So far, my self-hosting has been limited to Pi-Hole, and a static website. I now want to try out something new, an Immich server.
I have a static IP from my ISP, so I don’t need to rent out a VPS. However, given that this IS a home internet, I want to be extra sure that it is going to be secure.
In my existing website, I use Fail2Ban + BadBotBlocker + Anubis + Nginx rate limits to protect it from scrapers, bots and malicious users, and it works well. With photos (especially family photos) at stake, I just want to know more on how to protect my server.
Add: thanks for the helpful replies. I will be sharing the photos with family, many of whom live abroad.
Put it behind Tailscale/Headscale/Netbird/etc. VPN connection and don’t think about it.
In addition to this. If going tailscale at least, add the pi-hole as the DNS server. Now you have pi-hole on the go as well.
This. You can sync your photos when you’re connected to your home wifi or via tailscale/vpn. You can look at your photos either via vpn or at home in your own network. There is little need for opening it up to the Internet.
@avidamoeba @Maroon
I use wireguard. But yes.
In my case there is no need to have my services public reachable.
All family member have a wireguars client on their phone rethink or wgtunnel.
That way also their internet connection goes completely through my router and also the add blocker.