Hi all. Noob question/s here. I want to be able to access my Immich server (docker) externally and maybe set up some others (e.g. Mealio). My understanding is that I need (should) use NGINX reverse proxy for this. My questions are:

  1. Do I need to set up NGINX on a VPS (or similar cloud based server) to send the queries to my home box?

  2. Do I need to purchase a domain (randomblahblah.xyz) to use as the main access route from outside my house?

Thanks a lot.

  • PriorProject@lemmy.worldEnglish
    7·
    10 months ago

    Do I need to set up NGINX on a VPS (or similar cloud based server) to send the queries to my home box?

    A proxy on a VPS is one way to do this, but not the only way and not necessarily the best one… depending on your goals.

    • You can also use port-forwarding and dyndns to just expose the port off your home-ip. If your ISP is sucky, this may not work though.
    • You can also use Cloudflare’s free tunneling product, which is basically a hosted proxy that acts like a super port-forward that bypasses sucky ISP restrictions.
    • If you want to access Immich yourself from your own devices but don’t need to make it available to (many) others on devices you don’t control, I like and use tailscale the best. The advantage of tailscale is that Immich remains on a private network, not directly scannable from the internet. If there’s a preauth exploit published and you don’t pay attention to update promptly, scanners WILL exploit your Immich instance with internet-exposed techniques… whereas tailscale allows you to access services that internet scanners cannot connect to, which is a nice safety net.

    Do I need to purchase a domain (randomblahblah.xyz) to use as the main access route from outside my house?

    Not for tailscale, and I don’t think for Cloudflare tunnel. Yes for a VPS proxy.

    I’ve run a VPS for a long while and use multiple techniques for different services.

    • Some services I run directly on the VPS because it’s simple and I want them to be truly publicly accessible.
    • Other services I run on a bigger server at home and proxy through the VPS because although I want them to be publicly accessible, they require more resources than my VPS has available. When I get around to installing Immich, there’s a decent chance it will go into this category.
    • Still other services, I run wherever and attach them to my tailnet. These I access myself on my own devices (or maybe invite a handful of trusted people into my tailnet), but aren’t visible to the public internet. If I decide not to use immich’s shared gallery features (and so don’t need it publicly accessible) or decide I don’t trust it security-wise… it will go here instead of the proxy-by-vps category.
    • Toaster@lemmy.worldEnglish
      1·
      10 months ago

      So for something like Jellyfin that you are sharing to multiple people you would suggest a VPS running a reverse proxy instead of using DDNS and port forwarding to expose your home IP?

      What VPS would you recommend? I would prefer to self host, but if that is too large of a security concern I think there is a real argument for a VPS.