AllibragiThe Immich app for Android has been updated and the connection to my instance broke. You don’t like self-signed certificates, I get that. But I don’t like opening my homelab up to "the Internet". I’ve had to open the ports on my router, generate the certificate with Let’s Encrypt, close the ports, and add a local DNS record in the Pi-hole. It’s a hassle for my use case. Does anyone have a better idea? #immich #ssl #letsencrypt
dominik@allibragi I've set up an internal reverse proxy (caddy) that gets a Let's Encrypt certificate for all my internal services. (Without opening any ports on the router.) To do this, I used these instructions from Vaultwarden:
It seems like a bit of a hassle at first, but once the domain and Caddy are set up, you can get a valid certificate for your service(s) in seconds.
