• 1 Post
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle














  • Put it on a different server then. It prevents your Immich server from ever needing to be exposed publicly. That’s the entire point.

    This is stupid.

    Repeat after me - proxies are not used for security.

    This is a cargo-cult believe in this community. There’s a weird sense that it’s “dirty” to have a server exposed “directly” to the internet. But if I put it behind something else that forwards traffic to the server then that’s somehow safe!

    Security is something you do not something you have. The false sense of security with proxy bullshit like this crappy project is not giving you anything. You’re taking a well supported community project (immich) and installing another app in front of it which appears to be some dude’s personal project and telling me that is more secure. As though that project is better written?

    Install immich. Forward ports to it (or proxy it with nginx if needed for hostname routing (but don’t expect this to be more secure)), and keep it up to date and use good passwords.





  • At its simplest:

    docker run -d --name servicename --restart unless-stopped container

    That’ll get you going. Youi’ll have containers running, they restart, etc. There are more sophisticated ways of doing things (create a systemd file that starts/stops the container, use kubernetes, etc.) but if you’re just starting this will likely work fine.