Just exposed Immich via a remote and reverse proxy using Caddy and tailscale tunnel. I’m securing Immich using OAuth.

I don’t have very nerdy friends so not many people appreciate this.

  • walden@sub.wetshaving.social
    link
    fedilink
    arrow-up
    0
    ·
    11 days ago

    Wrapping my head around reverse proxy was a game changer for me. I could finally host things that are usefull outside my LAN. I use Nginx-Proxy-Manager which makes the config simple for lazy’s like me.

    • tritonium@midwest.social
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      edit-2
      11 days ago

      Do you serve things to a public? Like a website? Because unless you’re serving a public, that’s dumb to do… and you really don’t understand the purpose of it.

      If all you wanted was the ability to access services remotely, then you should have just created a WireGuard tunnel and set your phone/laptop/whatever to auto connect through it as soon as you drop your home Wifi.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        11 days ago

        This is very short sighted. I can think of dozens of things to put on the open internet that aren’t inherently public. The majority are things for sharing with multiple people you want to have logins for. As long as the exposed endpoints are secure, there’s no inherent problem.

          • KairuByte@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 days ago

            Seriously?

            Plex, Jellyfin, VaultWarden, AdGuard, Home Assistant, GameVault, any flavor of pastebin, any flavor of wiki, and the list goes on.

            If you’re feeling spicy throw whatever the hell you want onto a reverse proxy and put it behind a zero trust login.

            The idea that opening up anything at all through to the open internet is “dumb” is antiquated. Are there likely concerns that need to be addressed? Absolutely. But don’t make blanket statements about virtually nothing belonging on the open internet.

            • tritonium@midwest.social
              link
              fedilink
              English
              arrow-up
              0
              arrow-down
              1
              ·
              1 day ago

              None of those have to be public and can all be accessed with WireGuard. You just proved my point, moron

              • KairuByte@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 day ago

                Why don’t we just throw Lemmy behind wireguard while we’re at it.

                Literally anything can go behind a VPN. Doesn’t mean much at all. And the majority of those are commonly left on the open internet for friends and family, which would be annoying af to set up with WireGuard.

                I have enough issues dealing with VPN issues in my professional life, I don’t want to have to deal with them in my personal life as well.

                • tritonium@midwest.social
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  4 hours ago

                  Tells me everything I need to know that you struggle with WireGuard… it’s dead simple. And can be completely automated so your household literally doesn’t need to do anything and their devices automatically connect to it.