Selfhosted

52768 readers

380 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

333

Google flags Immich sites as dangerous (immich.app)

submitted 2 weeks ago by rustyredox@lemmy.world to c/selfhosted@lemmy.world

56 comments fedilink hide all child comments

Has this impacted your self hosted instances of Immich? Are you hosting Immich via subdomain?

https://news.ycombinator.com/item?id=45675015

you are viewing a single comment's thread
view the rest of the comments

[–] chaospatterns@lemmy.world 10 points 1 week ago* (last edited 1 week ago) (2 children)

It is for pull requests. A user makes a change to the documentation, they want to be able to see the changes on a web page.

If you don't have them on the open web, developers and pull request authors can't see the previews.

The issue they had was being marked as phishing, not the SSL certificate warning page.

[–] FreedomAdvocate@lemmy.net.au 0 points 1 week ago (1 children)

The issue they had was being marked as phishing, not the SSL certificate warning page.

Have you seen what browsers say when you have a look at the SSL certificate warning page?

It is for pull requests. A user makes a change to the documentation, they want to be able to see the changes on a web page.

Why is a user made PR publishing a branch to Immich's domain for the user to see?

[–] BCsven@lemmy.ca 1 points 1 week ago

I thought that was how pull requests worked, its a branch if you'veade a departure to edit code, you have the pull request and ask them to merge into the main branch. It should be visible to everyone so everyone can review the change.

[–] Nibodhika@lemmy.world 0 points 1 week ago

It is for pull requests. A user makes a change to the documentation, they want to be able to see the changes on a web page.

So? What that has to do with SSL certificates? Do you think GitHub loses SSL when viewing PRs?

If you don't have them on the open web, developers and pull request authors can't see the previews.

You can have them in the open, but without SSL you can't be sure what you're accessing, i.e. it's trivial to make a malicious site to take it's place an MitM whoever tries to access the real one.

The issue they had was being marked as phishing, not the SSL certificate warning page.

Yes, a website without SSL is very likely a phishing attack, it means someone might be impersonating the real website and so it shouldn't be trusted. Even if by a fluke of chance you hit the right site, all of your communication with it is unencrypted, so anyone in the path can see it clearly.