You could look into mutual TLS / mTLS to protect your instance. You will need to set this up using a reverse proxy at your server (like Caddy) and then add a client certificate to your user devices. If you use the Immich app, I think it also supports adding this certificate under Settings -> Advanced -> SSL Client Certificate. Here you can find a tutorial on how to set it up: https://www.apalrd.net/posts/2024/network_mtls/

(Edit: you will need to ensure that all clients who want to receive your shared photos have a client certificate installed, so depending on the number of clients this might be okay or less useful)

Immich: https://github.com/immich-app/immich

Wiki.js is pretty simple and the solution I settled for after testing multiple options. Other examples can be found here: awesome-selfhosted

I’m using this since last week and it works great so far. I only have one issue where some photos in my timeline are incorrectly placed at a wrong date, but this is a known issue and should be fixed soon.

It is in the diagram I think: “Excalidraw”

Also never heard of it and always nice to find new FOSS.