The idea is to disallow outside access from any of the immich containers.
This won't work if you're running e.g. the ML container on a
separate machine.
This adds a new proxy container that runs nginx to provide access from
outside to the immich web port and the postgres db port (for backups).
Then we set the pod network to "none" meaning that containers in the pod
only have the loopback interfaces. They can talk to each other, but not
to the outside world.
The outside world can access it through a systemd socket and the proxy.
The idea is to disallow outside access from any of the immich containers. This won't work if you're running e.g. the ML container on a separate machine.
This adds a new proxy container that runs nginx to provide access from outside to the immich web port and the postgres db port (for backups). Then we set the pod network to "none" meaning that containers in the pod only have the loopback interfaces. They can talk to each other, but not to the outside world.
The outside world can access it through a systemd socket and the proxy.