Biao J.'s Online Portfolio

Family Photos Web: Private Photo Sharing with Cloud Run and Local Tunnels

December 19, 2025 ◦ 3 min ◦

Purpose

Family Photos Web is a private photo-sharing solution designed for small, trusted circles. The goal is to share family albums securely with minimal friction, while remaining fast and reachable across regions — especially for users behind the Great Firewall in China.

Instead of relying on social platforms or heavy SaaS tools, this project focuses on direct sharing, predictable performance, and full control over data and access.

Architecture Overview

The system combines a cloud-hosted service with local sharing via secure tunnels:

  • A lightweight backend service runs on Google Cloud Run
  • Photos are stored privately in Google Cloud Storage (GCS)
  • Access can be provided either via a public endpoint or through cloudflared tunnels from a local host
  • Cloudflare is used for DNS, TLS termination, and global edge routing

This hybrid setup allows flexible deployment: fully cloud-hosted when needed, or locally hosted with global access when speed or locality matters.

Architecture diagram

Request Flow

Cloud-hosted mode

  1. User Browser

    • Users access the site through a standard web browser.

  2. Cloudflare Edge

    • DNS and TLS are handled by Cloudflare.
    • Traffic is routed through Cloudflare’s global network.

  3. Cloud Run Service

    • A stateless backend handles authentication, album listing, and access checks.
    • Business logic remains minimal and easy to scale.

  4. Google Cloud Storage

    • Photos are stored as private objects in GCS.
    • Media is fetched only after authorization succeeds.

Local-host sharing mode (cloudflared)

  1. Local Host

    • The service runs locally on a home or personal machine.
    • Albums can be updated or managed without cloud deployment.

  2. cloudflared Tunnel

    • cloudflared exposes the local service securely to the internet.
    • No inbound ports or public IPs are required.

  3. Remote Users

    • Family members access the site through the tunnel endpoint.
    • This path often provides lower latency and better reachability for users in restricted networks.

Technology Stack

  • Google Cloud Run — stateless backend service
  • Google Cloud Storage (GCS) — private photo storage
  • cloudflared — secure tunneling for local hosting and sharing
  • Cloudflare DNS & TLS — domain management and HTTPS

Why This Architecture Works Well

  • Flexible deployment

    • Switch between cloud-hosted and local-hosted modes without changing clients.

  • Improved performance for international access

    • cloudflared tunnels often perform better than traditional cloud endpoints for users behind restrictive firewalls.

  • Privacy-first

    • Photos remain under direct control and are never published to public platforms.

  • Low operational overhead

    • Cloud Run scales automatically.
    • No VM management or persistent servers.

  • Cost-efficient

    • Pay only for actual usage.
    • Local hosting avoids unnecessary cloud egress when possible.

Notes

This project favors simplicity and control over feature completeness. By combining Cloud Run for scalable cloud access with cloudflared for fast local sharing, it provides a practical solution for private, international family photo sharing without introducing unnecessary complexity or vendor lock-in.