this post was submitted on 27 Jan 2025
446 points (98.3% liked)

Selfhosted

41829 readers
874 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
446
Just learned how to do a reverse proxy (programming.dev)
submitted 1 week ago by randombullet@programming.dev to c/selfhosted@lemmy.world
94 comments fedilink hide all child comments
 

Just exposed Immich via a remote and reverse proxy using Caddy and tailscale tunnel. I'm securing Immich using OAuth.

I don't have very nerdy friends so not many people appreciate this.

(page 2) 47 comments
sorted by: hot top controversial new old
[–] happydoors@lemm.ee 2 points 1 week ago

Congrats! I just pulled off the same thing last week using cloudflare tunneling? The phrase “reverse proxy” scared me too much lol. So props to you.

[–] kratoz29@lemm.ee 2 points 1 week ago (7 children)

Tailscale?

Is this setup advisable for the CGNATED environment?

load more comments (7 replies)
[–] kat@orbi.camp 2 points 1 week ago* (last edited 1 week ago)

Just be sure to read up on network security and set yourself up for success! Even tunnels can still be an attack surface. Always keep everything up to date! And plan for the worst case.

[–] N0x0n@lemmy.ml 2 points 1 week ago

I know that feeling ! My first service hosted via docker + Treafik outside my lan with a wireguard tunnel felt like a big dopamine hit ! Congrats !

Now I have over 20 services and It feels trivial :( I still love the easy to read/write syntax of Treafik ,however I feel like I'm missing a lot of important networking knowledge while avoiding Nginx !

Maybe one day when I'm too bored I will switch everything to Nginx, see how it goes !

[–] ZebraGoose@sh.itjust.works 2 points 1 week ago

Nice work! 😎

[–] SidewaysHighways@lemmy.world 2 points 1 week ago

me too like last week!!! yay us!!

haven't gotten oauth going yet but soon

[–] couch1potato@lemmy.dbzer0.com 2 points 1 week ago

I just got this set up last week too. Same setup with caddy on a free oracle vps, tailscale on vps and home pfsense router, tailscale on pfsense advertising routes (private IPs of my docker hosted services).

CGNAT sucks 🤮

[–] 4am@lemm.ee 1 points 1 week ago* (last edited 1 week ago) (1 children)

Quick, now lean a firewall with a good IDS

and fail2ban

[–] jagged_circle@feddit.nl 1 points 1 week ago* (last edited 1 week ago)

I prefer wazuh. Much more powerful and preconfigured with tons of rules

[–] Overshoot2648@lemm.ee 1 points 1 week ago (2 children)

I've been wanting do something similar, but with Authentik. Does anyone know a good guide on this?

[–] renegadespork@lemmy.jelliefrontier.net 2 points 1 week ago

Yes! Authentik is a great self-hosted OAuth platform. They actually publish integration guides in their documentation.
Integrate with Immich

[–] WhyAUsername_1@lemmy.world 1 points 1 week ago

There is an official guide by Authentik on how to integrate with Immich. There is an official guide by Immich on how to integrate with Authentik.

load more comments
view more: ‹ prev next ›