52
Noob NGINX / self-host question (lemmy.world)
submitted 1 year ago by fiddlestix@lemmy.world to c/selfhosted@lemmy.world
22 comments fedilink hide all child comments

Hi all. Noob question/s here. I want to be able to access my Immich server (docker) externally and maybe set up some others (e.g. Mealio). My understanding is that I need (should) use NGINX reverse proxy for this. My questions are:

  1. Do I need to set up NGINX on a VPS (or similar cloud based server) to send the queries to my home box?

  2. Do I need to purchase a domain (randomblahblah.xyz) to use as the main access route from outside my house?

Thanks a lot.

you are viewing a single comment's thread
view the rest of the comments
[-] PriorProject@lemmy.world 14 points 1 year ago

Do I need to set up NGINX on a VPS (or similar cloud based server) to send the queries to my home box?

A proxy on a VPS is one way to do this, but not the only way and not necessarily the best one... depending on your goals.

  • You can also use port-forwarding and dyndns to just expose the port off your home-ip. If your ISP is sucky, this may not work though.
  • You can also use Cloudflare's free tunneling product, which is basically a hosted proxy that acts like a super port-forward that bypasses sucky ISP restrictions.
  • If you want to access Immich yourself from your own devices but don't need to make it available to (many) others on devices you don't control, I like and use tailscale the best. The advantage of tailscale is that Immich remains on a private network, not directly scannable from the internet. If there's a preauth exploit published and you don't pay attention to update promptly, scanners WILL exploit your Immich instance with internet-exposed techniques... whereas tailscale allows you to access services that internet scanners cannot connect to, which is a nice safety net.

Do I need to purchase a domain (randomblahblah.xyz) to use as the main access route from outside my house?

Not for tailscale, and I don't think for Cloudflare tunnel. Yes for a VPS proxy.

I've run a VPS for a long while and use multiple techniques for different services.

  • Some services I run directly on the VPS because it's simple and I want them to be truly publicly accessible.
  • Other services I run on a bigger server at home and proxy through the VPS because although I want them to be publicly accessible, they require more resources than my VPS has available. When I get around to installing Immich, there's a decent chance it will go into this category.
  • Still other services, I run wherever and attach them to my tailnet. These I access myself on my own devices (or maybe invite a handful of trusted people into my tailnet), but aren't visible to the public internet. If I decide not to use immich's shared gallery features (and so don't need it publicly accessible) or decide I don't trust it security-wise... it will go here instead of the proxy-by-vps category.
[-] fiddlestix@lemmy.world 3 points 1 year ago

Thanks a lot. Tailscale is out, unfortunately. Because the server also runs Plex and I need to use it with Chromecast on remote access (it's an old CC, so can't add tailscale to it). Looking into Cloudflare and port forwarding. I've just signed up to NextDNS though, so don't want to add another layer of DNS stuff to my mix.

[-] PriorProject@lemmy.world 3 points 1 year ago

Tailscale is out, unfortunately. Because the server also runs Plex and I need to use it with Chromecast on remote access...

I rather suspect you already understand this, but for anyone following along... Tailscale can be combined with other networking techniques as well. So one could:

  • Access Plex from a Chromecast on your home network using your physical IP, and on your tailnet using the overlay IP.
  • Or one could have some services exposed publicly and others exposed on the tailnet. So Immich could be on the tailnet while Plex is exposed differently.

It's not an all or nothing proposition, but of course the more networking components you have the more complicated everything gets. If one can simplify, it's often well worth doing so.

Good luck, however you approach it.

[-] fiddlestix@lemmy.world 3 points 1 year ago

Ah, I very much did not know that! Ok, I'm off to investigate Tailscale a bit more.

[-] maxprime@lemmy.ml 2 points 1 year ago

Yay! We converted another one.

load more comments (4 replies)
this post was submitted on 28 Aug 2023
52 points (98.1% liked)

Selfhosted

39212 readers
594 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz