Are there any side effects of leaving Immich public? I think people overestimate the risks. Just update your stuff regularly, follow simple rules, and set up something like CrowdSec. I know it's simpler to just use Tailscale and similar tools, but recently I see the trend that people don't even consider otherwise.
I'd throw it behind Wireguard, personally. Belt and suspenders.
(I keep meaning to look at it and keep kicking it down the road.)
That's what I do. I have Wireguard connected on my iPhone at all times.
LLMs became so good that I don't trust a codebase like Immich to have ports to my server exposed publicly.
I put everything behind Wireguard to limit the number of lines of code that might bring down my setup.
> Are there any side effects of leaving Immich public ?
Yes: it is necessary to share selected albums through public URL.
There is a project, which proxies album requests to a private immich instance, if one doesn't want to expose it: https://github.com/alangrainger/immich-public-proxy