Keep it like it is, and make a point to explain to anybody what your views are. I understand you not wanting to be considered a Nazi, but it is still ab almost 100 years old piece of history and I think it would be a pity to trash it.

Never forget history, means also keep “historic memorabilia”. There is nothing bad in keeping a piece of history, good or bad, it’s all our history and we should always be wary of trying to " trash it ".

Edit: you should edit your post and specify its not original. Them just trash it or melt if you can use the materials.

Add Pam or basic auth to nginx and you are done.

This is a great reason, I didn’t know, but its interesting.

Fair, setting up ssh tunnels with autoreconnect and such is indeed more complex.

Why rathole and not ssh tunneling? The latter exposes only one port (that you are already exposing anyway) while the former requires an additional port.

What is the actual benefit of rathole? I an asking genuinely.

Rent a cheap vps and do something like I did with ssh tunneling, or wireguard VPN, between home and the vps:

https://wiki.gardiol.org/doku.php?id=router:ssh_tunnel

(Sorry I keep posting links to my wiki but the whole point was writing once)

Sorry man, I am on mobile so I keep missing parts.

As for hardware, I would recycle anything you have at home if it has at least 8gb ram and a network card. Specially laptops (low watts consumption and built-in battery in case of power outage) are my favourites. But if you want to spend for new stuff, the low power N100 are all the rage nowadays.

For storage, go with at least two disks or ssds or nvme in RAID1 (and keep in mind that is not backup, which you should plan to do), they can be external USB drives as well, provided you spend some good money and don’t go cheap on the USB enclosure. Mine have been working perfectly for the last decade.

More.

I agree nextcloud might be a very good solution.l, specially because all the service you might need are there. The fun factor decreases tough.

Also, while cloudflare is heavily sponsorized in this community I disagree. It’s probably the easiest approach but you end up depending on a specific service. Renting a cheap vps (virtual private server) and setting up a VPN or ssh tunneling is the best approach, but slightly more complex. In exchange you are free to migrate to a different vps at any time with basically zero downtime.

Using a VPN is clearly the safest approach but has two limits:

• more complex setup for you users
• cannot expose public services (like sharing photos with friends outside family, or sharing your resumee)

Using ssh tunnels to make your internal server accessible on port 80/443 of the vps instead gives you the maximum freedom, but you run higher risk unless you secure it properly (service separation, https with let’s encrypt, strong authentication and so on…)

I wouldn’t follow the advice of using Immich. While its a great tool, growing fast and super polished, its currently aimed at photo backup from your android phone/tablet and is not a good pick for a family photo gallery.

To that end I would look into pigallery2 or the very good homegallery, which is still in early stages as well but also quite polished and already working great. They will not replace Immich, but will complete the workflow nicely.

My photo management flow (which includes your requirements, plus the capability to organize new photos over time) is here https://wiki.gardiol.org/doku.php?id=services:photomanagement if you are interested.

In general the flow is to buy or recycle a pc of anykind, install linux (optional, but recomendes), buy a domain you like from some registrar, setup some kind of remote access from outside to your home, and install the services you want.

The workflow mandatory includes hours spent trying and failing, and also having tons of fun in the process. Don’t forget the WAF (Wife Appreciation Factor) which will determine how much fun you can have.

Last, i al documenting all my steps and proceedings while I run down my own selfhost rabbit hole in the above linked wiki (self hosted, ofc).

See you around, I guess!

Wow… Luckly I don’t use systemd which seems to be the vector causing the sshd backdoor, via liblzma…

Pretty scary anyway.

At home i have a FWA over 5G (mobile) with 1Tb/month of traffic cap. That can be raised by 200Gb if needed. Cost 24€/month.

On mobile I have 150Gb capped 3G/4G/5G (whatever works) for 7.99€/month.

Not bad deals in comparison with what I read here.

I have not setup authelia or similar, i am using proxy auth linked to PAM to simulate SSO. I might end up using authelia or similar in the future to solve this specific issue indeed.

I wouldn’t dream to use any stock android at this point. Been on LOS forever and each new phone I buy either check if Los is available or, in one case (my current phone) I ported Los for it myself.