Sorry for that, Updated the title.
Sorry for that, Updated the title.
this update broke my installation :(. I have not updated it in a while. Now I have to rollback until I fix this. Hope the backup will work. EDIT: It was the reverse proxy. Check the developer notes before updating.
I am behind CGNAT and I have been trying to set up a WireGuard mesh network to connect my local devices, such as a Raspberry Pi and Proxmox server, as well as my mobile devices, using a VPS as the central point. The goal is to expose locally running applications to the internet without relying on Cloudflare, as they do not allow video streaming and remote access to my local devices. I have looked at many tutorials on this topic, but they often left me confused due to the varying iptables rules and configurations. Some tutorials include specific device names like eth0 in the iptables rules, while others use variables like %i. Additionally, some examples have special rules for SSH access like this one. Apart from that, I am unsure about what additional steps I need to take when I want to run one of the peers as an internet gateway. Despite the confusion, I managed to achieve the basic mesh network setup without implementing any iptables rules for PostUp/Down. Each device in the network receives an IP address within the WireGuard subnet (10.0.0.x) and can ping one another. However, I believe that the iptables rules mentioned in the tutorials would allow accessing other subnets, such as my local LAN, through the WireGuard VPN. I am still uncertain about the exact mechanism behind how these rules work in that context and how to properly configure them for my specific use case, especially considering the CGNAT situation
Thanks for the nice writeup. Can you explain why you have these rules.
PostUp = iptables -t nat -A PREROUTING -p tcp -i eth0 ‘!’ --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source SERVER-IP PostUp = iptables -t nat -A PREROUTING -p udp -i eth0 ‘!’ --dport 55107 -j DNAT --to-destination 10.0.0.2;
What happens if you remove it ?
Immich having accounts+SSO is the single best feature IMO. Thanks for your thoughts on the topic.
I faced the same problem when trying to run two SSDs connected via USB in btrfs raid0. I used a cheap 30W power brick from amazon. You can see dmsg warnings about this. Look for low voltage/current. Problems were resolved after using the official Raspberry 5 power brick.
Now I have to self host mastodon to join the party 🥳
There is a discussion about immich stacking here https://github.com/immich-app/immich/discussions/2479 Automatic stacking is on their roadmap. There is a high chance that the APIs will be broken by then. I always prefer the native features over third party tools.