I’ve got Immich working great on Unraid, but if I’m on my network I can’t really use it. Just fails to resolve the dns. I looked it up and it’s that my router doesn’t support hairpin or something. It’s a Aginet hb810. I found a workaround in the Immich client where you can add a second entry that’s network specific, but it doesn’t seem to work very reliably.
What are my options?
The term you would search for here is “split-horizon DNS”. Assuming you’re using a real domain name with hosts, you want a DNS server inside that resolves the LAN address, and the outside DNS server for everyone else resolves your WAN address (which presumably you reverse-proxy to inside host).
Even better is to not expose the service at all from the outside, use a VPN like Tailscale, and then use their MagicDNS service on the tailscale network to keep everything behind the firewall.
Every service you expose to the outside is more attack surface.
On my unraid router, this is called DNS override
Immich.example.ca resolves to a local ip when you search for within the network. For every DNS entry on cloudflare for my domain, I have an equivalent one on my router and pihole that points to the local domain