6.0 KiB
navigation, title, main
| navigation | title | main | ||
|---|---|---|---|---|
| true | Immich |
|
:ellipsis{left=0px width=40rem top=10rem blur=140px}
Immich
::alert{type="info"} 🎯 Goals: Install Immich to manage your photos across all your devices. ::
Immich is a self-hosted photo and video management solution that replaces cloud services like Google Photos or iCloud. It offers powerful features like face recognition and geolocation.
Installation
Folder structure
root
└── docker
└── immich
├── library
├── compose.yaml
└── .env
Open Dockge, click on compose, name the stack immich, then copy and paste the latest docker-compose.yml published here.
::alert{type="warning"} :::list{type="warning"}
- Warning: Do not add the Watchtower label to the Immich stack. Immich evolves rapidly, and automatic updates may break your installation. ::: ::
Configure the .env file by copying the latest version from here and follow the comments in the file.
::alert{type="info"} :::list{type="info"}
- If you're using a NAS or a network-shared drive via Samba to store your data, replace the value of
UPLOAD_LOCATION{lang=properties} with the path to your shared folder. ::: ::
::alert{type="success"} ✨ Tip: If your CPU/iGPU/GPU supports it, Immich can use hardware acceleration for video playback and image recognition. This can triple performance. Learn more about Transcoding and Machine Learning. ::
Deploy the container.
You're done! You can connect and follow the setup instructions at http://yourserverip:2283.
Exposing Immich with SWAG
The main benefit of this setup is being able to access Immich remotely on all your devices. We'll expose Immich using SWAG.
::alert{type="info"}
📋 Before you begin:
We assume that you have a subdomain immich.yourdomain.com with a CNAME pointing to yourdomain.com in your DNS zone. Also, unless you're using Cloudflare Zero Trust, make sure port 443 on your router is forwarded to port 443 on your server via NAT rules.
::
In Dockge, open the SWAG stack and edit the compose file to add Immich's network:
services:
swag:
container_name: # ...
# ...
networks: # Connects the container to the custom network
# ...
- immich # Network name defined in the stack
networks: # Defines the custom network
# ...
immich: # Network name defined in the stack
name: immich_default # Actual external network name
external: true # Indicates it's an external network
::alert{type="info"} :::list{type="info"}
- We're assuming Immich's network is named
immich_default. You can check connectivity by visiting the SWAG dashboard at http://yourserverip:81. ::: ::
Restart the stack by clicking "deploy" and wait for SWAG to fully initialize.
In the SWAG folders, create a file named immich.subdomain.conf.
::alert{type="success"} :::list{type="success"}
- Tip: You can use File Browser to navigate and edit your files instead of using terminal commands. ::: ::
sudo vi /docker/swag/config/nginx/proxy-confs/immich.subdomain.conf
Press i to enter insert mode, then paste the following configuration:
## Version 2023/12/19
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name immich.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
#if ($lan-ip = yes) { set $geo-whitelist yes; }
#if ($geo-whitelist = no) { return 404; }
if ($geo-blacklist = no) { return 404; }
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app immich_server;
set $upstream_port 3001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/immich)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app immich_server;
set $upstream_port 3001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
Press Esc, type :x, then hit Enter to save and exit.
That's it! Immich is now accessible from the internet. Don’t forget to install the iOS / Android apps to sync your devices.
::alert{type="success"} ✨ Tip: You can protect this app with Authentik natively by following these instructions. ::