Exposing Immich via subdomain - good or bad idea?
Exposing Immich via subdomain - good or bad idea?
As the title says...
Is this a risky thing?
EDIT: I have a wireguard VPN set up for myself and it's always on so I can access *arrs and the like. I would like to expose immich on my domain to share photo albums and such.
You're viewing a single thread.
Best solution is a VPN to your home network.
However, if you want to host it publicly, at least restrict access to it via GeoIP. For example, if you live in Europe and only need access from there, only allow the areas in Europe you travel to and block everything else. This will greatly reduce your attack surface.
Also, make sure everything is patched. Always. And implement something like fail2ban to deny repeated failed logins, along with a reverse proxy.
Best solution is using a mesh VPN service like Tailscale or Netbird
GeoIP restricting is a brilliant idea I never thought of. I have been getting a few people trying to sign up on one of my other services and they're all from Asia somewhere.
I'll try setting this up.
Sweet. Both OPNSense and pfSense firewalls have the ability to tie into MaxMind's GeoIP service. Not sure what your perimeter device is, but it's pretty easy on those. And free.
If you use Cloudflare as the domain-DNS I'd rather use them as the GeoIP filter.
Yes, but OP mentioned nothing about Cloudflare.
Doesnt hurt to mention though in case others come across this discussion, no?