Immich is an amazing piece of software, but because it holds such personal data I have only ever felt comfortable accessing it via VPN or mTLS. This meant that I could never share any photos, which had been really bugging me.

So I built a self-hosted app, Immich Public Proxy, which allows you to share individual files or full galleries to the public without ever exposing your Immich instance. This uses Immich’s existing sharing functionality, so other than the initial configuration everything else is handled within Immich.

Why not just expose Immich publicly with Traefik / Caddy / etc?

To share from Immich, you need to allow public access to your /api/ path, which opens you up to potential vulnerabilities. It’s up to you whether you are comfortable with that in your threat model.

This proxy provides a barrier of security between the public and Immich. It doesn’t forward traffic to Immich, it validates incoming requests and responds only to valid requests without needing privileged access to Immich.

Demo

You can see a live demo here, which is serving a gallery straight out of my own Immich instance.

Features

  • Supports sharing photos and videos.
  • Supports password-protected shares.
  • Creating and managing shares happens through Immich as normal, so there’s no change to your workflow.

Install

Setup takes about 30 seconds:

  1. Take a copy of the docker-compose.yml file and change the address for your Immich instance.

  2. Start the container: docker-compose up -d

  3. Set the “External domain” in your Immich Server Settings to be whatever domain you use to publicly serve Immich Public Proxy. Now whenever you share an image or gallery through Immich, it will automatically create the correct public path for you.

For more detail on the steps, see the docs on Github.

  • Lemongrab
    link
    fedilink
    English
    arrow-up
    8
    ·
    22 days ago

    And? It lowers the attack surface of Immich. Attack surface is about the surface, whatever an attacker can use to get leverage. This acts as an intermediate between Immich and a public viewer, controlling how a threat actor can access a private Immich server. It helps reduce external attack surface while increasing overall system complexity. Since the project is small, it is easy to audit the code.

    • atzanteol@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      22 days ago

      It’s some rando’s project that has existed for “nearly a month”, has no community, is unlikely to have any rapid response to any issues, and probably won’t be supported for more than a year.

      But sure - go ahead and run it for “security purposes”.

      You can “reduce surface area” by simply putting in place nginx or apache (real supported software) and blacklisting the endpoints you don’t like.

      • Lemongrab
        link
        fedilink
        English
        arrow-up
        1
        ·
        21 days ago

        I like to judge software based on its actually merit and not on the theoretical possibility it is vulnerable. It very well could be vulnerable, but without auditing it we are just speculating, which in the real world means nothing. Every project starts somewhere, without community, followers, and “5 years of support”. I am not saying I would trust this software in a security critical situation, just that your speculation means nothing.

        • atzanteol@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          21 days ago

          I like to judge software based on its actually merit and not on the theoretical possibility it is vulnerable

          This is literally the entire justification for the project. It’s assuming theoretical vulnerabilities in Immich.

          I am not saying I would trust this software in a security critical situation

          Which is the point of this software (security critical situation).

          just that your speculation means nothing

          This project has zero community support. That’s not speculative, it’s a fact. “Every project starts somewhere” is just a tautology that means nothing. Every project that fails starts somewhere.

          • alan@feddit.orgOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            21 days ago

            It’s assuming theoretical vulnerabilities in Immich.

            It’s all about the risk matrix. The theoretical likelihood of a vulnerability in Immich might be low, but the severity of that risk is catastrophic in terms of personal data leaking.

            The likelihood of a risk in this proxy might be medium or even high according to you, but the severity is low. It doesn’t have access to any of your personal data. All it does is talk to Immich via Immich’s public sharing API.

            This project has zero community support.

            One of the contributors to this project is bo0tzz, who is one of the maintainers of Immich.

            • atzanteol@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              21 days ago

              The likelihood of a risk in this proxy might be medium or even high according to you

              It might be zero. It’s “unknown” (according to me I guess).

              I’ve dug into the code a bit out of curiosity - it seems to me that “proxy” is a misnomer. It’s a stripped-down “view” layer built on top of the API. But has the same endpoints as the main immich app for shared things so that you can create links that work with it so it kinda looks like a proxy. But it’s just a “simplified public view” of sorts.

              Meh.