• 1 Post
  • 914 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

















  • Put it on a different server then. It prevents your Immich server from ever needing to be exposed publicly. That’s the entire point.

    This is stupid.

    Repeat after me - proxies are not used for security.

    This is a cargo-cult believe in this community. There’s a weird sense that it’s “dirty” to have a server exposed “directly” to the internet. But if I put it behind something else that forwards traffic to the server then that’s somehow safe!

    Security is something you do not something you have. The false sense of security with proxy bullshit like this crappy project is not giving you anything. You’re taking a well supported community project (immich) and installing another app in front of it which appears to be some dude’s personal project and telling me that is more secure. As though that project is better written?

    Install immich. Forward ports to it (or proxy it with nginx if needed for hostname routing (but don’t expect this to be more secure)), and keep it up to date and use good passwords.