• 1 Post
  • 16 Comments
Joined 19 days ago
cake
Cake day: June 26th, 2026

help-circle
  • Immich is dead-easy to set up on its own. I’m a great fan and have been running it for >2 years now.

    That said, I don’t think it’ll work for you because:

    • I gather you have little experience in self-hosting services. Sure, one can learn all that, but if you’re becoming a parent soon, your priorities will be elsewhere (as they should).
    • self-hosting stuff isn’t a one-shot - it does come with maintenance costs. You need to keep your boxes up to date, swap out dead hardware, manage backups… You may not have time for that.
    • Running immich itself is relatively easy. But running it securely is a different can of worms. Immich is a young project, written by enthusiasts, but not vetted for security like professionally-deployed software is. Thus, it’s not advisable to expose it to the open internet. Since you want to share access to others, you’d have to setup Wireguard VPN tunnels for your relatives, which complicates matters.

    Obviously, I’m making a lot of assumptions about you. Whether these are true is up for you to decide.












  • Thank you! While that does allay most security concerns, it does beg the question how useful such a vulnerability tracker is if it doesn’t actually show any relevant vulnerabilies and you constantly have to second-guess what it says. Warning signs that aren’t actually warnings because it’s “just a false alarm” quickly teach personell to not take warnings seriously - unti, onel day, it’s not a false alarm…


  • Thanks for your detailed reply!

    To make that happen, the attacker must […] already have access to the server to upload and process the file, which means that security has already failed.

    Do I correctly assume that by axis you mean shell or even root level access? If not, any of my regular users (turned rogue…) could upload a poisoned raw file which nextcloud would process to, for instance, generate a thumbnail.