v1.104.0
Caution
EXTERNAL LIBRARY EDITABILITY
For external library users, you can now manage your assets directly from Immich's user interface, i.e. you can edit date/time, location information, an...
Personally, I don’t expose the port externally, so I’m not sharing photos via Immich right now. I host locally and it is on a proper domain with a lets encrypt certificate, and I use Gandi Live DNS to update the dynamic IP, but my DDWRT router is set up to only allow access from internal IP addresses and my current WAN IP. It does work externally, but like you I am bit vary of it. That doesn’t just apply to immich. I do the same with my Next Cloud.
How’s security when hosting on a reverse proxy? My main concern is the api endpoint which needs to be exposed for the all to work.
Personally, I don’t expose the port externally, so I’m not sharing photos via Immich right now. I host locally and it is on a proper domain with a lets encrypt certificate, and I use Gandi Live DNS to update the dynamic IP, but my DDWRT router is set up to only allow access from internal IP addresses and my current WAN IP. It does work externally, but like you I am bit vary of it. That doesn’t just apply to immich. I do the same with my Next Cloud.
Expanding on this, I also have wireguard setup if I’m not on my home WiFi so can access “as needed” that way
This is exactly what I do too!