• 0 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: February 9th, 2025

help-circle



  • I use a Pangolin reverse proxy with OIDC (PocketID) for family access to services, along with CrowdSec. For the Immich app access which needs to bypass auth login through the reverse proxy, I use ‘link share’ in Pangolin that gives me header tokens that can be entered in to the Immich app under Advanced settings.

    I’ve been an Immich user for over 2 years now, so it’s been a journey for me to implement it to this standard.

    Or as someone else suggests, try CloudFlare with something like Google Auth login. Just be aware that you are then exposing all your traffic to Cloudflare. I take that as a small sacrifice for simplicity.





  • Take from this anything of use to you: I syncthing my important Unraid server stuff to a MacBook running Backblaze with a 14TB external drive. DNS is handled by NextDNS in the cloud anyway, so it’s just Immich and other random family oriented services for me. I use Pangolin for exposed services.

    You could use syncthing (or Resilio) over a tailscale or headscale network or whateveritispeopleuse to a remote PC.

    My Docker compose files and VMs are backed up once a week via plugins on Unraid, which of course get duped via syncthing to the MacBook.

    I did try a Hetzner Storage Box for a while to replace Backblaze, but the hassle of having to keep an eye on the syncing was a pain and I fell back in to Backblaze on the MacBook as it’s a set and forget (as long as they don’t change the filetypes ignored…). I may go back to a Storage Box again.

    I do also want to look into redundancy with a spare server though so it becomes quicker/easier to get it all up and running in event of failure. This is where selfhosting starts getting serious!

    Just chucking this out there to help with the fediverse.



  • Hi mxdcodes. I have been using your app for the past month in a sort of testing phase with Darawich. I have used GPS Logger and Reitti since October last year, which is still running, but Colota offers a lot more exciting possibilities of data collection and so I’ll probably switch across pretty soon. I got hit by the bug a while back of it stopping once entering a geofence, but I saw that got fixed promptly so thanks for all of this.

    I love all that you and others who code for the (wider) selfhosted community offer, so let me say that for every person criticizing your app and all the effort you have put in, there are hopefully 1000x more of us who are truly grateful for what you and others do. I find it odd that people who are concerned about having their location history hacked by someone are actually wanting to record their location history in the first place. Seems the obvious answer is to… not track your location history with ANY app.

    Keep up the good work!


  • Good to hear!

    However I may have spoken too soon with Colota… it stopped registering my location after a first trip, and wouldn’t restart tracking until I restarted my phone (GrapheneOS Pixel 9). I need to look at the logs and maybe raise an issue.

    Dawarich has had some great updates in the past few weeks, and I’m hoping Colota + Dawarich is my future family tracker system as they both have a very nice feel to them.

    GPS Logger + Reitti is my background system atm while I mess with Colota & Dawarich.


  • I’ve been using Colota this weekend sending data to a Dawarich server. I like that you can filter out inaccurate GPS readings by setting an accuracy threshold, so this removes any false points that I tend to get with other location apps.

    I’ve tried GPS Logger for Reitti, and the new Android Dawarich app, but so far, Colota seems the best (early days). It has the nicest ui as well.

    In terms of what to enter, you need to find out what HA requires for the URL to receive data, then set that in the Colota app. Colota will just store the location data until you set a remote end for it to connect to.



  • I do this currently. I have a Hetzner VPS with Pangolin, giving access to family services like Immich etc, and my own nerdy services I keep locked to my home IP, and if I’m away from home, I tunnel in with Wireguard and hence then the home IP kicks in and they work.

    You can issue traefik IP rules with Pangolin as well to limit what IPs can access services.

    I have Pangolin and all family services behind Pocket ID with passkey only auth.

    The VPS I protect with Hetzner’s firewall, so only SSH is allowed from my home IP.

    The whole setup is as secure as I can make it. My family would just roll their eyes at any VPN I asked them to use, so it has to be publicly accessible for some things annoyingly.

    I also have private services coming direct to my home firewall away from the VPS (for speed efficiency), and for truly public services (websites), I have those tunneled through a Cloudflare tunnel that can handle Google Auth for WordPress login pages etc.

    It made me uncomfortable to start with using the VPS, but in time, confidence grows.


  • Moved all my Unraid ‘apps’ to Dockhand, and linked my Pangolin VPS with the Hawser agent. I had Dockge for a while on newer container deployments, but wanted something a bit more playful, Dockhand is it.

    I degoogled my GMail last year to Infomaniak, which was OK, but moved to Fastmail last week, which I now love! Setting the custom domain pulled in the sites favicon for the Fastmail account header, which made me smile too much for such a simple thing. Think I’ll be on Fastmail for the future. (Background syncing with the new Bichon email archiver).




  • 2024 was the year I got more serious with self hosting and migrating away from the cloud offered by Google etc. But 2025 was the year I pushed to run all my own services and get the family on board as well; trying to educate my kids with running our own services (the wife is so not interested!).

    There were some really cool projects released last year and some oddly well-timed ones as I was looking for various services, and Jotty was one of those!

    Thanks so much for you work and rest assured amongst the negativity you may receive in certain corners of the web, there are people truly appreciative of yours, and others like you, hard work.



  • Pangolin is a reverse proxy, so it can forward a URL to any backend service on any port. But you’re right in that you have to be signed in on the browser you access it on. Therefore an app won’t directly work without prior login. You can create a ‘shareable link’ in Pangolin, which I use for the Immich app. This gives me header tokens that the Immich app can take in its advanced settings, and that’s how that one works.

    I’ve recently moved away from dedicated apps for mobile services and toward web-based access for most things (I use Music Assistant in browser). This isn’t perfect for everything and everyone, but I realise now with your question that it’s worked well for me transitioning to Pangolin (and at least Immich app works).