Astute readers and users of this software will note that when self-hosting access is naturally limited to whatever you've got on your personal, home network. While this is great, I'd like to still back my photos up to Immich when I'm out and about.
I use Cloudflare tunnels for access to other handy bits of software like The Hive (for digital forensics) and BookShelf (for documents etc). So setting up a Cloudflare tunnel for Immich seems like an easy thing to do. Except of course when it comes to authentication. You do not want to implement a tunnel without authentication and I really prefer to use Zero Trust wherever possible. I am a child of the X-Files after all, so trusting no-one is par for the course.
I found an excellent guide to help by Thomas Wilde on Youtube here: https://www.youtube.com/watch?v=J4vVYFVWu5Q and this really got the party started. Configuring the service token and getting it into the Immich app is quite straightforward and Thomas explains it well.
I then changed the app to sync as soon as the phone is plugged into power and voila! It all works brilliantly.
OK, so we've solved the external access trickiness, and that's great. Keeping up with the updates is a bit of a challenge - Immich is being *very* actively developed so there's frequent updates. I usually try to update the docker image about once a fortnight and that seems to be manageable cadence.
It's worked so well that I have now moved my wife and daughter's images across. My child takes many many photos so I'm working with her to understand that the crap ones really need to be deleted - I don't want gigabytes of crap everywhere.
And of course, I snapshot the server before upgrading via Proxmox and backup using my Proxmox backup server. A restore of my Immich server was quite successful after a poorly executed attempt to change some settings for another project - oops! Thankfully, it was quick and relatively straightforward to get back to where I was, with only 18 hours and no data lost.
I still recommend this excellent app - you will need to learn some docker and some general systems admin skills. I would not recommend opening it up to the world - and why would you when you can make use of Cloudflare tunnels, or failing that - Twingate which I discovered and have been playing a bit with - more on that later. Enjoy your computing!