A brief internet search shows that surprisingly, hosting Jellyfin on OpenWRT should work…

I still find it hilarious that since dd-wrt and OpenWrt are just… Linux, you could install Super Mario Bros on there. I checked, nobody seems to have tried.

I’ve never used tailscale, I’m afraid. Normally I would say: just use whatever seems easier to set up on your device/network; however, note that tailscale needs a “coordinate server”. No actual traffic ever goes through it, it just facilitates key exchanges and the like (from what I understand), but regardless, it’s a server outside your control which is involved in some way. You can selfhost this server, but that is additional work, of course…

Ah, that make sense. Is Wireguard P2P?

Glad I could help, after being so unhelpful yesterday :)

Don’t beat yourself up, you were fine. Because I’m big on privacy, when I ask for help I have a bad habit of leaving out the “why” behind my choices, so it’s understandable that people weren’t happy with what I needed.

Eh… Marriage is not really common in either of our families. We agreed to go sign the papers if there ever is a tax reason, lol. Sorry if that’s a bit unromantic :D Nice rings though ^^

I need to go make a petition to raise taxes then! /s

You both are perfect for each other, so don’t screw it up!

Hi again.

Hi there!

Set up ProtonVPN on the raspberry pi.

I’m actually surprised nobody suggested simply using the Pi with OpenWrt as my own router. Though, that would make it hard to host Jellyfin.

Nots that this requires you trusting the pi to the same degree that you trust your phone.

For the most part, I trust the security of my Pi. I can hold it in my hand and see every line of code, after all!

Devices which you take with you, like your phone, unfortunately will loose internet connectivity when you leave your home until you switch off Wireguard, and switch on Proton, and not be able to connect to Jellyfin when you return home, until you switch them back.

I plan to post a tutorial about how to securely host Jellyfin. Another user gave a solution to this problem that I absolutely love, and I’ll showcase it there. I don’t want to spoil it :)

Could you explain Wireguard vs. Tailscale in this scenario?

Thank you all so much for your help! This is likely the solution I will go with, combined with another one, so again thank you so much!

P.S. I don’t care if you wrap an ethernet cord around her finger, get going!

I’m interested in you and your girlfriend’s thoughts on my new post about this issue.

P.S. She’s a keeper. Marry her already!

You want to use it only locally (on your home), but it can’t be a local-only instance.

By “local-only” I meant on-device

You want to e2ee everything, but fail to mention why.

Privacy and security.

There is no reason to do that on your own network.

Networks are not a trusted party in any capacity.

I do not know why you want to use a VPN and what you want to do with it. Where do you want to connect to?

A VPN such as ProtonVPN or Mullvad VPN are used to displace trust from your ISP into your VPN provider and obscure your IP address while web browsing (among other benefits that I don’t utilize).

What is the attack vector you’re worried about? Are there malicious entities on your network?

These are good questions but not ones I can answer briefly.

I used GNOME Disks to modify /etc/crypttab and /etc/fstab to auto decrypt and auto mount on boot. Jellyfin still loses its access each time I restart, even though the jellyfin group still displays having access to the files.

Edit: Turns out it does have access, but it’s no longer under the /media/username directory. I have to point Jellyfin to /mnt/UUID instead. This fixed it!

And you don’t share your photos with family, friends, or the public? Or is your sharing solution to spam people with MMS text messages?

If I need to quickly show somebody a photo, I’ll physically show them by pulling it up on my phone. If I need to send photos to someone, I’ll send them using a preferred messenger such as Signal. It allows you to send up to 32 images in a single message. If I need to send images to multiple people, I can send it in a group text or select multiple people to send them to at the same time.

No, I don’t. If Immich provides a feature your phone doesn’t, then it’s not a good example of something that doesn’t need to be self-hosted.

The point is that everything Immich offers is something that could be run entirely on-device. While AI image tagging isn’t currently available for alternatives, I’m upset that Immich requires a server instead of making it optional and letting you do image tagging on-device.

I’m interested in other examples you have; it sounds as if many self-host solutions perplex you, beyond Immich - what are they?

What I missed in my initial post was availability across devices. So, something like Vaultwarden would have been useless by my criteria. I have two independent KeePass databases. One exclusively for desktop accounts and one exclusively for mobile accounts. I want to compartmentalize those, so I have no reason to selfhost Vaultwarden. As I’ve learned, Vaultwarden and other software is useful because of availability across devices.

I agree with this comment, it has very good points.

You device has to do all the processing which would lead to lower battery life.

The way iOS does it is it will only process it when your phone is plugged in and idle (e.g. when you’re asleep at night).

I found this article explaining some of the benefits. Let me know if I’m wrong, I’m always open to learning!

Thanks reasonable! That does make me realize how different my workflow is. My philosophy is compartmentalizing everything. What I do on my phone stays on my phone. What I do on my desktop stays on my desktop. What I do on my laptop stays on my laptop. I’ve never really had the need for anything more until now. Then again, I’ve also never had the resources to selfhost until now.

Is that automated?

If I left the USB stick plugged in constantly, but then it wouldn’t be very useful I guess.

I’ve only recently started selfhosting on my own, so I am still quite new.

Nevertheless, you might like the idea of local-first software which is kind of a hybrid between local only software, and self-hosting (or cloud hosting).

I’ll check it out, thank you!

Both. If your hardware isn’t designed like a server to run 24/7 it can be unhealthy for it, especially if it isn’t properly maintained. It can cause wear to it. As far as the OS, restarting is good to clear caches, fully install some software, and keep the system sanitary overall.

Can I do this with NextCloud or on my phone without killing the battery?

I suppose not. That’s a fair point. Although I will mention, if your camera supports it, location metadata can be embedded automatically. Aves and many other gallery apps support viewing photos with location data on the map.

That’s a fair point, and I don’t suppose Nextcloud or Syncthing would be quite as useful or as designed for photos. Thank you for helping me understand!

I’ve made a point not to perpetually leave my home computer on simply because frequent restarts are healthy for it. Another reason is compartmentalization. I would want to keep my selfhosted server separate from where I game or browse the internet, if at least to keep it more secure.

I mentioned in the edit: I’m not asking why things should be selfhosted instead of run on a cloud provider, I’m asking why things are selfhosted on a server that could be run entirely on-device. The latter I argue provides more privacy and less cost. Again, there are some cases as I mentioned in the post where selfhosting on a server is useful (storage or processing power), but I keep seeing a lot of server-based selfhosting that could instead be run on the device itself.

and allows us to share them publicly with others using explicit links.

That’s something I hadn’t considered. I’m somewhat used to everything being completely local, no exceptions. It’s why I started selfhosting so late, I never saw much of a point to it. I also don’t feel completely comfortable opening any part of my home internet to the public, but I’m sure there’s safe ways of going about it.

Another bias of mine is having a lot of compartmentalization. For example, none of my desktop account credentials are stored on my phone’s password manager, and vice versa. If one device is compromised, I want to isolate the risk as much as I can. That also means that if I were to ever set up a movie library, for example, I would want to keep those isolated per-device as well.

Backups are a bit of a special case. You can either selfhost an automatic cloud backup, or use something simple like a USB stick you manually backup to. Besides that, though, I would argue you maintain more control over software that doesn’t rely on an external device to begin with. I gave examples, such as Aves, Joplin, or Feeder. If those are on my phone only (and properly backed up), I maintain full control knowing that I don’t need to rely on my own server at home to manage the data that I have in my pocket.

This has helped me see some new benefits of selfhosting, though. I’ve spent my whole life without a SIM card, so it isn’t always easy finding a network (especially a trustworthy one) to connect to on the go to connect to my server with. Even in the moments I could connect to a network, they had heavy censorship (blocked VPNs and certain IP addresses). That’s why I like having everything on-device.

I use Immich because I have multiple devices and multiple people uploading photos to it , so we can all organize together.

Would something like Syncthing work for this instead?

That’s a good point, and I agree. I still wish Immich could function as an on-device photo app, with selfhosted backups being optional.

Sure, and I agree backups are important. I still don’t like that Immich requires another server to function in the first place. It would be difficult to recommend Immich as a gallery app to someone who doesn’t have experience in selfhosting. I personally backup my phone to my own USB stick every few days or so, that way if my phone is ever lost or stolen I still have a backup without the need for a server.

If every app had their own selfhosted backup solution, it wouldn’t be very convenient. I’d think it better to run Nextcloud to back everything up than to deal with setting each backup solution up individually. Is there a major benefit to Immich that I’m missing?