As the title says…
Is this a risky thing?
EDIT: I have a wireguard VPN set up for myself and it’s always on so I can access *arrs and the like. I would like to expose immich on my domain to share photo albums and such.
As the title says…
Is this a risky thing?
EDIT: I have a wireguard VPN set up for myself and it’s always on so I can access *arrs and the like. I would like to expose immich on my domain to share photo albums and such.
You could look into mutual TLS / mTLS to protect your instance. You will need to set this up using a reverse proxy at your server (like Caddy) and then add a client certificate to your user devices. If you use the Immich app, I think it also supports adding this certificate under Settings -> Advanced -> SSL Client Certificate. Here you can find a tutorial on how to set it up: https://www.apalrd.net/posts/2024/network_mtls/
(Edit: you will need to ensure that all clients who want to receive your shared photos have a client certificate installed, so depending on the number of clients this might be okay or less useful)