Selfhosted

I’m moving to a new machine soon and want to re-evaluate some security practices while I’m doing it. My current server is debian with all apps containerized in docker with root. I’d like to harden some stuff, especially vaultwarden but I’m concerned about transitioning to podman while using complex docker setups like nextcloud-aio. Do you have experience hardening your containers by switching? Is it worth it? How long is a piece of string?

Hello everybody, Daniel here! We're excited to be back with some new updates that we believe the community will love!

As always before we start, we'd like to express our sincere thanks to all of our Cloud subscription users. Your support is crucial to our growth and allows us to continue improving. Thank you for being such an important part of our journey. 🚀

What’s new:

🖼️ Custom Preview Image

Allows users to set a specific preview image for links, making them more visually distinctive and personalized.

!

🎨 Custom Icons for Links and Collections

Thanks to Phosphor Icons, users can now assign unique icons to both individual Links and Collections, each with thousands of unique combinations.

!

ℹ️ New Link Details Drawer

We added a new drawer to display a full view of Link Details, Preserved Formats, and Additional information.

!

🛠️ Customizable View and Adjustable Columns

You can now customize what to view and adjust the number of columns in the Linkwarden dashboard.

!

🔄 Browser Synchronization

Special thanks to Marcel from Floccus, you can now sync your browser bookmarks with Linkwarden using Floccus.

• Floccus GitHub Repository
• Floccus Chrome Extension
• Floccus Firefox Add-on

↗️ Open all Links under a Collection

Allows users to open all links under a collection in a new tab.

!

🌐 Added many more Translations

Thanks to all the contributors, we now support the following languages to make Linkwarden accessible to a broader, global audience:

• 🇹🇼 Chinese - Taiwan (zh-TW)
• 🇳🇱 Dutch (nl)
• 🇩🇪 German (de)
• 🇯🇵 Japanese (ja)
• 🇧🇷 Portuguese - Brazil (pt-BR)
• 🇪🇸 Spanish (es)
• 🇹🇷 Turkish (tr)
• 🇺🇦 Ukrainian (uk)

👥 Reserve more Seats

Cloud subscribers can now add more seats and invite users who aren’t on Linkwarden from their billing page. Learn more about managing seats in our documentation.

🔗 Editable Link URL's

Users can now directly edit link addresses without needing to create a new entry.

🐳 Smaller Docker Image

The Docker image size has been reduced by around 50%, optimizing storage usage and making deployment faster.

✅ And more...

Check out the full changelog below.

Full Changelog: https://github.com/linkwarden/linkwarden/compare/v2.7.1...v2.8.0

---

If you like what we’re doing, you can support the project by either starring ⭐️ the repo to make it more visible to others or by subscribing to the Cloud plan (which helps the project, a lot).

Feedback is always welcome, so feel free to share your thoughts!

Website: https://linkwarden.app

GitHub: https://github.com/linkwarden/linkwarden

Read the blog: https://blog.linkwarden.app/releases/2.8

Hello,

I would like to use the URL of Whoogle's settings so that I can use different settings.

How can I save and use the settings via the URL?

https\://tst.us?preferences=uG8MBIJwHdiwDp1QdzDg92Jvu-uXf9XXc4pizSjScK0YUIsWiEyA-\_U3hz5hFvMYUeiUWWOdbNNUzMuFyMZNVFye-vhkKn2L\_sXt5XNyOvkpjwBhPP2MsakXYPsw227zq00CMwioW33qsIsoNbTFDCw9VkCLrGLHxYCq3D9ZtT53ho0glFtjopDko5ucuPeYJU7QbyQWbNAT0xxeTqiXDLneMMDXCiexiWcjc0B4F4msP7JwS605uJuHFJHCHwcDQCa6VHw==

(tst.us does not exist, it is a sample.

Unfortunately, it has no effect on the settings if I use this URL for the search.

Immich is an amazing piece of software, but because it holds such personal data I have only ever felt comfortable accessing it via VPN or mTLS. This meant that I could never share any photos, which had been really bugging me.

So I built a self-hosted app, Immich Public Proxy, which allows you to share individual files or full galleries to the public without ever exposing your Immich instance. This uses Immich's existing sharing functionality, so other than the initial configuration everything else is handled within Immich.

Why not just expose Immich publicly with Traefik / Caddy / etc?

To share from Immich, you need to allow public access to your /api/ path, which opens you up to potential vulnerabilities. It's up to you whether you are comfortable with that in your threat model.

This proxy provides a barrier of security between the public and Immich. It doesn’t forward traffic to Immich, it validates incoming requests and responds only to valid requests without needing privileged access to Immich.

Demo

You can see a live demo here, which is serving a gallery straight out of my own Immich instance.

Features

• Supports sharing photos and videos.
• Supports password-protected shares.
• Creating and managing shares happens through Immich as normal, so there's no change to your workflow.

Install

Setup takes about 30 seconds:

1. Take a copy of the docker-compose.yml file and change the address for your Immich instance.

2. Start the container: docker-compose up -d

3. Set the "External domain" in your Immich Server Settings to be whatever domain you use to publicly serve Immich Public Proxy. Now whenever you share an image or gallery through Immich, it will automatically create the correct public path for you.

For more detail on the steps, see the docs on Github.

After he notified the community that he is in hospice care a few weeks ago, his wife has now notified the community that TTeck, the founder of the Proxmox Helper Scripts, has sadly passed away.

The project has been transferred to the community earlier so the Proxmox Helper Scripts as TTeck's legacy will live on.

Only a few people have contributed so much to Open Source as his scripts were a gateway for a lot of people who then ventured into self hosting an then onwards into an IT career.

Or perhaps a self-hosteable webapp i could add the words myself from curated sources on the internet to then do quizzes on it?

> As Synology explains in security advisories published two days after the flaws were demoed at Pwn2Own Ireland 2024 to hijack a Synology BeeStation BST150-4T device, the security flaws enable remote attackers to gain remote code execution as root on vulnerable NAS appliances exposed online. > > "The vulnerability was initially discovered, within just a few hours, as a replacement for another Pwn2Own submission. The issue was disclosed to Synology immediately after demonstration, and within 48 hours a patch was made available which resolves the vulnerability," Midnight Blue said.

From a different source:

> Synology proactively sponsors and works with security researchers as part of product security initiatives. At this year's Pwn2Own Ireland 2024 event, which took place in late October, we successfully discovered and resolved multiple security vulnerabilities. > > While these vulnerabilities are not being exploited, we recommend all Synology device administrators immediately take action to secure their systems by updating due to the scope and severity of specific issues.

> This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

cross-posted from: https://lemmy.eco.br/post/8758930

> If you're using Vaultwarden, you should update because of security fixes.

Hello. I’m pretty new here. I just managed to get my Raspberry Pi setup at home to selfhost a simple website that will act as my portfolio for some art I do.

I’m using WordPress to make the content of the website, meaning it runs on Apache, MariaDB and MySQL in the background. It’s connected via port 80 since I don’t want to pay for SSL certificates to setup https. There will be no accounts or transactions happening on my website. I don’t have anything to manage my dynamic IP but I’ll figure that out later. I’ve deleted the default Pi user on the RPi.

Are there security issues I should address preemptively? I’m worried for instance that I am exposing my home network, making it easier for someone to breach into whatever is connected there.

Any tips on making sure my setup is secure?

Warning there are some tall-ass images in this post.

A few years ago I got mad enough at the temperature gradient in my town house that I designed and build a bunch of ESP8266 sensors to feed data into an RRD so that I could have some pretty graphs to be angry about as well. (As of this week I have also started logging stats from my UPS and server.) Using the minimum of HTML and CSS I threw those graphs, a map of the previous day's incoming network traffic, and some convenient links onto a homepage that I use on all of my devices. At a glance this tells me if the furnace/AC is working, if my server is having a fit for unknown reasons, and if the local power grid is playing it fast and loose with the voltage and frequency (which I suspect they do).

!

Clicking the temperature/humidity data leads to a long term data page covering 2 years of data in varying resolution. The gap last fall was when the garage sensor failed and I was waiting for Aliexpress.

!

There are also long term trends for the server load and UPS but they have only been logging for a few days so there is not much to look at.

Clicking the map on the home page leads to a text file containing a summary of all incoming traffic to apache and ssh. The ssh server is on a high port number and doesn't see much traffic but occasionally a persistent bot will find it.

!

Everything but my landing page (this animation in p5.js https://old.reddit.com/r/cellular_automata/comments/1djwjbu/waves_processingorg/ with the text "Hey this isn't where I parked my car" overlayed) is behind basic auth or better and I have push notifications set up for every ssh login (even my own), in 5 years I have never had a successful login from an attacker, this is not an invitation, have mercy.

All the data is gathered with python scripts and stored in RoundRobinDatabases or, in the case of network data, digested down into a CSV. The climate sensors respond to requests on port 80 with the temperature and humidity separated by a comma to allow for easy polling. The map is generated by looking up the IPs' information on Shodan then plotting the location data if it was present.

Absolutely none of this is the ideal solution, there are existing projects that cover literally every aspect plus a dozen extra features I could never hope to implement. I wrote as much as I could from scratch just to see if I could, it's more fun to drive a shitty car that you built than one you bought from the dealer.

Aaaand I accidentally made the UPS database only 24hrs instead of the 10years I had intended. Lucky for me rrdtool has a function to expand an rrd without wiping out the data!

Hi everyone, I've been building my own log search server because I wasn't satisfied with any of the alternatives out there and wanted a project to learn rust with. It still needs a ton of work but wanted to share what I've built so far.

The repo is up here: https://codeberg.org/Kryesh/crystalline

and i've started putting together some documentation here: https://kryesh.codeberg.page/crystalline/

There's a lot of features I plan to add to it but I'm curious to hear what people think and if there's anything you'd like to see out of a project like this.

Some examples from my lab environment:

events view searching for SSH logins from systemd journals and syslog events: !

counting raw event size for all indices: !

performance is looking pretty decent so far, and it can be configured to not be too much of a resource hog depending on use case, some numbers from my test install:

• raw events ingested: ~52 million
• raw event size: ~40GB
• on disk size: ~5.8GB

Ram usage:

• not running searches ingesting 600MB-1GB per day it uses about 500MB of ram
• running the ssh search examples above brings it to about 600MB of ram while the search is running
• running last example search getting the size of all events (requires decompressing the entire event store) peaked at about 3.5GB of ram usage

Well, here my story, might it be useful to others too.

I have a home server with 6Tb RAID1 (os on dedicated nvme). I was playing with bios update and adding more RAM, and out of the blue after the last reboot my RAID was somehow shutdown unclean and needed a fix. I probably unplugged the power chord too soon while the system was shutting down containers.

Well, no biggie, I just run fsck and mount it, so there it goes: "mkfs.ext4 /dev/md0"

Then hit "y" quickly when it said "the partition contains an ext4 signature blah blah" I was in a hurry so...

Guess what? And read again that command carefully.

Too late, I hit Ctrl+c but already too late. I could recover some of the files but many where corrupted anyway.

Lucky for me, I had been able to recover 85% of everything from my backups (restic+backrest to the rescue!) Recreate the remaining 5% (mostly docker compose files located in the odd non backupped folders) and recovered the last 10% from the old 4Tb I replaced to increase space some time ago. Luckly, that was never changing old personal stuff that I would have regret losing, but didn't consider critical enough on backup.

The cold shivers I had before i checked my restic backup discovering that I didn't actually postponed backup of those additional folders...

Today I will add another layer of backup in the form of an external USB drive to store never-changing data like... My ISOs...

This is my backup strategy up to yesterday, I have backrest automating restic:

• 1 local backup of the important stuff (personal data mostly)
• 1 second copy of the important stuff on an USB drive connected to an openwrt router on the other side of home
• 1 third copy of the important stuff on a remote VPS

And since this morning I have added:

• a few git repos (pushed and backup in the important stuff) with all docker compose, keys and such (the 5%)
• an additional USB local drive where I will be backup ALL files, even that 10% which never changes and its not "important" but I would miss if I lost it.

Tools like restic and Borg and so critical that you will regret not having had them sooner.

Setup your backups like yesterday. If you didn't already, do it now.

Thanks for all the great replies!

Hello I've been playing around with an old laptop as my home server for 1 year and I think that now it's a good time to upgrade to something better since it feels a bit too slow.

I was thinking to buy a synology but I would prefer something custom because I hate that sometimes the manufacturers decide to abandon support or change all their terms of service.

My budget is about 1000$ USD, I'm looking for it to have at least 20TB and the option to later add a graphics card would be nice.

What do you recommend to buy? Also what software do you recomend? Also could it work with an n100 mini PC?

I've been using Ubuntu server, with docker containers for several services, but I mainly use it for Nextcloud

Hypixel.net is both their website and mc server adress.

Is it just that https is on port 443 and minecraft is on port 25565?

And if that is the case, can i do something similar by making a reverse proxy have two seperate server blocks for the one domain, with different ports?

If you think this post would be better suited in a different community, please let me know.

---

Topics could include (this list is not intending to be exhaustive — if you think something is relevant, then please don't hesitate to share it):

• Moderation
• Handling of illegal content
• Server structure (system requirements, configs, layouts, etc.)
• Community transparency/communication
• Server maintenance (updates, scaling, etc.)

---

Cross-posts

1. https://sh.itjust.works/post/27913098

I would like to use a smart watch with health tracking (e.g pulse, steps, sleep tracking) but I don't want to setup an account and send my data to a proprietary cloud.

Can I sit host 'tge cloud'.

If not, can you recommend any watch which i can just sync data from watch to my Linux laptop (again: no account, etc)

Thanx

I've been enjoying chatting on IRC and was wondering if anyone has any relevant experience with any bouncers?

I tried setting up ZNC but could not get any clients to work with it.

I finally settled on soju with goguma as client, but since no up-to-date Docker container existed, I had to create my own Dockerfile for that.

For now, it's only available on my LAN (proxied through nginx), and am uncertain if exposing it externally is a good idea (I already have a VPN, but prefer to expose services if it's safe to do so).

Hello lovely people, I'm enjoying this community a lot, I have learnt many things and got my server up and running with decent amount of useful services. It wouldn't be possible without all the help I got here and it's time to give back something from myself. Maybe one of you will host this app, hopefully.

MedAssist is a simple Node.js application made with love to help my partner manage their daily medications. It makes it easy to keep track of medication inventory and reorder on time by sending reminders. If you're unsure whether a dose was taken, just check the dashboard, and comparing the expected stock with the actual quantity can help confirm. For travel, MedAssist takes away the stress by generating a quick list of all necessary medications for the time you’ll be away.

Keep in mind I’m not a professional programmer, coding is just a hobby for me. Working on this project is a way for me to unwind on stressful days and spend some time doing something I enjoy. I’d be happy if anyone else finds it useful, but I’ll likely keep it going either way!

I am self educated and I have already impressed myself with results I got so far, but it might make real coders laugh (which is also not bad hehe). I had some previous javascript experience (some simple stuff), but other than that I followed many guides and got decent amount of help from AI.

Features:

• Track medication inventory and know exactly when to reorder
• Receive email reminders when supplies are low
• Generate a custom medication list for travel, including quantities needed for your chosen timeframe (optionally send by e-mail)
• Simple dashboard showing medication status and upcoming schedules
• User friendly web interface for easy medication management and configuration

!

!

It can be hosted in Docker container and docker-compose is available on GitHub. You can also try out Demo

It is my first GitHub project, also first application and first docker container I made. Feel free to ask anything, feedback and all suggestions are welcome!

Have a nice day R

I thought this was an interesting post and discussion on selfhosted. Thoughts?

Some great points, but it's nonsense to say r/selfhosted isnt about selfhosting. I've learned so much there.

Hi guys!

I'm considering moving away from duckdns, as it's becoming increasingly unreliable. I'd like to check some other free dynamic DNS alternatives (I'm open to suggestions!).

My idea would be to have the server run under two different domains, but both directing to the same services. Is this possible? What shoudl I change in nginx in order to answer to two different domains/names?

Thanks!

Hi!

First of all sorry if this is the wrong place to ask, if it is, please point me to a better suited channel!

Anyway I've got this old 2TB HDD attached to a rpi 4b, it worked flawlessly until now, the last few days it started disconnecting randomly..

If i reboot it mounts back again.

This is the df output: ``` /dev/sdb1 1.8T 535G 1.2T 31% /mnt/2tb

```

And this is sudo dmesg | grep sdb (the device is sdb ofc). ``` [ 14.970908] sd 1:0:0:0: [sdb] 3907029168 512-byte logical blocks: (2.00 TB/1.82 TiB) [ 14.978857] sd 1:0:0:0: [sdb] 4096-byte physical blocks [ 14.984484] sd 1:0:0:0: [sdb] Write Protect is off [ 14.989382] sd 1:0:0:0: [sdb] Mode Sense: 43 00 00 00 [ 14.989684] sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 15.044802] sd 1:0:0:0: [sdb] Preferred minimum I/O size 4096 bytes [ 15.051196] sd 1:0:0:0: [sdb] Optimal transfer size 33553920 bytes not a multiple of preferred minimum block size (4096 bytes) [ 15.065585] sdb: sdb1 [ 15.068403] sd 1:0:0:0: [sdb] Attached SCSI disk [ 22.631983] EXT4-fs (sdb1): recovery complete [ 22.660922] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Quota mode: none.

```

The device has an external power supply of its own, so it's not a power issue.. This setup worked for a couple of years.

I cannot see anything wrong here, pheraps is the HDD which is going bad?

Is this possible on any modern day phone or tablet? Selfhosting as made me very privacy-consciouss and am concerned about my iphone.

Is there any way to host an android app in a web browser?

Ideally with docker, likely all of Android, not just an app, but running just an app would be amazing.

I never could get Nix working but maybe someone will

So I self host all my music via Plex and for some artists and albums Plex (via Plex pass I believe) pulls lyrics and can show you like Spotify etc but some artists are not supported/popular. I found a couple apps that 'worked' to download lyrics but the best one was this https://github.com/tranxuanthang/lrcget

Just thought I would share for others who would want to do the same I have a large library and adding lyrics was not hard at all and found most out of the gate. If you have other solutions I would love to hear about them maybe they are better lol

It adds the file as same name in same folder that song is located

Hello everyone!

My friend and I have each bought an optiplex server. Our goal is to selfhost a web app (static html) with redundancy. If my server goes down, his takes over and vice versa. I've looked into Docker Swarm, but each server has to be totally independent (each runs its own apps, with a few shared ones).

I can't find a solution that allows each server to take over and manage loadbalancing between the two. Ideally with traefik, because that's what we're currently using. To me the real issue is the DNS A record that point to only one IP :(

Hey everyone, wanderer recently celebrated it’s 10th anniversary. Well, as far as minor versions go at least.

First and foremost: What is wanderer? wanderer is a self-hosted GPS track database. You can upload your recorded GPS tracks or create new ones and add various metadata to build an easily searchable catalogue. Think of it as a fully FOSS alternative to sites like alltrails, komoot or strava.

Next: Thank you for almost 1.2k stars on GitHub. It’s a great motivation to see how well-received wanderer is.

By far the most requested feature since my last post was the possibility to track your acitivities. This is now possible on the new profile page which shows various statistics to help you gain better insights into your trailing/running/biking habits. Lists have also received a major upgrade allowing you easily bundle a multiday hike and share it with other users.

If you want to give wanderer a try without installing it you can try the demo. When you are ready to self-host it you can head over to wanderer.to to see the full documentation and installation guide. If you really like wanderer and would like to support its development directly you can buy me a coffee.

Thanks again! Cheers Flomp

Hey everyone, I've been self hosting a few things on a raspberry pi like board and wanted to upgrade to a mini PC. I got my hands on an old Intel NUC model D54250WYB but it had no memory or storage, not even an enclosure. I bought some RAM and a power supply but the SSD I was planning to use wasn't compatible (physically) and I didn't install it.

I tried powering it on but I only get a Standby LED when I plug it in. Pressing the power button doesn't do anything as far as I'm aware. There's supposed to be a second LED that turns on to show that the computer is ON. I have an Ubuntu installer USB that should work that I plugged in but nothing changes when I plug it in. Also, the board heats up when plugged in so I assume it's doing something?

I was planning on temporarily using an SD card or USB until I made sure the computer works so I don't spend money in vain.

My question is: Could it be that the missing internal storage is preventing the computer from booting? If not, could it be that something is shorted/doesn't work anymore? Has anyone had experience with this model? From what I found it was released in 2013 so it's relatively old now.

TLDR: Intel NUC without SSD storage but with only a usb won't boot. Is it the missing SSD fault?

Thanks in advance :)

Question: What do people in this community recommend for self-hosted instant messanger projects? I host a VOIP service for my nerd herd and due to recent events i'm attempting to migrate out groups chats off of the major platforms (Discord, Google chats, Slack, Etc.) as well.

There are a few notes that were requested/requirements.

• Self-hosted
• Supports images
• Has a decent mobile app
• Encrypted communication
• Expected load ~25 users.

I am doing my own digging but wanted to hear the communites opinions on some of the projects that came up in searches.

• IRC/XMPP - dosent really work for the request but is a classic, so I feel had to mention it.
• Rocket.Chat - seems like the best option so far, but I was having trouble finding current reviews, and its licensing is a bit much.
• Matrix also is close to checking all the boxes, but it wasnt clear how it works on mobile (Element seemed like the mobile app that was recommended).
• Revolt was high on the SEO results but most of the discussion around it was about drama with the maintainers (that is what prompted this post, i'm fishing for more current opinions).
• Zulip seemed similar to Rocket.Chat, but more expensive if we had to get a license.

I appreciate peoples opinions and recomendations on this topic.

I want to selfhost cloud drive and looking for what would be the best option. I originally used Nextcloud, but it has a lot of features not related to file hosting so I would be interested in something simpler. I found out about Cozy Cloud (https://cozy.io) but there is really little info about that. Has anyone used that and how does it compare to Nextcloud?

I saw this post and I was curious what was out there.

https://neuromatch.social/@jonny/113444325077647843

> Id like to put my lab servers to work archiving US federal data thats likely to get pulled - climate and biomed data seems mostly likely. The most obvious strategy to me seems like setting up mirror torrents on academictorrents. Anyone compiling a list of at-risk data yet?

In my server I currently have an Intel i7 9th gen CPU with integrated Intel video.

I don't use or need A.I. or LLM stuff, but we use jellyfin extensively in the family.

So far jellyfin worked always perfectly fine, but I could add (for free) an NVIDIA 2060 or a 1060. Would it be worth it?

And as power consumption, will the increase be noticeable? Should I do it or pass?

Not OP. This was posted to self hosted on reddit and might be useful to some.

Original post - https://www.reddit.com/r/selfhosted/comments/1glf06d/comment/lw1e4zd/

I want to start by saying I recognize that everyone's needs & priorities are different.

My wife and I both have iPhones, and i have a Pixel 7 Pro I use for work (and sometimes to compare the camera to the iPhones). All of our photos are currently backed up to iCloud (Apple One Premier - 2TB storage) and via Synology Photos. The Pixel has "unlimited" storage for photo backup w/ Google, and also backs up to the Synology. In general, I would like to get off of Google, but it's 99% work stuff that I wouldn't miss if it was lost.

There's a lot that I really like about Immich, but there are also some real pain points for me. I'm not going to comment on the discrepancies between the mobile vs. web interfaces as I expect them to be addressed as the product matures.

• The rapid development is both a blessing and a curse. I love that the team are really working through the roadmap. But sometimes it feels like new features arrive somewhat half-baked. The most common example being something is released working on just the web or mobile app. But the pace also creates extra work for me in that every release requires me to look for breaking changes and make appropriate fixes. I get it, it's beta software, and heavy development often requires this.
• If it mis-identifies a face, the mechanism for correcting that is pretty clunky. I have to first, say it's a different person, and then, if I don't care about tagging that face, I have to go to People to hide it. I don't really care about faces that it completely misses because I don't consider facial recognition as a "archive-grade" feature. We have tags/keywords for that.
• The tagging is both cool and clunky. I love the nested tags and the drill-down tags interface. I hate that I can only add a new tag from the tags admin page. Would also like to see auto-tagging, or suggested tags implemented.
• Image rotation is half-addressed at best. For one, I'm not sure why it only works on the mobile interface since the web interface has direct access to ImageMagick. I mainly see image orientation issues w/ raw files. To fix this, I have to edit it on mobile, save it to my phone's library and upload the newly created JPG, which shows up as a separate file w/ metadata that doesn't align w/ the original (like creation date). It's just a mess.

I started playing with PhotoPrism a little bit, and while it addresses many of my complaints w/ Immich, it also raises some of its own pain points.

• Probably the biggest issue I have with PhotoPrism is the lack of mobile apps. There are some out there, but the recommended app is a third-party WebDav app called PhotoSync. I tried it and wasn't overly impressed. At least, not enough to pay for it. This would be a dealbreaker except that I can simply use the Synology Photo backup, and have PhotoPrism mount those directories as its library ( can also do this with Immich's "External Library" feature).
• The metadata editing is comprehensive. In this one regard it is streets ahead of Immich. Seriously, you have so much more access to the photo metadata. Unfortunately, it's hampered by the limited batch capabilities.
• Batch editing isn't really batch editing. It's just editing a smaller subset of individual files one at a time. So when go to to the next or previous file, it the next or previous one in the selected subset.
• Keywords are supports, and new ones can be created on the fly. That said, nested keywords don't appear to work.
• There's also labels. Both are auto-suggested, and both can be manually edited. Labels are also accessible from the sidebar. No nested labels, either, but it does auto sort labels into broad categories. For example, "dog" and "cat" are placed into an "animals" category. You can switch between showing/hiding the broad categories. You can also have favorite labels.
• Image orientation/rotation is done right in the photo editing dialog. One more area where PP beats Immich.

I currently haven't decided which one I will keep. I could use either with the Synology Photo app to back up my phones. PhotoPrism's lack of mobile app is really bad, but the mobile web interface is fine for navigating the library. Immich is a more wholistic solution, but it's handling of some key organizational and editing functions is pretty glaring as well. I know Immich is the overwhelming favorite of most self-hosting communities, but I found PhotoPrism to be pretty compelling in its own right - especially the metadata editing capabilities.

ETA: I see lots of people talking about Immich’s facial detection. Out of curiosity, what are your detection settings? I’ve found it to be pretty good compared to Photo Prism’s, but not exactly game changing. My settings are:

• Model: antelopeV2
• Min Score: 0.2
• Max distance: 0.5 Min recognized faces: 1

I am planning on creating a home server with either 2 (RAID1) or 3 (RAID5) HDDs as bulk storage and 1 SSD as bcache.

The question is, what file system should I use for the HDDs? I am thinking of ext4 or xfs, as I heard btrfs is not recommended for my use case for some reason.

Do you all have some advice to give on what file system to use, as well as some other tips?

Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don't have to open any ports on my router for this to work, and I don't need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare's 100MG upload limit, but I can easily work around that, and it's not a limit I see myself hitting too often.

What's not clear to me is what I'm missing by not using Traefik or Caddy. Currently, the only thing I don't have in my setup is central authentication. I'm leaning towards Authentik for that, and I might look at putting it on a VPS, but that's the only thing I have planned. Other than that, almost everything's running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.

Hi there good folks! Trying to wrap my head around how this stack works. Previously I've been using NextDNS for this and it worked wonders. However, I've wanted to explore other options and have now gone with the Adguard+Unbound route on a RPI 4B.. This setup defo works, its blocking what I want blocked, but its created a new issue I've not had before. On my Graphene OS phone, as long as this setup is "active" (e.g. over Tailscale), all my notifications through various applications are getting delayed. Each notification come roughly 10 min late, if at all, or appear as soon as I open the corresponding app. I'm pretty sure this caused by either Adguard or Unbound but betting my money on Unbound - as I don't see any relevant DNS queries being blocked.

I am still a little unsure of what is causing this issue so if anyone would be able to enlighten me on how I could troubleshoot this issue I would be very grateful.

> Wrap-up

This release is most importantly here to fix to the annoying "Youtube API returned error 400" error that prevented all channel pages from loading.

If you're updating from the previous release, it provides no improvements on the ability to play videos. If updating from a commit in-between release, it removes the "Please sign in" error caused by a previous attempt at restoring video playback on large instances.