this post was submitted on 13 Jul 2025
137 points (96.0% liked)

Selfhosted

60426 readers
234 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Hi all,

For all people awaiting for an LXC to self host Immich the time has come. The LXC came up a month ago, sorry if it's a repost.

all 26 comments
sorted by: hot top controversial new old
[–] perishthethought@piefed.social 40 points 11 months ago (3 children)

For those like me still learning.

Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

https://en.m.wikipedia.org/wiki/LXC

[–] NotSteve_@piefed.ca 12 points 11 months ago (1 children)

They're super useful when running Proxmox. You can create an LXC container and have it booted to a shell in under a minute

[–] corsicanguppy@lemmy.ca 1 points 11 months ago* (last edited 11 months ago)

You can create an LXC container and have it booted to a shell in under a minute

Rhel5 on a VM booted in under a minute easily. Rhel6 on a VM booted in around a minute. Rhel7 on a VM booted in almost a minute, and the trend accelerated from there. Wow, is RhelX a piece for its frail-boat booting.

The key is the monolith.

[–] petaqui@lemmings.world 2 points 11 months ago

Thank you! A much needed info

[–] mic_check_one_two@lemmy.dbzer0.com 2 points 11 months ago (1 children)

So it’s Docker with extra steps?

[–] Yoddel_Hickory@lemmy.ca 13 points 11 months ago

Fewer steps actually, since it is built into the kernel

[–] ikidd@lemmy.world 36 points 11 months ago (3 children)

Know what you're running when you pipe to a bash script. Curl-bash pipes are a security mess.

[–] Sanguine@lemmy.dbzer0.com 6 points 11 months ago (2 children)

Good advice but ime these helper scripts are legit.

[–] ikidd@lemmy.world 9 points 11 months ago

I'm pretty familiar with TTech's legacy, I just mention it because if the repos ever got compromised, it could be a shitshow. IDK what security measures the new maintainers use to secure their access or check PRs, but I get nervous when it's as popular as it is and such a good vector for complicated installations that are hard to check out. I also don't know the new maintainers from Adam.

Personally, I'd use the scripts as a guide for DIY.

[–] corsicanguppy@lemmy.ca 4 points 11 months ago (2 children)

ime these helper scripts are legit.

Let's consider a moment the risk you're subjecting people to, just with a recommendation based on the value of the things you secure without considering what they need to secure.

[–] Sanguine@lemmy.dbzer0.com 3 points 11 months ago (1 children)

I'm not subjecting anyone to anything. I acknowledged that this practice is risky, however these scripts are maintained by a community of other nerds just like every other open source project you enjoy. If you're going to use these proceed with the same caution you would anything else on the internet, but in my experience they are safe.

[–] ick@infosec.pub 4 points 11 months ago

I created a little proof of concept last year to highlight some of the risks https://stoppip.ing/

[–] corsicanguppy@lemmy.ca 2 points 11 months ago

Curl-bash pipes are a security mess.

Security mess? Red flag. Avoid.

[–] warmaster@lemmy.world 7 points 11 months ago

New to me, thank you!

[–] monty33@lemmy.ml 5 points 11 months ago (2 children)

This looks great! Is there an easy way to migrate from a docker setup to this lxc?

[–] MangoPenguin@lemmy.blahaj.zone 13 points 11 months ago

Docker is the better option IMO if you already have it set up, much easier to manage.

[–] dangling_cat@piefed.blahaj.zone 2 points 11 months ago (2 children)

Why? Unless you need specific kernel features, Docker is superior because of containerization (runs on host kernel with no overhead), uses less space (layered image), and is easy to set up a complicated network (you want certain apps to run behind WireGuard with reverse proxy? Few lines in yaml).

[–] qqq@lemmy.world 9 points 11 months ago

LXC is containerization. Both it and Docker are using the same kernel APIs.

[–] monty33@lemmy.ml 2 points 11 months ago

Currently I'm nesting docker in an LXC. I also believe that the LXC updater would take care of the breaking changes that happen with the complex docker compose changes (hasn't in several releases but it happens)

[–] kebab@endlesstalk.org 5 points 11 months ago (2 children)

What’s the licensing situation with Immich? Is it still “unlimited trial period”?

[–] truxnell@aussie.zone 9 points 11 months ago

Its 100% free with a totally optional donation. Appreciate there's been a lot of concern about their partnering with FUTO, but I checked heavily into it and I'm comfortable there won't be a rug pull.

[–] qaz@lemmy.world 4 points 11 months ago* (last edited 11 months ago)

It's still AGPL afaik

EDIT:

This project is available under GNU AGPL v3 license.

Still is

[–] Leax@lemmy.dbzer0.com 2 points 11 months ago

Great to hear, thank you!

[–] DontNoodles@discuss.tchncs.de 1 points 11 months ago

I read a lot of good things about LXC and how it was better for such things when I was starting my selfhosting journey an year or so ago. Immich was my need of the hour but I could not find any tutorials to get it done back then and now I know why. Being good and being accessible for noobs are two different things.