- docker
- Posted By
Running immich in docker (with TLS/SSL)
Fed up with the notifications from google that your disk space is getting full? Then host your own photos.google.com, but it’s called immich (image, duh). You’ll need a machine with docker installed and plenty of disk space for what you want to save.
Now, apart from your photos you’ll need 3 files, .env and docker-compose.yml, and an empty file in ./data/vhosts with the name of the vhost in you want your immich site to be available on. This file will be used to tell Let’s Encrypt what the hostname is you want an SSL certificate for. I’ve mounted a disk specifically for storing my data on /var/store/immich.
Note that in the machine learning section, rocm is for Radeon.Check the original docker-compose.yml file for the name for NVidia.Just need 4 subdirectories in /var/store/immich:
mkdir -p /var/store/immich/library mkdir -p /var/store/immich/profile mkdir -p /var/store/immich/thumbs mkdir -p /var/store/immich/upload
Create a directory to hold your configuration (like /home/me/compose) and create 2 files, the first is .env (yes, the name starts with a ‘.’):
.env:
#You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables #The location where your uploaded files are stored UPLOAD_LOCATION=/var/store/immich/upload #The location where your database files are stored. Network shares are not supported for the database DB_DATA_LOCATION=./postgres #To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List TZ=CET #The Immich version to use. You can pin this to a specific version like "v2.4.0" IMMICH_VERSION=v2.4.0 DB_DATA_LOCATION=/var/lib/postgres/data # Connection secret for postgres. You should change it to a random password # Please use only the characters A-Za-z0-9, without special characters or spaces DB_PASSWORD=<the very secret password> IMMICH_PROCESS_INVALID_IMAGES=true IMMICH_TELEMETRY_INCLUDE=all #The values below this line do not need to be changed DB_USERNAME=postgres DB_DATABASE_NAME=immich
docker-compose.yml:
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
environment:
VIRTUAL_HOST: <vhost name>
VIRTUAL_PORT: 2283
LETSENCRYPT_HOST: <vhost name>
LETSENCRYPT_EMAIL: <admin email>
ports:
- "2283:2283"
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
networks:
- immich
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:commit-04898e4c653af9a31548a8002df9b4572cc4a4ae-rocm
devices:
- /dev/kfd
- /dev/dri
environment:
- MACHINE_LEARNING_DEVICE_IDS=0,1
- MACHINE_LEARNING_WORKERS=2
- MACHINE_LEARNING_ENABLE_ROCM=true
volumes:
- model-cache:/cache
- ${UPLOAD_LOCATION}:/usr/src/app/upload
restart: always
ports:
- 3003:3003
networks:
- immich
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:8-bookworm
healthcheck:
test: redis-cli ping || exit 1
restart: always
networks:
- immich
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: always
networks:
- immich
nginx-proxy:
image: nginxproxy/nginx-proxy:alpine
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./data/certs:/etc/nginx/certs:rw
- ./data/vhost:/etc/nginx/vhost.d
- ./data/html:/usr/share/nginx/html
networks:
- immich
letsencrypt:
image: nginxproxy/acme-companion
container_name: nginx-proxy-le
restart: unless-stopped
depends_on:
- nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/certs:/etc/nginx/certs:rw
- ./data/vhost:/etc/nginx/vhost.d
- ./data/html:/usr/share/nginx/html
- ./data/acme:/etc/acme.sh
environment:
DEFAULT_EMAIL: <admin email>
NGINX_PROXY_CONTAINER: nginx-proxy
networks:
- immich
networks:
immich:
driver: bridge
volumes:
model-cache:
run docker compose up -d and your immich server should be up & running. Connect to http://<serverip>:2283/