Okay, I've got a question to anyone who is a more experienced #sysadmin or #selfhoster than me: I'm currently self-hosting Umami as a fun side project for website analytics. I embed a snippet of JS in my personal website, this makes a request to an endpoint of my instance of Umami which therefore needs to be publicly accessible.

Umami also exposes a web interface where I can look at all the statistics and whatnot but since it's the same service, it's also open to the internet. I'd rather not expose the web interface (with a login page) to the internet, if I can avoid it.

Does anyone have an idea of something clever than I can do to mitigate this? I don't have a stable public IP address so IP allowlisting doesn't seem to be an option.

#askfedi #askmastodon #askgotosocial #askAbsolutelyEveryone

P.S.: If I'm being totally stupid and there's an obvious solution, please don't hesitate to tell me, I'd really like to be wrong here.