view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Put it on a different server then. It prevents your Immich server from ever needing to be exposed publicly. That's the entire point.
You seem to understand neither security nor privacy.
This is stupid.
Repeat after me - proxies are not used for security.
This is a cargo-cult believe in this community. There's a weird sense that it's "dirty" to have a server exposed "directly" to the internet. But if I put it behind something else that forwards traffic to the server then that's somehow safe!
Security is something you do not something you have. The false sense of security with proxy bullshit like this crappy project is not giving you anything. You're taking a well supported community project (immich) and installing another app in front of it which appears to be some dude's personal project and telling me that is more secure. As though that project is better written?
Install immich. Forward ports to it (or proxy it with nginx if needed for hostname routing (but don't expect this to be more secure)), and keep it up to date and use good passwords.
Yes, it's my project.
It doesn't "forward traffic", it validates traffic and answers only valid requests, without needing privileged access to Immich. I think you are confusing the word "proxy" with meaning something like Traefik.
Yes, it's more secure to use this than exposing Immich. No it's not "better written" than Immich; it fulfills a completely different purpose.
It's 400 lines of code in total, feel free to review it and tell me any flaws, oh mighty security expert.
Hahah. You must be bored.
Kinda - It's the only reason I bothered to reply to anyone. :-)