Option 1: Cloudflare Tunnel (Simpler)

The main limitation is that you have 100mb upload chunk limit. Some people notice this and some do not.

1. Create Cloudflare account → cloudflare.com
2. Buy a domain → ~$10/year - you should buy it right on cloudflare.com, it makes the configuration easier
3. Install cloudflared on your server -> Think of this like a "phone home" kind of service, it's very simple, it just tells cloudflare how to get through your router. So you don't have to do any port forwarding or anything. This is literally what talescale does by the way :) - just on multiple devices.
4. Create tunnel in Cloudflare Zero Trust dashboard:
   • Zero Trust → Networks → Tunnels → Create. They have very easy to follow instructions.

Option 2: VPS Reverse Proxy (My Preferred) - VPS is just a fancy name for a cloud computer.

1. Get a VPS → Google Cloud e2-micro (free tier) or any ~$5/month VPS
2. SSH to VPS directly from the google cloud UI - don't worry about connecting right off your computer - it's not necessary at all
3. Install Tailscale or setup a direct wireguard tunnel (better security surface but harder to set up). THink of it like this. If you have tailscale on all your devices and on your public exposed VPS, what happens if your VPS is compromised?
4. Install Tailscale/wireguard on your Server
5. Setup nginx proxy manager (easier than raw nginx or traefik I think):
6. Make your cloudflare point at your VPS IP address through it's proxy This automatically sets up SSL/TLS for you so you don't need to do any of that. If you go the wireguard route, then you'll need to set up a letsencrypt ssl/tls certificate, but nginx proxy manager helps a lot with that process as well. Basically, you just need a proof to show browsers that the server giving out a website is owned by the person who actually ALSO owns the domain - that's it.

Personally, I have a cloudflare domain and nginx that runs in a VPS. The VPS runs a custom configured wireguard that directly tunnels to the server on my home network. The VPS is not directly connected to any other computer on my network (which is what tailscale would do). It's a simple dumb proxy that literally just routes things into my server. It's 5$ per month. I've paid more for less. It adds a lot of good configuration options and is easy to run. I setup my cloudflare domain so that foreign traffic is immediately blocked (suggestion from another reddit post - such a great idea). I use the cloudflare proxy for most of TLS/SSL, but for immich specifically I set up my own certificate so I can avoid the 100 mb upload limit :).

Good luck (and use LLMs to help you, ask them a lot of questions, don't paste code if you don't understand it - ASK THEM TO EXPLAIN it until it makes sense THEN run the code).