I have setup CloudFlared Tunnel on my unraid server. I am currently using it to host a few websites.

I want to open Immich up to the web, so I can view my photos and videos away from home, as well as upload photos to my server. Is CloudFlared Tunnel good enough as long as I have good Immich login credentials?

Thanks!

  • starcrossed_hero@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    There are some things you could do relatively easily to have more peace of mind.

    With Cloudflare Tunnel you’re at least only allowing port 80/443 to hit your server already. You could consider also configuring Cloudflare to block countries outside your own to limit exposure.

    You’d definitely want to have SSL configured for your site, or better yet, have it (and your other services) run behind a proxy that supports SSL.

    It is also typically pretty easy to implement fail2ban so that you can limit brute force attempts to login on any of your exposed services.

    I guess lastly make sure you’ve got backups elsewhere of these photos and videos.

    • ohmesocorny@discuss.online
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      In my experienc, using cloudflare tunnel, I don’t even open 80/443. That’s the beauty of the tunnel - no open ports (except 22 for ssh).

      • Chaphasilor [he/him]@feddit.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        They probably meant that through the tunnel you can get to one of these ports, because the HTTP requests are forwarded there. Should only work for HTTP(S) though

      • starcrossed_hero@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Yeah, exactly. That’s what I was trying to convey with that comment as well. The only thing necessarily exposed is whatever you’re running on the only port(s) that the tunnel uses.