The End of my Exposed Host Experiment
For months I have been hosting Immich, Photoprism and AudioBookShelf and the experiment has been a success. It has been stable and reliable so far and I did not detect anyone accessing my server without permission.
I had these services as Exposed Host via the Swisscom router DMZ setting. it was easy to setup and run with no issues for the duration of the experiment. I closed the DMZ because no one but me was accessing these services after five to six months but me. Keeping services exposed for, me, alone, to use them, is not necessary.
I closed the DMZ route, but then set up the services to be accessed via tailscale and when I saw that this was working well I had no reason to reopen the DMZ.
The Difference Between the DMZ and Tailscale
With the DMZ the server was accessible by anyone with the URL. This means that if there was a vulnerability that I did not patch in time, then it could be exploited and people would gain access to the server.
By closing the DMZ route and using Tailscale I have the same services available via the Tailscale VPN. This means that I, and people I authorise can access the services but no one else. In so doing this the services are more secure.
Easy Transition
This time the transition from one URL to an IP address was quick and smooth. It took a few seconds whereas in the past it sometimes took more than a few minutes.
What’s Next
The next experiment could be to host my current website, ClassicPress or WordPress and see whether that is as stable and as responsive. I need to think about what to do next. If I do self-host my site I will have more storage available for sharing photos.