Immich on Hetzner | blog.sivak.eu
blog.sivak.eu

My path to EU hosted Immich instance on Hetzner servers (Germany + Finland)

In the post you can find:

  • Why Immich
  • Why Hetzner
  • Repository with examples
  • Backup strategy
  • Cost comparison

Hope you will enjoy this post

  • kaosterra@piefed.socialEnglish
    3·
    2 days ago

    Why did you choose a volume to store photos instead of the storage box? I have a similar set up but I mount the storage box with CIFS and use it as the main media storage. I have not noticed any latency issues so far.

    • MikeGrey@lemmy.mlOPEnglish
      1·
      1 day ago

      Mainly because I wanted to use Storage Box as a backup, with it being the main data storage, I would need to figure out backup solution

      Plus I was afraid of latency, glad to hear that it is not a problem - maybe in the future I can try to use it as you are now, thanks

    • kossa@feddit.orgEnglish
      1·
      2 days ago

      Teach me your magic. Even when trying to mount from a Hetzner VPS my storage box always unmounts, no matter if cifs or sshfs. And then, when the VPS tries to automount again, for some reason the IP gets blocked for some time 😮‍💨

      • kaosterra@piefed.socialEnglish
        3·
        2 days ago

        I followed Hetzner’s docs on how to mount it with a small twist.

        The docs say to edit /etc/fstab to add some automount config using charset=utf8 but the VPS OS did not include the utf8 charset module by default (Ubuntu used to to bundle it but now it doesn’t). So had to run:

        # Install additional packages
sudo apt install linux-modules-extra-$(uname -r)

# Make OS load nls_utf8 module on boot
sudo echo "nls_utf8" >> /etc/modules-load.d/cifs.conf

        There was a way to load the module without reboot but can’t remember. Once I did that, I followed Hetzner’s docs and that was it.

        • kaosterra@piefed.socialEnglish
          1·
          2 days ago

          and I just found out that running sudo apt full-upgrade may update your kernel which means you have to do the module setup again for the new kernel

  • Señor Mono@feddit.orgEnglish
    71·
    3 days ago

    I didn’t read your article, yet.

    How is the encryption realized? Could Hetzner admins simply view your photos?

    • kaosterra@piefed.socialEnglish
      4·
      2 days ago

      He mentions that he uses Hetzner’s volumes for storage and storage box for backups. Hetzner’s docs don’t mention anything about at-rest encryption and Immich does not encrypt data either, so anyone with access to the VPS or Hetzner account would be able to see them.

      If you want end-to-end encryption I’d suggest self-hosting something like Ente

      • Señor Mono@feddit.orgEnglish
        1·
        2 days ago

        Or hosting immich on a system with an encrypted drive 🤷‍♂️

        I just wanted to point out the sensitive part ☺️

  • veleth@sh.itjust.worksEnglish
    6·
    3 days ago

    Nice read.

    If you are the only user of your Immich instance, you can put it behind Tailscale and block outside traffic altogether.

    I’ve recently set up Immich as well, but on my own infrastructure, with Tailscale for access from outside my home network

    • MikeGrey@lemmy.mlOPEnglish
      3·
      2 days ago

      Thank you, once I have my NAS at home, I am going to use Tailscale (with Mullvad VPN combination)

  • papagaya@feddit.orgEnglish
    4·
    3 days ago

    Thank you, interesting read. I came to a similar conclusion as you at the end of your article: it gets pricy real quick, so I opted for the self-hosted NAS and use hetzner storage for backup. I was surprised how easy it is to surpass the 100GB.

    But besides hardware and maintenance cost, it costs roughly 5€/month for electricity.

    • MikeGrey@lemmy.mlOPEnglish
      1·
      2 days ago

      Thank you and yes, NAS is my future choice. For now (since I also host my blog on that server) price is not that bad