Why self sign? Use Let’s Encrypt, its free and works just great. That’s what I do
Comment on Fighting with immich
bravesilvernest@lemmy.ml 9 months ago
I’ve been using it for about a month, and love it.
My one complaint: self-signed certs on reverse proxies seem to break the android app backup. I’m not sure why, but internal CA seems to make things angry. Its more likely to be a local setup issue than anything in immich, but frustrating to pin down.
Shimitar@feddit.it 9 months ago
bravesilvernest@lemmy.ml 9 months ago
All the traffic is internal, so I can get away with it 🙃
Really was just interested in what cert generation entailed and did a fun little dive a few years back.
conrad82@lemmy.world 9 months ago
I also have internal only traffic, but I still use let’s encrypt. I self signed for a couple of years, but switching to proper certificates made things much simpler and better. Especially on mobile. I use a combination of my own domain and caddy. and duckdns, since my domain registrar does not have an api caddy can use, but I can point my domain to my duckdns domain and it works 👍
bravesilvernest@lemmy.ml 9 months ago
I’m the bad guy that installed my CA where needed lol but nice!
Shimitar@feddit.it 9 months ago
Self signed certs needs to be allowed explicitly. If the app didn’t took those into consideration then there is not much you can do.
Another point against immich I guess if you need self signed.
I will try to support immich actively in the future, even if my free time is really small nowadays.
bravesilvernest@lemmy.ml 9 months ago
My current backup strategy is BTSync, which while super easy to get going is a pain in the ass to look up old images. Using direct IP on the app works perfectly, and the DNS lookup only works internally anyways.
All that to say that I’m probably going to use it and remove the btsync approach in a couple months.
manos_de_papel@lemmy.ml 9 months ago
Android hates self signed certs, unless you generate the correct cert type then install the cert to android’s root CA trust.
I’ve tried this many times and it has never worked for me :( I can never generate a proper cert.
I’d love a pointer to a tutorial that works.