Selfhosted

60210 readers

947 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Immich bridge to google photos shared albums (piefed.social)

submitted 3 hours ago by anytimesoon@piefed.social to c/selfhosted@lemmy.world

13 comments fedilink hide all child comments

Does anyone know if it's possible to achieve this? Possibly with an external service that syncs the two?

Basically, the last feature immich can't do that google does is to share albums. Sometimes my family wants to have albums after events, and my ones live in a silo.

you are viewing a single comment's thread
view the rest of the comments

[–] AzuraTheSpellkissed@lemmy.blahaj.zone 5 points 2 hours ago (1 children)

Using a reverse proxy / ingress, you can configure only share links to be publicly available, while keeping the rest of immich exclusive to your private-network. Optionally combine with something like Cloudflare Tunnel if you're worried about leaking your server's IP.

[–] Pika@sh.itjust.works 1 points 1 hour ago* (last edited 1 minute ago)

~~this right here. If you have immich setup behind a reverse proxy, just route any requests that use the /share/ and /s/ (the custom link version) on the proxy manager to route to the immich instance, and have it 403 on anything else when the request is not via the vpn~~

~~Just be aware that immich uses links like share-* as well so be sure to have that trailing / to make it so only shared links and albums can be.~~

~~edit: Actually looking into this route further, it looks like immich as a whole needs more than just the /share/ and the /s/ endpoints exposed to function correctly. I will update this in a little when i figured out more on what is actually needed~~

update: So it seems immich will not support this style setup without quite a bit of hands on. You need to give at minimum /share/, /s/, /_app/ and /api/ in order to actually go this route. and at that point since you've given /api/ you've essentially publicly opened the instance anyway. While you can go through and individually do each endpoint. It requires access to /api/albums /api/thumbnails and a few other endpoints that while are under auth requirement for

for anyone wanting to still go through with it. You can reverse proxy it by allowing the endpoints

api/
- server/
  - config: shows basic infomation about the server
  - media-types: shows what media types the server supports
  - features: discloses what features the server supports
- shared-links/me: 401, 403's or shows what links the user account can sign into
- albums/: 403's on any album endpoint that doesn't also include the album's public slug in the URL
- timeline/
  - buckets: displays timeline buckets. 401 or 403's on no auth
  - bucket/: displays timeline info on the requested resource. 401 or 403's on info unless info is provided about what its trying to access
- assets/: 401 or 403's on any request that doesn't contain a public slug in the url

The nginx location regex I used for my testing(although not very read friendly) was

location ~ /(api/(server/(config|media-types|features)|shared-links/me|albums/|timeline/(bucket|buckets)|assets/)|(share|s)|_app/){
  proxy_pass *immich instance*;
}

note: this was found just by basic testing using NPM on my environment, I may have missed some more specific calls regarding videos as I don't really do any video photography to allow for testing.