docudjeex/content/3.serveex/6.cloud/1.immich.md

---
navigation: true
title: Immich
main:
  fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Immich

::alert{type="info"}
🎯 __Goals:__ Install [Immich](https://immich.app/docs/overview/introduction) to manage your photos across all your devices.
::

[Immich](https://immich.app/docs/overview/introduction) is a self-hosted photo and video management solution that replaces cloud services like Google Photos or iCloud. It offers powerful features like face recognition and geolocation.

![Picture](/img/serveex/immich.png)

## Installation
---
Folder structure

```sh
root
└── docker
    └── immich
        ├── library
        ├── compose.yaml
        └── .env
```

Open Dockge, click on `compose`, name the stack `immich`, then copy and paste the latest `docker-compose.yml` [published here](https://github.com/immich-app/immich/blob/main/docker/docker-compose.yml).

::alert{type="warning"}
:::list{type="warning"}
- __Warning__: Do not add the Watchtower label to the Immich stack. Immich evolves rapidly, and automatic updates may break your installation.
:::
::

Configure the `.env` file by copying the latest version [from here](https://github.com/immich-app/immich/blob/main/docker/example.env) and follow the comments in the file.

::alert{type="info"}
:::list{type="info"}
- If you're using a NAS or a network-shared drive via [Samba](/general/networking/samba/) to store your data, replace the value of `UPLOAD_LOCATION`{lang=properties} with the path to your shared folder.
:::
::

::alert{type="success"}
✨ __Tip:__ If your CPU/iGPU/GPU supports it, Immich can use hardware acceleration for video playback and image recognition. This can triple performance. Learn more about [Transcoding](https://immich.app/docs/features/hardware-transcoding/) and [Machine Learning](https://immich.app/docs/features/ml-hardware-acceleration).
::

Deploy the container.

You're done! You can connect and follow the setup instructions at `http://yourserverip:2283`.

## Exposing Immich with SWAG
---
The main benefit of this setup is being able to access Immich remotely on all your devices. We'll expose Immich using SWAG.

::alert{type="info"}
📋 __Before you begin:__ 
<br/><br/>
We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/networking/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/networking/nat).
::

In Dockge, open the SWAG stack and edit the compose file to add Immich's network:

```yaml
services:
  swag:
     container_name: # ...
      # ... 
     networks:            # Connects the container to the custom network 
      # ...           
      - immich            # Network name defined in the stack
    
networks:                 # Defines the custom network
  # ...
  immich:                 # Network name defined in the stack
    name: immich_default  # Actual external network name
    external: true        # Indicates it's an external network
```

::alert{type="info"}
:::list{type="info"}
- We're assuming Immich's network is named `immich_default`. You can check connectivity by visiting the SWAG dashboard at http://yourserverip:81.
:::
::

Restart the stack by clicking "deploy" and wait for SWAG to fully initialize.

In the SWAG folders, create a file named `immich.subdomain.conf`.

::alert{type="success"}
:::list{type="success"}
- __Tip:__ You can use [File Browser](/serveex/files/file-browser) to navigate and edit your files instead of using terminal commands.
:::
::

```sh
sudo vi /docker/swag/config/nginx/proxy-confs/immich.subdomain.conf
```
Press `i` to enter insert mode, then paste the following configuration:

```nginx
## Version 2023/12/19

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name immich.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    #if ($lan-ip = yes) { set $geo-whitelist yes; }
    #if ($geo-whitelist = no) { return 404; }
    if ($geo-blacklist = no) { return 404; }

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app immich_server;
        set $upstream_port 3001;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }

    location ~ (/immich)?/api {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app immich_server;
        set $upstream_port 3001;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}
```

Press `Esc`, type `:x`, then hit `Enter` to save and exit.

That's it! Immich is now accessible from the internet. Don’t forget to install the [iOS](https://apps.apple.com/us/app/immich/id1613945652) / [Android](https://play.google.com/store/apps/details?id=app.alextran.immich) apps to sync your devices.

::alert{type="success"}
✨ __Tip:__ You can protect this app with Authentik natively by [following these instructions](https://docs.goauthentik.io/integrations/services/immich/).
::