Lets say burglars break in and steal your homelab. Because you don't have e2ee, they can see all the photos you saved of your dead grandmother! Oh no!
Or, in the more likely scenario that something happens to your phone, the lack of e2ee means that even if you lost your keys you didn't lose the only memories that remain of your grandma - you just copy across the .jpgs to a new device.
I also imagine that a true E2EE architecture means you have more flexibility with cloud storage, managed hosting, and off-site backups.
It's cool they keep the server open and selfhostable instead of only open clients like many e2ee projects do.
I like how you can share an album and anyone can contribute to it without an account. Another cool feature is that you can select photos to lock when you hand your phone to somebody so they can only see the ones you selected without your device unlock.
Ente Auth and Locker both seem like limited feature subsets of solutions like 1Password.
"Ente Photos is a paid service, but we offer 10GB of free storage. You can also >>clone this repository and choose to self-host<<."
So both forms...
They really are pretty much just what they appear to be. Im a fan.
If you set the pref to keep originals locally, they're all on your drive, in original form, as well as the derived versions including caches of raw to jpeg, resolutions, and edited versions.
That said, Apple Photos does let you export even if only in cloud. Open the library, select all, and File > Export ... > Export Unmodified Originals.
It pauses for a second or two on my quarter million images, but is then happy to comply.
I have all of my photos organized like this: `events -> year/month - holiday -> (album_1, ...)`. and: `home town -> year -> (album_1, ...)`. Photos will be in multiple albums, and there will be edits as well. And I need to track the picked/rejected state as well (and filter on it).
Only reason I haven't moved over to Immich yet is because I am struggling to map my photo organization onto it's way of doing things in a way that's nice. So far my attempts have been unwieldy.
But the way I do access Immich externally is not with Tailscale directly on my phone but involves exposing a caddy instance, running on a $1 VPS, to the internet.
If requests include a specific very long header (which I randomly made up), it then forwards those requests to my real Immich instance, which runs on my NAS. Headers can be configured within the mobile app. It has worked really well for me so far.
I just want to be able to organize my folders outside of some dumb library system and immich at the time fought that as well.
You say this as if it wasn’t Immich itself that backed up the database automatically next to your image files.
I think they’re one of the best self-hosted services when it comes to backup/restore — enabling it by default — and when it comes to migrations — no breaking changes in minor versions after 1.0.
Did you report this issue so I could try and reproduce it?
I ended up doing that manually, but it's great to see that is now a first class citizen in 3.0.0. I love Immich.
I know they were working on it, but haven't kept up, I just want to know if it works better now and I should try again.
I imagine Immich must work somewhat similarly if not identically.
It takes a long time to do this, makes your phone hot, and you need to force your phone to stay awake for it if you want it to get done quickly, but it works.
Background upload without the “keep your phone awake overnight” method works as well, but that’s more practical for when your library is caught up. The initial import is what’s more intensive.
I could have done a data download from Apple but essentially leaving the Ente app open and choosing my albums to back up was a “set it and forget it” process.
I've downloaded all the chunks once, only to find them corrupted due to... Their 50gb size and using a browser in theory. One also cannot seem to use wget or alternatives because of the auth / session cookies required via Google takeout.
I've yet to even broach the aspect of importing each giant bundle into immich because I've not had success in even grabbing the takeout files correctly, but would LOVE pointers on the best way of importing the roughly 700gb into the database without it ALL going wrong.
I've had great success with immich running in docker for the past year or so, although I have yet to upgrade to the newest version. Google photos backups have been disabled on my phone for a year or so, but I yet to haul in all of the past years.
Also, anyone know if I can get immich to upload the photos without... Running immich once in a while? Would be great if it just automatically sent them to "my cloud".
Great software.
In my setup, I exclusively use the external libraries feature, pointed at a read-only share from my NAS mounted onto my Immich server. (The external libraries are set to resynchronize to the database every few hours). This means I can manage all my media assets myself without worrying about Immich accidentally corrupting them, and if I eventually move off Immich, I just have a single folder of media files organized by date to port around.
The only downside is that I don't directly upload any media files directly to Immich, but that's okay. I have Syncopoli sync files from my phones (on a scheduled cadence) to an intermediary server which organizes and cleans exif data from media files before dropping it into its permanent home on my NAS share. No manual steps to get photos from my phone to my Immich instance!
Not really applicable if what you have is a google takeout dump. Better in that case to import all the photos and let immich handle them moving forward using a tool like https://github.com/simulot/immich-go
I had ~200GiB. I selected below 10k files at a time to upload in the web UI (selected all 2014, then 2015). It was fine. More than that many and the UI became unusable.
External Libraries seem like a good option.
They have also recently improved the background import in the Android app so I have heard so that might be worth a try.
It got to where I had 20% of my space was just thumbnails for each user, even though it was one set of images in the external storage.
Maybe that's changed recently.
Unfortunately Immich is not end-to-end encrypted. If that would have be the case i'd use https://pixelunion.eu/
Seems like a great app though. So... i'm still pondering what to do :-)
It they don’t consider that e2e encrypted, literally nothing is then…
You can also just use a secure transport layer (like WireGuard or a VPN) instead of relying on every project to implement end-to-end encryption.
- Upgrade breaks things. Need to restore from DB, install previous version, etc.
- Need to update frequently (i.e. if I wait 2 years, the upgrade script doesn't work).
- Discovering a corruption months/years later. Some data just lost by that point.
- Backward incompatible changes
Of course, if you need the features, by all means use it. I just want to back up my photos and use FolderSync daily. I have a separate workflow for pruning. As long as FolderSync (or some similar app) exists, I know this flow will work 10 years from now (heck, I've been using it for almost as long). No time spent worrying about upgrading, etc.
Alternate title: "Outdated lessons I haven't re-evaluated"
Are you saying there's no need to back up the underlying DB?
Are you saying I can keep an insurance running for, say, three years and it'll be trivial to upgrade after that?
That sad, I'm glad you asked. I've run Immich in docker for 3 years with automatic updates through watchtower. Updates are frequent but require no effort from me and have never broken anything, nor is there an "update script" to fail. Nor have I encountered "corruption" at any point. I do back up the database and my photo library.
I'm glad you're happy with your solution, you can share it without disparaging other solutions you're unfamiliar with.
Isn't system administration a solved problem now with LLMs? At least for these simple problem domains?
For self-hosting, “S3” usually just means “S3-compatible.” Although maybe that’s exactly what you meant.
Edit: regarding cloud based backup, besides the usual privacy and security concerns, you can’t guarantee the fixed price, you might subscribe now and pay for a year, next year you have the typical “oops, operation cost are high we have to raise the prices or shutdown” blog post and now you’re stuck again, download, find another, upload, etc.
That's the objective answer. There's no mystery here. That's exactly how you get what you want and it's not too hard. Not trying to dunk on you or anyone one but this is an easily solved problem, and I think I want to highlight it like this to make sure everyone understands.
Anything web/internet/network service thing, you can add this on. This composability is important to remember in software, this even goes back to "The Unix Way" type stuff.