So far, my self-hosting has been limited to Pi-Hole, and a static website. I now want to try out something new, an Immich server.
I have a static IP from my ISP, so I don’t need to rent out a VPS. However, given that this IS a home internet, I want to be extra sure that it is going to be secure.
In my existing website, I use Fail2Ban + BadBotBlocker + Anubis + Nginx rate limits to protect it from scrapers, bots and malicious users, and it works well. With photos (especially family photos) at stake, I just want to know more on how to protect my server.
Add: thanks for the helpful replies. I will be sharing the photos with family, many of whom live abroad.
The Immich app (at least on Android) supports mTLS client certificates, I use that for my instance.
It supports it on the iOS client as well but last time I tried it would always lose the mTLS setting on its own after a while. I had to resort to the other method they offer, secret key in a custom HTTP header.