ngrok isn’t just for development.

That’s news to me lol. I’ve personally only used them for development so I can’t tell you how good they are for running production services.

I just looked at their pricing page and it looks like the Free and Hobbyist only include 1GB and 5GB of data, respectively. I’ve never actually measured my data usage because Cloudflare gives unlimited data, but I suspect that’s nowhere near enough for a photo sharing app like Immich.

You might be misunderstanding the value-add of a CDN to self-hosting, so here’s my attempt at explaining:

I’ve been self-hosting things for a very long time. In the old days, we would wrangle our routers to expose port 80 for HTTP (and later, port 443 for HTTPS) and forward those connections to the self-host server and then add the appropriate DNS records to point our website domain to our home IP address (which was its own fun challenge when ISPs refused to give static IP addresses for home plans). Relatively simple.

However, in recent years (especially after the pandemic) the internet has become a much more hostile place. People find vulnerabilities in your nginx/caddy/apache or whatever reverse proxy you use (or router, or any one of the many other parts of your network/software stack) gain access to your local network and your personal data. And then there are bad actors doing DDoS attacks or AI crawlers generating DDoS levels of incoming requests to overload your hardware.

All that combined means it’s very dangerous to have your home IP exposed to the internet (allowing any sort of inbound requests) at all.

So, how do we access our self-hosted stuff while we’re outside of home? The safest approach is to use a VPN. Tailscale is the most popular one that I’ve come across. Only client devices that are connected to the VPN have access to your stuff. Random bad actors can’t poke your self-hosted stack for vulnerabilities.

Okay, what if you want to share something with people publicly? I for one, use Immich for my photo libraries and it’s very easy to be able to share a link to an album for friends and extended family to access without having to install and configure a VPN on their phones.

That is where cloudflare comes in. We can run cloudflared on our machine, which makes an outbound request to cloudflare and creates a tunnel to route all the incoming requests from their servers to your reverse proxy. Your network is still not exposed to the internet, and the edge nodes (the machines that actually front the incoming traffic from the clients) are not owned by you.

Now, I guess it’s feasible to rent a VPS on DigitalOcean/OVH/Azure/AWS and run a Tailscale exit node there to achieve a similar result. I haven’t looked too deeply into Pangolin but it looks kind of similar. Now you’re adding extra work to keep those configured correctly (and up-to-date), is less secure because you’re not doing that full time (unlike the engineers at cloudflare) and you’re still dependent on that VPS provider to not go down, so the disaster recovery profile hasn’t changed all that much.

That’s why there’s no self-hosted alternatives to a CDN. I guess you can go with their competitors like Fastly/Akamai/etc, but all of them are considerably more expensive. And even the ones that do have free tiers have data limits or bill per gigabyte. That’s an extra headache to worry about for that one month your mother decides to take 1000 videos of your son during the family vacation and her phone automatically backed up all of them at full-quality.

Might I suggest Bitwarden.

It’s open source, syncs across every platform I know of, and supports passkeys.

Yep. Tailscale uses wireguard under the hood so that setup sounds exactly the same.

The Cloudflare tunnel is free. They don’t seem to have a traffic cap either. They’ll charge you if you want to use a non apex domain (e.g. subdomain) or if you need their more advanced bot detection/defense products. But a basic/standard setup like what us self hosters have is free.

Yes, and yes.

Their Android app feels like an exact clone of the Google Photos Android app.

To access it remotely, you can use Tailscale like someone else mentioned. But you need to have Tailscale installed on everyone’s phones.

You can also use a Cloudflare Tunnel to allow it to be accessed over the Internet without exposing anything from your home network directly to the Internet.

The latter is useful when I want to share a secret link to a photo album after hanging out with people so everybody can upload the photos they took to one place (something I used to do a lot with Google Photos)

Does everything Google photos does. Their app looks/feels exactly Google’s app, including sharing links. Assuming you’re running it on reasonably powerful hardware, it does all the same face recognition and ML based search that Google photos does.

TBH, I’ve never used any of those features. I just used it locally and plugged it into home assistant.

But I just reinstalled their app and can confirm I can watch the feed and get push notifications without a cloud account. Haven’t tried email tho

Obligatory

https://reolink.com/

Oh wow their front page doesn’t mention at all that their products run locally and don’t require subscriptions.

It doesn’t seem like a very “walled” garden if they were able to migrate all their data including issues and comments

Nah CEOs will mandate RTO for workers while they themselves stay remote.

Ka…booom!

Because chrome doesn’t make any money

As someone who’s currently wrangling with so much C++ specific issues to try and make just one bloody contribution to KDE, this comment hits too close to home.

Some stores require you to use the app for order pickup.

Sounds like a store to avoid like the plague.

You have a link handy?

So, before the invention of the camera, the most valuable and most popular creative skill was replicating people on canvas as realistically as possible. Yes, we remember famous exceptions like Picasso, but by sheer number of paintings the most common were portraits of rich people.

After the cameras took that job away, prevailing art changed to become more abstract and “creative”. But that still pissed off a lot of people that had spent a very long time honing a skill that was now no longer in demand.

What we’re seeing is a similar shift. I think future generations of artists will value color theory, composition, etc. over specific brush stroke techniques. AI will make art much more accessible once enough time has passed for AI assisted art to be considered art. Make no mistake: it will always be people that actually create the art - AI will just reduce/remove the grunt work so they can focus more on creativity.

Now, whether billion dollar corporations deserve to exploit the labor of millions of people is a whole separate conversation, but tl;dr: they don’t, but they’re going to anyway because there is little to stop them in correct economic/governance models.

False.

I work for Microsoft and I can assure you that any effort I make to increase code quality or reduce jank (or pretty much anything other than shoving more AI in our products) will not positively impact my bonus next year.

It’s unfortunate, but AI image generators will make exactly what you want, royalty free.

A better comparison would be an iPhone. Apple has locked that down so much that it’s impossible to install something like CrowdStrike falcon, thus it’s not possible for something like this to happen.

Microsoft is saying if the EU would let them, they too could lock down their platform enough to prevent this from happening.

However, I would prefer to maintain control over my device and do what I want with it, instead of just what Apple/Microsoft want; even if that means I might break my device.

You could absolutely install software on Windows 3.5 that would crash the system.