Why self sign? Use Let’s Encrypt, its free and works just great. That’s what I do
Comment on Fighting with immich
bravesilvernest@lemmy.ml 1 year ago
I’ve been using it for about a month, and love it.
My one complaint: self-signed certs on reverse proxies seem to break the android app backup. I’m not sure why, but internal CA seems to make things angry. Its more likely to be a local setup issue than anything in immich, but frustrating to pin down.
Shimitar@feddit.it 1 year ago
bravesilvernest@lemmy.ml 1 year ago
All the traffic is internal, so I can get away with it 🙃
Really was just interested in what cert generation entailed and did a fun little dive a few years back.
conrad82@lemmy.world 1 year ago
I also have internal only traffic, but I still use let’s encrypt. I self signed for a couple of years, but switching to proper certificates made things much simpler and better. Especially on mobile. I use a combination of my own domain and caddy. and duckdns, since my domain registrar does not have an api caddy can use, but I can point my domain to my duckdns domain and it works 👍
bravesilvernest@lemmy.ml 1 year ago
I’m the bad guy that installed my CA where needed lol but nice!
Shimitar@feddit.it 1 year ago
Self signed certs needs to be allowed explicitly. If the app didn’t took those into consideration then there is not much you can do.
Another point against immich I guess if you need self signed.
I will try to support immich actively in the future, even if my free time is really small nowadays.
bravesilvernest@lemmy.ml 1 year ago
My current backup strategy is BTSync, which while super easy to get going is a pain in the ass to look up old images. Using direct IP on the app works perfectly, and the DNS lookup only works internally anyways.
All that to say that I’m probably going to use it and remove the btsync approach in a couple months.
manos_de_papel@lemmy.ml 1 year ago
Android hates self signed certs, unless you generate the correct cert type then install the cert to android’s root CA trust.
I’ve tried this many times and it has never worked for me :( I can never generate a proper cert.
I’d love a pointer to a tutorial that works.