It is but it requires public internet access to the Immich instance, or everyone involved being on our VPN. Reusing someone else’s publicly facing service to share photos from a private Immich instance is a clever workaround.
Using a reverse proxy / ingress, you can configure only share links to be publicly available, while keeping the rest of immich exclusive to your private-network. Optionally combine with something like Cloudflare Tunnel if you’re worried about leaking your server’s IP.
this right here. If you have immich setup behind a reverse proxy, just route any requests that use the /share on the proxy manager to route to the immich instance, and have it 403 on anything else when the request is not via the vpn
Afaik immich is generally safe to publicly expose. Otherwise, I’d just use http basic auth. Supported by every server and client, should be secure enough to hold off attacks in case immich’s login/auth mechanisms fail, and I don’t see a usecase where this wouldn’t work.
If you don’t have a public IP or need IPv4, get a 4€/Month VPS (cheaper than even a Pi’s energy usage I suppose) and put headscale on it.
It is but it requires public internet access to the Immich instance, or everyone involved being on our VPN. Reusing someone else’s publicly facing service to share photos from a private Immich instance is a clever workaround.
AzuraTheSpellkissed@lemmy.blahaj.zone 1 day ago
Using a reverse proxy / ingress, you can configure only share links to be publicly available, while keeping the rest of immich exclusive to your private-network. Optionally combine with something like Cloudflare Tunnel if you’re worried about leaking your server’s IP.
Pika@sh.itjust.works 1 day ago
this right here. If you have immich setup behind a reverse proxy, just route any requests that use the /share on the proxy manager to route to the immich instance, and have it 403 on anything else when the request is not via the vpn
androidul@lemmy.world 19 hours ago
would rather not go that path
30p87@feddit.org 1 day ago
Afaik immich is generally safe to publicly expose. Otherwise, I’d just use http basic auth. Supported by every server and client, should be secure enough to hold off attacks in case immich’s login/auth mechanisms fail, and I don’t see a usecase where this wouldn’t work.
If you don’t have a public IP or need IPv4, get a 4€/Month VPS (cheaper than even a Pi’s energy usage I suppose) and put headscale on it.