I have self hosted immich on Debian on my homelab. I have also setup tailscale to be able to access it outside my home.
Sometime ago, I was able to purchase a domain of my choice from GoDaddy. While I am used to hosting stuff on Linux, I’ve never exposed it for access publicly. I want to do that now.
Is it something I can do within tailscale or do I need to setup something like cloudflare? What should I be searching for to learn and implement? What precautions to take? I would like to keep the tailscale thing too.
PS: I would like to host immich as a subdomain like photos.mydomain.com.
Thanks!
You use a reverse proxy. Configure your DNS (GoDaddy in this case) to forward requests to your domain to your WAN IP. Set up port forwarding on your router to send HTTPS requests to your server, then the reverse proxy processes the request and directs it to the proper container.
This is honestly the most confusing and complicated part of self-hosting.
It’s also all made very simple using Yunohost.
Also please move away from GoDaddy as soon as possible. Popular alternatives would be NameCheap or Porkbun.
I agree! It took me years to finally decide to buckle down and wrap my head around what a “reverse proxy” is. Once I figured it out things became so much more usable and fun.
Combined with DNS redirects in my LAN (to get around NAT loopback), things are very easy to use.
I have used reverse proxy in office setup where my local IP was NATed to a dedicated public IP. But in my home lab, I don’t have a dedicated public IP. So, i need to figure a way around that.
I’ve set up several instances in circumstances like yours. The easiest way is to create a duckdns domain for yourself, and install their updater on one of your systems, to keep your external IP up to date with their DNS-Servers. Then you can use a DNS-Provider of your choice (I use Cloudflare) to create a “CNAME” DNS Record, that basically just tells a browser to redirect from your domain to the IP Address of the duckdns domain. That way you can have an automatically updating public IP behind your domain name. Then you “just” have to set up a reverse proxy (I use Nginx Proxy Manager, but there are newer and easier alternatives), and create the correct port forwarding rules in your router/firewall, and you should be good to go