As the title says…

Is this a risky thing?

EDIT: I have a wireguard VPN set up for myself and it’s always on so I can access *arrs and the like. I would like to expose immich on my domain to share photo albums and such.

  • supersheep@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    edit-2
    4 days ago

    You could look into mutual TLS / mTLS to protect your instance. You will need to set this up using a reverse proxy at your server (like Caddy) and then add a client certificate to your user devices. If you use the Immich app, I think it also supports adding this certificate under Settings -> Advanced -> SSL Client Certificate. Here you can find a tutorial on how to set it up: https://www.apalrd.net/posts/2024/network_mtls/

    (Edit: you will need to ensure that all clients who want to receive your shared photos have a client certificate installed, so depending on the number of clients this might be okay or less useful)

    • jws_shadotak@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 days ago

      Yeah, this is too much for my needs. My main goal is to be able to send pictures to people via a link.

      Neighbors and family and stuff - less tech savvy folk.