| ▲ | cromka 8 hours ago | |
OK. Then you concede your security, as I can't imagine any single person self-hosting can be better at keeping their public service more secure than engineers at Google can. Especially with limited time. | ||
| ▲ | kristjank 6 hours ago | parent | next [-] | |
You definitely have a dull imagination. If the software itself is secure, containerized version of Immich behind a containerized version of nginx proxy manager is probably as secure as you can get. Also google security tends to be mainly leaning towards securing google and less towards securing google's (non paying) customers. | ||
| ▲ | lurking_swe 7 hours ago | parent | prev | next [-] | |
I mean, if you’re confident about security best practices, have a moderate amount of networking experience, and are a seasoned web developer, it’s not too scary at all. I realize that’s a lot of prerequisites though. it’s not a fair comparison with Google because Google has a much bigger target on their back. There are millions of users of Google, so the value of hacking Google is very high. The value of hacking a random Immich instance is extremely low. | ||
| ▲ | esseph 2 hours ago | parent | prev [-] | |
If you're not Cloudflare averse... Setup immich VM or docker container with a cloudflare tunnel Front access with Cloudflare Access (ZeroTrust) for free. Set "can only be accessed by users with email = xyz@myuser” Done. Now assuming this is the same user email as the one you shared photos with, there is a base level of security keeping the riffraff away. Home IP is never exposed either, because it's proxied through the cf tunnel. | ||