I have self hosted immich on Debian on my homelab. I have also setup tailscale to be able to access it outside my home.

Sometime ago, I was able to purchase a domain of my choice from GoDaddy. While I am used to hosting stuff on Linux, I’ve never exposed it for access publicly. I want to do that now.

Is it something I can do within tailscale or do I need to setup something like cloudflare? What should I be searching for to learn and implement? What precautions to take? I would like to keep the tailscale thing too.

PS: I would like to host immich as a subdomain like photos.mydomain.com.

Thanks!

    • walden@sub.wetshaving.social
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      8 months ago

      This is honestly the most confusing and complicated part of self-hosting.

      I agree! It took me years to finally decide to buckle down and wrap my head around what a “reverse proxy” is. Once I figured it out things became so much more usable and fun.

      Combined with DNS redirects in my LAN (to get around NAT loopback), things are very easy to use.

      • Ænima@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        8 months ago

        You sound like me with Docker. Still unsure how to use that shit but haven’t sat down to really try again, either.

        I agree, reverse proxy was also a little mind numbing before I really buckled down and read/watched a bunch of info on it. I learn best by examples and try-fail, but that’s hard to do with live services.

        • LifeBandit666@feddit.uk
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          I found a lot of the problems I had with Docker were with Docker. Once I moved to using Portainer for Docker it became much more accessible.

            • LifeBandit666@feddit.uk
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              8 months ago

              You need to pick a machine (if you only have 1 you don’t lol) to be your web portal, bang a block of code in via ssh or command line (I copy pasted) then you can access Portainer via the web portal.

              From there “Stacks” is Docker Compose and you can fiddle with your containers, networking settings and all the other stuff via a UI instead of having to SSH in all the time to look at your compose files.

              Then if you wanna use docker on more machines you just bang a block of code into that machine via ssh and it will appear in your Portainer

              Far easier imho

              • Ænima@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                8 months ago

                I have saved this reply for the near future when I rebuild my server box to run Linux! Thanks again for your knowledge and information!

    • Artemis@lemmy.dave-selfhosted.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      This is the way.

      If you have a dynamic WAN IP (like I do), you can make use of DDNS-updater services such as this.

      Also, afaik, Immich does not have chunked uploads yet (not sure if it has been updated to include that) so you might have to check your DNS’ policies regarding traffic (e.g. Cloudflare proxy only allows up to 100Mb traffic and can’t be used to serve media from what I read).

    • DontNoodles@discuss.tchncs.deOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      I have used reverse proxy in office setup where my local IP was NATed to a dedicated public IP. But in my home lab, I don’t have a dedicated public IP. So, i need to figure a way around that.

      • gaylord_fartmaster@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I know everyone loves to shit on Oracle, but a free-tier Oracle VPS would solve this.

        Or if you want something decent pay for a cheap VPS.

        • zqwzzle@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          We’re running home labs because we’ve learned that relying on “free” services eventually comes back to bite you.

          • gaylord_fartmaster@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            Absolutely, if it was anything I needed or even really wanted to be sure was reliably available I’d never put it on a free VPS.

            Now, something trivial like this that just requires installing wireguard and nginx, copying over some configs, and changing a DNS record? Hard to beat free.

      • Bakkoda@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        8 months ago

        Just run a cron job updating your IP every 24 hours. All I’ve ever done for the last decade or so.

        I should clarify, I use namecheap as my registrar and Afraid as my nameserver. Afraid has curl, cron and even just a url i think you can use to update your IP.

      • Technikus5@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I’ve set up several instances in circumstances like yours. The easiest way is to create a duckdns domain for yourself, and install their updater on one of your systems, to keep your external IP up to date with their DNS-Servers. Then you can use a DNS-Provider of your choice (I use Cloudflare) to create a “CNAME” DNS Record, that basically just tells a browser to redirect from your domain to the IP Address of the duckdns domain. That way you can have an automatically updating public IP behind your domain name. Then you “just” have to set up a reverse proxy (I use Nginx Proxy Manager, but there are newer and easier alternatives), and create the correct port forwarding rules in your router/firewall, and you should be good to go