Expose Immich to the Internet

[bertmelis]

Whether Immich is stable or not, I wouldn't call it 'mature' yet. Are there any big watchouts before exposing Immich to the big bad Internet? Obviously I'd connect via TLS by an extra proxy or by directly modifying the nginx conf.

Any other things to consider?

[alextran1502]

It is designed to let this aspect to be managed the user. Immich is treated as an internal application, if you need to expose Immich, your TSL connection should be handle by an additional layer of your reverse proxy setup

Edited: currently there is no extra measures we are aware of on our part, since we are still focusing on developing features. I think once it reach a certain point, we will try to get some audit from security experts in the community

[bertmelis]

Understood.

TLS termination by an external proxy is trivial of course.