It’s not good because immich doesn’t support chunked uploads yet, so you couldn’t upload anything bigger than 100mb (or 500 mb with a pro plan for $240/year)
From desktop browser it appears you can upload files bigger than that but it’s because they’re cheating cloudflare by saying in the header “file size unknown yet”, then it sends a file bigger than the limit. Cloudflare is nice and doesn’t cut the communication once past the limit… yet.
There are some things you could do relatively easily to have more peace of mind.
With Cloudflare Tunnel you’re at least only allowing port 80/443 to hit your server already. You could consider also configuring Cloudflare to block countries outside your own to limit exposure.
You’d definitely want to have SSL configured for your site, or better yet, have it (and your other services) run behind a proxy that supports SSL.
It is also typically pretty easy to implement fail2ban so that you can limit brute force attempts to login on any of your exposed services.
I guess lastly make sure you’ve got backups elsewhere of these photos and videos.
They probably meant that through the tunnel you can get to one of these ports, because the HTTP requests are forwarded there. Should only work for HTTP(S) though
Yeah, exactly. That’s what I was trying to convey with that comment as well. The only thing necessarily exposed is whatever you’re running on the only port(s) that the tunnel uses.
So i am seeing that for uploading files, a VPN is a better option. But for simple viewing of photos, there shouldn’t be any issues using the tunnel right?
I setup the VPN tunnel. It’s a toggle switch on my phone that allows me to access my network as if I was home. It’s free (using wireguard app), and way more secure, as my phone is the only device allowed to access it.
Downside is that I need to add devices manually if I wanted, but upside is that it’s super secure and not directly open to the web via domain.
Thanks! I didn’t realize how dead simple, and free, it was to use the WireGuard app on Android and built in Unraid VPN settings to create a VPN tunnel.
It took me 2 minutes and it’s a simple toggle to access my photos as if I was at home. Incredible!
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
[Thread #81 for this sub, first seen 25th Aug 2023, 22:55] [FAQ] [Full list] [Contact] [Source code]
It’s not good because immich doesn’t support chunked uploads yet, so you couldn’t upload anything bigger than 100mb (or 500 mb with a pro plan for $240/year)
From desktop browser it appears you can upload files bigger than that but it’s because they’re cheating cloudflare by saying in the header “file size unknown yet”, then it sends a file bigger than the limit. Cloudflare is nice and doesn’t cut the communication once past the limit… yet.
That workaround has been implemented for mobile clients too https://github.com/immich-app/immich/pull/2101
Ah I remembered in the opposite way
Mobile can edit the header and pretend it’s a smaller upload, web browser upload can’t do that instead and it’s still limited to 100mb
There are some things you could do relatively easily to have more peace of mind.
With Cloudflare Tunnel you’re at least only allowing port 80/443 to hit your server already. You could consider also configuring Cloudflare to block countries outside your own to limit exposure.
You’d definitely want to have SSL configured for your site, or better yet, have it (and your other services) run behind a proxy that supports SSL.
It is also typically pretty easy to implement fail2ban so that you can limit brute force attempts to login on any of your exposed services.
I guess lastly make sure you’ve got backups elsewhere of these photos and videos.
In my experienc, using cloudflare tunnel, I don’t even open 80/443. That’s the beauty of the tunnel - no open ports (except 22 for ssh).
I wouldn’t even open 22 and would switch that out for a 1024+ port
They probably meant that through the tunnel you can get to one of these ports, because the HTTP requests are forwarded there. Should only work for HTTP(S) though
Yeah, exactly. That’s what I was trying to convey with that comment as well. The only thing necessarily exposed is whatever you’re running on the only port(s) that the tunnel uses.
So i am seeing that for uploading files, a VPN is a better option. But for simple viewing of photos, there shouldn’t be any issues using the tunnel right?
I setup the VPN tunnel. It’s a toggle switch on my phone that allows me to access my network as if I was home. It’s free (using wireguard app), and way more secure, as my phone is the only device allowed to access it.
Downside is that I need to add devices manually if I wanted, but upside is that it’s super secure and not directly open to the web via domain.
A cloudflare tunnel would be good enough but a VPN would probably be a better idea.
Is there an easy way to host a website from a VPN? Wouldn’t I have to fiddle with ports and such instead of just using 80 and 443?
No, the VPN will come in on its own port number but then all the traffic goes through the tunnel on normal ports.
Ah ok
This is the way.
Thanks! I didn’t realize how dead simple, and free, it was to use the WireGuard app on Android and built in Unraid VPN settings to create a VPN tunnel.
It took me 2 minutes and it’s a simple toggle to access my photos as if I was at home. Incredible!
Unless tons of people are accessing your pictures, I’d recommend Tailscale instead.