←back to thread

Self-hosting my photos with Immich

(michael.stapelberg.ch)
659 points birdculture | 4 comments | 30 Nov 25 09:11 UTC | HN request time: 0s | source
Show context
oliyoung ◴[06 Dec 25 03:14 UTC] No.46170280[source]
Docker + Immich + Tailscale is the killer replacement to Google & Apple Photos, it's simply that simple
replies(5): >>46170298 #>>46170557 #>>46170668 #>>46171941 #>>46174672 #
vvpan ◴[06 Dec 25 03:16 UTC] No.46170298[source]
Can you elaborate? What role does Tailscale play? I selfhost and have heard about Tailscale but couldn't figure out how it's used.
replies(6): >>46170318 #>>46170439 #>>46170676 #>>46170743 #>>46170764 #>>46171013 #
UltraSane ◴[06 Dec 25 04:43 UTC] No.46170764[source]
With tailscale on your server and endpoints you can access the server from anywhere without even having to open any ports. It is like magic.
replies(1): >>46175146 #
lucb1e ◴[06 Dec 25 17:46 UTC] No.46175146[source]
If you don't open ports, how can it reach your internal services to allow you access to them?
replies(1): >>46176669 #
UltraSane ◴[06 Dec 25 21:18 UTC] No.46176669[source]
by using a wireguard tunnel and NAT traversal

https://tailscale.com/blog/how-nat-traversal-works

replies(1): >>46178184 #
1. lucb1e ◴[07 Dec 25 00:48 UTC] No.46178184[source]
Ah, by using their servers:

> How do we break the deadlock? That’s where STUN comes in. [...] In Tailscale, our coordination server and fleet of DERP (Detour Encrypted Routing Protocol) servers act as our side channel

replies(1): >>46179316 #
2. UltraSane ◴[07 Dec 25 05:11 UTC] No.46179316[source]
Yes, NAT traversal is used widely. It is only needed at the start of the connection to get both firewalls to open ports. The encrypted wireguard tunnel is point to point
replies(1): >>46183749 #
3. lucb1e ◴[07 Dec 25 18:18 UTC] No.46183749[source]
What I find crazy is that people describe "not self hosting" as a "like magic" solution to self hosting
replies(1): >>46187143 #
4. UltraSane ◴[08 Dec 25 01:00 UTC] No.46187143{3}[source]
You can run your own DERP server if you really want to

docker run -d --name derper -p 443:443 -p 3478:3478/udp \ ghcr.io/tailscale/derper:latest