Hi everyone,
I’m trying to set up a public reverse proxy for my local Immich server using HestiaCP and a registered domain (immich.domain.de). The goal is to make Immich accessible through the internet, securely and via HTTPS, without exposing my home IP directly (it’s routed via a WireGuard VPN to a VPS with public IP).
Here’s what I’ve done so far:
I added the domain immich.domain.de via the HestiaCP web interface.
SSL with Let’s Encrypt is active and working. When I visit the domain, I see the default Hestia “We are working on it” page.
I created a custom NGINX template (immich.tpl and immich.stpl) under /usr/local/hestia/data/templates/web/nginx/
Permissions and file names are correct (644 with root:root)
I reloaded NGINX (nginx -t && systemctl reload nginx)
However, the custom template does not appear in the dropdown list under “Web Template” when editing the domain via the HestiaCP interface.
I also ran:
v-rebuild-web-domain immich.domain.de
But the template still isn’t selectable.
What I want to achieve:
I want to use HestiaCP as a reverse proxy, forwarding traffic from:
https://immich.domain.de
→ via NGINX → http://192.168.178.173:2283 (Immich on my home network via VPN)
But I can’t select my custom immich template in the UI.
What am I missing or doing wrong?
Is there an additional step needed to register a new NGINX template so it appears in the dropdown menu?
Thanks in advance!
Additionally, I’m also concerned about security. Since my main goal is to share photo albums with friends and family, I’d like to prevent unauthorized access to the Immich interface. Ideally, I would like to place an extra layer of protection in front of it – for example, using HTTP Basic Authentication (.htaccess equivalent for NGINX) or another method to enforce a login before the reverse proxy forwards requests to Immich. I’m open to recommendations on how to best secure this setup while still making it easy to share albums with trusted people.
Awesome!