| ▲ | jasonjayr 13 hours ago |
| You get a link and you can set read or write permissions on it. Whoever gets that link can browse it in a web browser. I've used this to share albums of photos with gatherings of folks; it works very well. It does assume you have your Immich installation publicly available, however. (Not open to the public, but on a publicly accessible web server) |
|
| ▲ | navane 8 hours ago | parent | next [-] |
| How safe is that to set up for novice it people? I have a pi with pi-hole on it and am thinking about putting immich on it but the fact that it exposes itself outside my LAN frightens me. |
| |
| ▲ | kristjank 6 hours ago | parent [-] | | I have it set up in a container that I keep updated. Then it's reverse proxied by another container which runs nginx proxy manager, which keeps the HTTPS encryption online. So far, the maintenance has only been checking whether a new version has been released and docker pulling the images, then restarting the containers. |
|
|
| ▲ | cromka 8 hours ago | parent | prev [-] |
| OK. Then you concede your security, as I can't imagine any single person self-hosting can be better at keeping their public service more secure than engineers at Google can. Especially with limited time. |
| |
| ▲ | kristjank 6 hours ago | parent | next [-] | | You definitely have a dull imagination. If the software itself is secure, containerized version of Immich behind a containerized version of nginx proxy manager is probably as secure as you can get. Also google security tends to be mainly leaning towards securing google and less towards securing google's (non paying) customers. | |
| ▲ | lurking_swe 7 hours ago | parent | prev | next [-] | | I mean, if you’re confident about security best practices, have a moderate amount of networking experience, and are a seasoned web developer, it’s not too scary at all. I realize that’s a lot of prerequisites though. it’s not a fair comparison with Google because Google has a much bigger target on their back. There are millions of users of Google, so the value of hacking Google is very high. The value of hacking a random Immich instance is extremely low. | |
| ▲ | esseph 2 hours ago | parent | prev [-] | | If you're not Cloudflare averse... Setup immich VM or docker container with a cloudflare tunnel Front access with Cloudflare Access (ZeroTrust) for free. Set "can only be accessed by users with email = xyz@myuser” Done. Now assuming this is the same user email as the one you shared photos with, there is a base level of security keeping the riffraff away. Home IP is never exposed either, because it's proxied through the cf tunnel. |
|
