to set up a new server right away is therefore also ok for me, with how infrequently it has happened.
A single Hetzner server should never be the only place hosting a copy of all your photos or other data you cannot afford to lose. But that applies to any host really. Not unique to Hetzner.
> A single Hetzner server should never be the only place hosting a copy of all your photos
Hetzner (or any vps provider) should not be a place at all to store ANY copy of your photos, unencrypted.
I agree that they respect privacy a lot, they're probably the best of all the service providers when it comes to your data and that there are data protection laws in place etc etc
but in the end, it's your personal photos, I wouldn't be willing to upload it to any provider unencrypted, good that you're encrypting
I took care of it myself by cancelling my rental of the server and renting a different one. And then setting up that one the way I wanted it and restoring data from my offsite backup.
I think there was a form asking for reason for cancelling the server and I ticked something like “other” and left a note for them saying that there was hardware problems. So I would assume they have a look at it, replace the bad components and then rent it out to someone else.
Huh. Was curious what kind of discount they provide in case of downtime caused by hardware failure, but it sounds like they didn't even notice. Shouldn't they monitor the basic vitals? Or you simply reacted too quickly?
No, it's really a temporary solution. My ideal setup will be having it on a local server w/ encrypted backups to Hetzner (or Backblaze or whatever) but I need to acquire the hardware for it and got fatigued with de-Googling so I put the project on hold as "good enough" for now.
If anybody does manage to get a hold of all of my photos... I won't be too heartbroken about it. It would be creepy for somebody to have them but there's nothing incriminating in there and it's literally 90% pictures of dogs and cats (and 9% landscapes/flowers, 1% people)
You could keep the Hetzner VPS with storage for faster online serving of assets and connect a second immich instance only for machine learning on your home server. That way you'd get the best of both worlds: fast media serving and higher performance. That would mean that images are uploaded to the Hetzner server, but the compute-intensive image classification takes place on your home server.
What's the risk in allowing a port through a firewall to an application you already trust? How do other applications solve this without a need for an open port?
Tailscale works great, but it's annoying to have to have an always on VPN on android for it. I need to switch tailscale off if I need to switch to another VPN.
Also when I have it on my private DNS stops working, which to be fair I haven't put a huge amount of effort into solving yet.
I love it for things like ssh to a server at home, but for things like hosting a service I prefer something like cloudflare tunnel or a self hosted reverse proxy. Though tailscale funnel looks promising.
I seriously dislike adding a package source for a single application. It feels dirty to me. I can't explain it but it makes me feel like I need to take a shower.
I don't use arch but this looks cleaner than whatever Debian or fedora (both of which I use) have going on
Alternatively, I feel much better when the upstream vendor is the one packaging and signing the software I install, instead of a (possibly malicious) volunteer from my distro's repository team.