mirror of
https://github.com/alangrainger/immich-public-proxy.git
synced 2024-12-29 12:21:57 +00:00
Update README.md
This commit is contained in:
parent
f3e4078e41
commit
09c572db0f
1 changed files with 2 additions and 2 deletions
|
@ -20,9 +20,9 @@ It exposes no ports, allows no incoming data, and has no API to exploit.
|
||||||
### Why not simply put Immich behind a reverse proxy and only expose the `/share/` path to the public?
|
### Why not simply put Immich behind a reverse proxy and only expose the `/share/` path to the public?
|
||||||
|
|
||||||
To view a shared album in Immich, you need access to the `/api/` path. If you're sharing a gallery with the public, you need
|
To view a shared album in Immich, you need access to the `/api/` path. If you're sharing a gallery with the public, you need
|
||||||
to make that path public. Any existing or future vulnerabilities could compromise your Immich instance.
|
to make that path public. Any existing or future vulnerability has the potential to compromise your Immich instance.
|
||||||
|
|
||||||
The ideal setup is to have Immich secured privately behind VPN or mTLS, and only allow public access to Immich Public Proxy.
|
For me, the ideal setup is to have Immich secured privately behind mTLS or VPN, and only allow public access to Immich Public Proxy.
|
||||||
|
|
||||||
Here is an example setup for [securing Immich behind mTLS](./docs/securing-immich-with-mtls.md).
|
Here is an example setup for [securing Immich behind mTLS](./docs/securing-immich-with-mtls.md).
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue