So far, my self-hosting has been limited to Pi-Hole, and a static website. I now want to try out something new, an Immich server.
I have a static IP from my ISP, so I don’t need to rent out a VPS. However, given that this IS a home internet, I want to be extra sure that it is going to be secure.
In my existing website, I use Fail2Ban + BadBotBlocker + Anubis + Nginx rate limits to protect it from scrapers, bots and malicious users, and it works well. With photos (especially family photos) at stake, I just want to know more on how to protect my server.
Add: thanks for the helpful replies. I will be sharing the photos with family, many of whom live abroad.
Put it behind Tailscale/Headscale/Netbird/etc. VPN connection and don’t think about it.
This. You can sync your photos when you’re connected to your home wifi or via tailscale/vpn. You can look at your photos either via vpn or at home in your own network. There is little need for opening it up to the Internet.
In addition to this. If going tailscale at least, add the pi-hole as the DNS server. Now you have pi-hole on the go as well.
@avidamoeba @Maroon
I use wireguard. But yes.
In my case there is no need to have my services public reachable.
All family member have a wireguars client on their phone rethink or wgtunnel.
That way also their internet connection goes completely through my router and also the add blocker.