Duplicati

Just use the Synology NAS as NFS share. Mount the NFS share on your server with 256GB RAM and use it as bind volume mounts for immich.

Otherwise, run immich in the server only ans properly backup all volumes to the Synology NAS regularly. Use a backup solution that notifies you if something bricks.

• get yourself a dashboard. I recommend homepage
• get yourself a video conferencing platform. I recommend mirotalk
• get yourself a type writing web app to improve your typing speed and challenge other people. I recommend monkeytype
• get yourself a family tree and manage all your family members. I recommend gramps web
• get yourself a drawing platform. I recommend excalidraw
• get yourself a recipe platform. I recommend mealie
• get yourself a photo backup solution alike to Google photos. I recommend immich
• get yourself a git repo manager. I recommend gitea
• get yourself a VPN. I recommend wg-easy
• get yourself a platform for IoT management. I recommend home assistant
• get yourself a pw manager. I recommend vaultwarden

You can find many more examples in my public repo with many compose examples:

https://github.com/Haxxnet/Compose-Examples

Tor exit node. Too much legal stuff.

Various options:

• Raspberry Pi. However, although it can handle a lot of selfhosted stuff, some things won't be fast. Especially wazuh or nextcloud may be problematic. Also you are limited by ARM architecture and the price is not that beneficial anymore
• Some small form factor (SFF) servers from eBay. Something like Lenovo ThinkCell Tiny or Dell Optiplex Micro. As you will have a second NAS for storage, it will be fine that you can only put 1 HDD/SSD into those models
• A NUC from Minisforum. More pricey but new and plenty of power. Runs with 10W idle. I rock the HM90 EliteMini with 2 SSDs and one onboard NVME for proxmox as hypervisor OS.

Ensure to choose wisely. Especially regarding power consumption and hardware encoding capabilities (Looping at you jellyfin).

Otherwise, some summarized infos here:

https://blog.lrvt.de/homelab-server-recommendation/

BTW: I do not recommend running a Tor exit node.

• completely recreate your compose stack
• clear cache on all clients
• ensure that you properly followed the breaking changes of immich. There is no immich-web and immich-proxy anymore. The immich-server is solely handling the web app requests and api stuff.

Otherwise, with no logs or real details there is nothing I can help with. Maybe start by telling us your compose file and used reverse proxy + error logs.

I have a compose example of the older mealie. May have a try:

https://github.com/Haxxnet/Compose-Examples/blob/main/examples/mealie/docker-compose.yml

Immich - Google photo alternative.

You can freely select photos into an album and then invite users to the album. All your photos remain to your user account and sharing happens via manually created albums. Want to leave one specific picture out? Sure, just do not add it to the shared album.

Proxmox > Ubuntu VM > Docker

I bind mount my NAS via /etc/fstab and store all docker bind volumes there. Essy like that.

Same. Then I just tried and documented the process:

https://blog.lrvt.de/authentik-traefik-azure-ad/

Nice thanks!

True, it does.

However, the mobile does not work with it properly or? Just the web app.

From what I understand, those services would allow to only allow Traefik to redirect the user to the appropriate service if correctly authenticated, is that correct?

Exactly. In Traefik, this is often called a forwardAuth middleware. Only if you are authenticated against Authelia/Authentik, Traefik will obtain the go to proxy the user request to the actual proxy service.

Also, using either Authentik or Authelia, user can use SSO to register/login ? How can I control who can register?

Yes but it depends on the proxied application. Some do not support OAuth/OIDC/SAML and whatever. Then, you have to authenticate against Authelia/Authentik and a second time at the service via username and password usually. Some apps however support it. Then you can setup the app and Authelia/Authentik for SSO. If done, only a single login against Authelia/Authentik is required and you'll be automatically logged into the app. No second login necessary. Authelia/Authentik will handle it. Whether a user can register or not depends on the app and how it is setup. Portainer e.g. can allow SSO user registering but also deny it. If denied, you'd have to create the users first manually in Portainer with the same email address as in Authentik. Then the user can login.

For instance I use immich to backup my pictures, so in the immich mobile app server settings I have : immich.mydomain.com, how would that works out if I use either Authentik or Authelia?

Unfortunately, Immich does not support OAuth/OIDC/SAML yet. Therefore, you are left with authenticating against Authelia/Authentik and then as well against immich via your user credentials. As correctly assumed, this requires a web browser to obtain the Authelia/Authentik login screen. For the immich mobile app, this is not possible.

There is some discussion on GitHub here about this topic:

https://github.com/immich-app/immich/discussions/3118

I've also implemented Authentik with Traefik. May read here:

https://blog.lrvt.de/authentik-traefik-azure-ad/

What about Bitwarden Unified for selfhosters?

Maybe Plane or YouTrack

Usually, when using macvlan, the ports should not conflict as the container obtains a new, separate IP address. What happens if you use bridge networt and manually map the port 80 and 443 port to a random one on your synology like 8888 and 9999?

• conflicting ports? Do you already use the mapped ports?
• Macvlan prevents communication from the docker host to the macvlan IP and vice versa. Depending on how and from where you access the macvlan IP, it might not work natively.
• Is NPM starting correctly? No errors in the container logs?