Agree. Not at all a security expert here, but maybe doing it inside a distrobox could be a temporary fix?

Forget it, I just tried and it seems it gets installed in your home directory so using distrobox doesn’t change anything (apparently, but as I said I’m not an expert so feel free to correct me if I’m wrong).

However, I’ve seen they also have it available through a bunch of package managers like nix, arch and Fedora

Then I would suggest you to take a look at Reverse Proxies, which are programs that let you publicly expose different services hosted on the same computer under different (sub)domains.

The easiest to start with (and also probably the one that better fits your needs) afaik is NGINX Proxy Manager, which can be set up really easily using docker, and you can find plenty of tutorials online (here is one I watched when I was starting to look into docker and selfhosting, it’s a bit old but should still be valid).

If after having set up that you will to thinker around it a little bit and dive a bit deeper, there’s also Traefik which is pretty cool and also has a lot of materials to learn online.

I don’t remember if the video I linked mention it or not, but to use a reverse proxy to expose your services on the web you will first need to set up a dynamic dns (probably the easiest way is to use Cloudflare) or to ask your ISP for a static IP, then go into your routers settings and find the Port Forwarding section where you should tell your routers to send all the incoming traffic from ports 80 (HTTP) and 443 (HTTPS) to the local IP of your server. And then you should be ready to use spin up Nginx Proxy Manager or Traefik on your server.

(idk if I was clear or not but I swear it’s easier that how it seems ahah)

Is immich the only service you want to expose? And did you installed it using docker or directly on your system?

It can be a bit overkill for your use case if you only need to stream the USB media on your tv, but take a look at Jellyfin, it’s a program you can install on any PC and as long as this is up and running on the same network you can access your media on that PC (in your case with the USB plugged in) from any other device (TV, other PCs, Tablets, smartphones)

Still haven’t looked into podman properly, but docker is much easier to learn because as you said there’s a lot more material available online. I’d say start with Docker, and if in the future you will find out podman better fits your needs you can always switch (they should not be that different)

Ahah dw, it happened to me as well and to be fair the OCI UI for opening ports is not the most intuitive piece of software I’ve seen…

Currently using Infomaniak.com and I’m really liking it. They are a bit pricy compared to other registrars but

• they have solid privacy policy
• their servers use renewable energy
• they let you set up DDNS with a simple bash script
• they offer some cool email and kSuite benefits with the purchase of a domain

Not an exper either, but I’ve used OCI Free Tier for a while and most of the times I was encountering issues they were related either to the fact it was ARM and not x86_64 (most tutorials and guides are not written with ARM CPUs in mind) or to the sort of Firewall built in the Oracle Cloud Platform. Have you already checked if the ports required for the services not working are opened correctly?

EDIT: I just realized that ddclient (that I was already considering to set up ddns with cloudflare) also supports Infomaniak directly! (I don’t know how before making this post I didn’t saw it 😅) So I’ll probably go for that way in order to cut out Cloudflare from the equation and rely on one external company less. Thank you :)

I think that this could be the cleanest solution, could you share the curl command you used to interact with the API? (Of course replacing your actual access token with ** etc.)

I’ve seen it mentioned in a bunch of videos and articles, but I didn’t like the idea of Cloudflare scanning all the stuff that is transferred from and to my server. If I opt just for their DNS service and update it through the API they can’t do that, right?

That’s why I didn’t want to use Cloudflare Tunnels, but just Dynamic DNS. I though that they had access to the stuff you transfer only if you use their tunneling feature and for the reasons you said is something I would prefer to avoid.

The thing is that I bought my domain on Infomaniak and most of the self-hosting tutorials I’ve seen recommend Cloudflare. Would you suggest something different?

I haven’t actually tried it since I’m still a beginner in selfhosting, but I was planning to buy a dedicated hardware for my homeland and my main two choices were the new Raspberry Pi 5 or some mini-PC like the one in this video I don’t know if it could be similar to what you are looking for…

I would love to, but I really can’t figure out how to spin it up on our server… is an ARM server where we are currently using the traefik reverse proxy to expose a couple of services in docker compose stacks.

If you have a Focalboard docker compose file to share (even if it’s using a different reverse proxy and not traefik) it would be super useful for me :)