Just exposed Immich via a remote and reverse proxy using Caddy and tailscale tunnel. I’m securing Immich using OAuth.
I don’t have very nerdy friends so not many people appreciate this.
Just exposed Immich via a remote and reverse proxy using Caddy and tailscale tunnel. I’m securing Immich using OAuth.
I don’t have very nerdy friends so not many people appreciate this.
Tailscale?
Is this setup advisable for the CGNATED environment?
This is necessary for CGNat ISPs. That or cloudflared or ngrok or the like. Because you aren’t really routable on a CGNAT address.
In a nutshell, CGNAT users must spend money for something that people with IPv4 addresses can do for free 😔
We wouldn’t be in this mess if we switched to ipv6, but nOoOooOo… we can’t possibly do that…
Actually my ISP supports IPv6 (it is very erratic though) so I can access some of my services outside through it without using VPNs (only using a reverse proxy for the 443 port), but still is very annoying when I want to use them with IPv4 only networks, such as my carrier mobile data, I suffer from this especially when wanting to use Plex.
Lack of routability is a feature for ISPs, not a bug.
You will need a VPS as your other endpoint
Ah, I figured… I used to do this with Wireguard instead of Tailscale.