Skip Navigation

How to setup E2E Encryption for Immich Remote Access with Cloudflare Tunnel

I'm sure I'll find the answer to my question here. It's been asked a few times, but there hasn't been a definitive answer. Everywhere, something else is said (#).

I want to set up remote access to Immich (a Docker image hosting service) using Cloudflare Tunnel. The problem is that by default, Cloudflare can see all the data that goes through the tunnel. To do this, I want to use TLS with self-signed certificates through Let's Encrypt.

In this way, I can keep the data fully encrypted between the client and the server, in the following way:

client-->tls-->tunnel-->tls-->server. Then all traffic going through the tunnel would not be viewable.

Is this configuration really possible so that Cloudflare won't be able to see my data? How can I make this entire configuration work at its best?

2
2 comments