I have self hosted immich on Debian on my homelab. I have also setup tailscale to be able to access it outside my home.
Sometime ago, I was able to purchase a domain of my choice from GoDaddy. While I am used to hosting stuff on Linux, I’ve never exposed it for access publicly. I want to do that now.
Is it something I can do within tailscale or do I need to setup something like cloudflare? What should I be searching for to learn and implement? What precautions to take? I would like to keep the tailscale thing too.
PS: I would like to host immich as a subdomain like photos.mydomain.com.
Thanks!
You must log in or register to comment.
You use a reverse proxy. Configure your DNS (GoDaddy in this case) to forward requests to your domain to your WAN IP. Set up port forwarding on your router to send HTTPS requests to your server, then the reverse proxy processes the request and directs it to the proper container.
This is honestly the most confusing and complicated part of self-hosting.
It’s also all made very simple using Yunohost.
Also please move away from GoDaddy as soon as possible. Popular alternatives would be NameCheap or Porkbun.
This is honestly the most confusing and complicated part of self-hosting.
I agree! It took me years to finally decide to buckle down and wrap my head around what a “reverse proxy” is. Once I figured it out things became so much more usable and fun.
Combined with DNS redirects in my LAN (to get around NAT loopback), things are very easy to use.
You sound like me with Docker. Still unsure how to use that shit but haven’t sat down to really try again, either.
I agree, reverse proxy was also a little mind numbing before I really buckled down and read/watched a bunch of info on it. I learn best by examples and try-fail, but that’s hard to do with live services.
I found a lot of the problems I had with Docker were with Docker. Once I moved to using Portainer for Docker it became much more accessible.
I’ll take a look at it, thanks!
You need to pick a machine (if you only have 1 you don’t lol) to be your web portal, bang a block of code in via ssh or command line (I copy pasted) then you can access Portainer via the web portal.
From there “Stacks” is Docker Compose and you can fiddle with your containers, networking settings and all the other stuff via a UI instead of having to SSH in all the time to look at your compose files.
Then if you wanna use docker on more machines you just bang a block of code into that machine via ssh and it will appear in your Portainer
Far easier imho
I have saved this reply for the near future when I rebuild my server box to run Linux! Thanks again for your knowledge and information!
There’s also the option of setting up a cloudflare tunnel and only exposing immich over that tunnel. The HTTPS certificate is handled by cloudflare and you’d need to use the cloudflare DNS name servers as your domains name servers.
Note that the means cloudflare will proxy to you and essentially become a man-in-the-middle. You – HTTPS --> cloudflare --http–> homelab-immich. The connection between you and cloudflare could be encrypted as well, but cloudflare remains the man-in-the-middle and can see all data that passes by.
I could be wrong, as I’m no expert, but cloud flare’s proxy limits file uploads to about 1GB. I had to disable it to upload larger videos to immich. For other services, probably decent advice.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAT Network Address Translation SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
[Thread #795 for this sub, first seen 10th Jun 2024, 17:25] [FAQ] [Full list] [Contact] [Source code]
I personally would be hesitant to host Immich publicly until they’ve done a security audit. The risk of accidentally exposing my photos publicly is too big for me.
That’s why I recommend using Tailscale or Wireguard directly. Personally I’m using Wireguard for me and Tailscale for other people I want to easily access my services.
I’d recommend a web proxy service. It acts as a middleman, public > router > port forward to proxy / tailscale > proxy forwards by the domainto the correct service (immich).
Traefic is a good starter one.The most used but more advanced is probably nginx.
For SSL, use https://letsencrypt.org/, there are a bunch of tools to do it and some are automated. They expire faster but are free. Tailscale is a vpn tunnel so the ssl part may not be correct and they may have their own thing though.
Also godaddy is like the worst, expensive, ceo has hunted animals that shouadn’t be touched, and I always had outages when dealing with them. Namecheap is good, cloudflare, and porkbun.
Thanks, I’ll figure the best way out based on the responses.
And lol, I did not know about goDaddy being this bad since this was the first time I purchased a domain. Is it possible to move domains from one provider to another or do I have to wait for it to expire and then register on the other provider?
You can transfer at any time and keep the remaining registration time. The only negative is you have to pay the new regristrar a renewal fee to complete the trasnfer, this adds nore time to your domain, you just would have to pay it early once. They often do deals for transfers especially around holidays.
