Just exposed Immich via a remote and reverse proxy using Caddy and tailscale tunnel. I’m securing Immich using OAuth.

I don’t have very nerdy friends so not many people appreciate this.

  • merthyr1831@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    Yeah port forwarding just isnt the same. I pretty heavily rely on Nextcloud and Plex doing the port forwarding for me

    • walden@sub.wetshaving.social
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Plex can sometimes get by without port forwarding by using UPnP or NAT-PMP, but I had to open a port to use Plex (before I started using Jellyfin and a reverse proxy).

      Same with Nextcloud, you either have to open a port or use a reverse proxy. Reverse proxy is more secure. Good stuff!

      Worth mentioning that either way you’re opening up ports (you need to open 80 and 443 for the reverse proxy), but that’s much better than opening a bunch of ports, one for each thing you’re running.

      The hardcore security minded people will always scream “use wireguard or whatever”, which also works really well (even combined with a reverse proxy that’s not exposed to the internet (80 and 443 not forwarded)). I do this for some of the stuff I run that I don’t want exposed at all, like my password manager. To access my password manager while out and about, I need to connect to my wireguard thing (my router sets it up for me), and then my phone is effectively back inside my LAN, and I can access whatever I need to. Fortunately it’s rare that I need to do this, because my password manager keeps a cached copy on my phone.

      Sorry, getting long winded. You get the point!

      • merthyr1831@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Yeah both Nginx and plex handle making themselves public for me already. But I have a handful of other svcs that id like to move behind a reverse proxy too