I used to self host umami for a while from my own computer. I just left the whole thing accessible, behind Cloudflare. But you can use a proxy to forward only the routes you need.
Let me tell you how I'd do it.
First off, umami is often blocked by ad blockers, based on the path, but luckily, you can change that.
I just checked my old umami installation, and saw that I set two environment variables: TRACKER_SCRIPT_NAME and COLLECT_API_ENDPOINT. These will determine the routes you need to be public.
Whatever values you choose for those, I wouldn't recommend anything including umami, track, or analytics. Those will likely get blocked. I'd recommend something innocuous like fred.
For example, let's say your umami domain is logs.example.com, and you set those two values to log_visits and /api/log, you would need these two routes publicly accessible: logs.example.com/log_visits.js and logs.example.com/api/log. Any other route you can leave private.
How you do this depends on the proxy you use. I use caddy, so I would create a Caddyfile like this:
logs.example.com { @js { method GET path /log_visits.js } @api { method POST path /api/log } handle @js { reverse_proxy localhost:3000 } handle @api { reverse_proxy localhost:3000 } handle * { close } }
I think that will properly forward requests to your js route and your api route and drop all others. From the same computer, you can still go to localhost:3000 to get to the admin screen. Or somewhere else on your home network with the 192.168 address.
I haven't used umami in a while, so some things may have changed, but that should be the basic idea.
You'll also need a domain name with an automatic DNS updater. I use no-ip.com for that. You can get free subdomains that update when your IP address updates. And you'll need to forward ports on your router to your computer. Ports 80 and 443 should be fine, but don't forward port 3000.
