Hi fellow self-hoster.
Almost one year ago i did experiment with Immich and found, at the time, that it was not up to pair to what i was expecting from it. Basically my use case was slightly different from the Immich user experience.
After all this time i decided to give it another go and i am amazed! It has grown a lot, it now has all the features i need and where lacking at the time.
So, in just a few hours i set it up and configured my external libraries, backup, storage template and OIDC authentication with authelia. All works.
Great kudos to the devs which are doing an amazing work.
I have documented all the steps of the process with the link on top of this post, hope it can be useful for someone.
Well, I’d just go for a reverse proxy I guess. If you are lazy, just expose it as an ip without any dns. For working DNS, you can just add a public A-record for the local IP of the Pi. For certs, you can’t rely on the default http-method that letsencrypt use, you’ll need to do it via DNS or wildcards or something.
But the thing is, as your traffic is on a VPN, you can fuck up DNS and TLS and Auth all you want without getting pwnd.