Installing Immich Docker container on QNAP
Immich is by far the best self-hosted alternative to Google Photos. To install Immich, we will use a docker compose file that will create 4 containers: Immich server, Immich Machine Learning, DB server, as well as a Cache server.
The absolute path in the Docker compose file assumes that the containers are installed under /share/Docker directory. Adjust this accordingly. Backup is done using a Synology NAS and Active Backup for Business software.
Installation:
To install Immich, create an application in Qnap Container Station, then paste the following code:
version: "3" services: # Container #1 - Application Server immich-server: container_name: Immich-Server image: ghcr.io/immich-app/immich-server:release # extends: # file: hwaccel.transcoding.yml # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding volumes: # NAS | CONTAINER # Replace the left side (Left:Right) with your path to the Uploads folder in the NAS - /share/Docker/Data/Immich/Uploads:/usr/src/app/upload # Uncomment if you prefer to pass your own configuration file. This will mount the config folder to the container. # Replace the left side (Left:Right) with your path to the config folder in the NAS #- /volume1/docker/Containers/Immich/config:/config environment: - TZ=Europe/Berlin - PUID=1026 - PGID=100 # Sample configuration file located at: https://immich.app/docs/install/config-file/ # Uncomment if you prefer to configure using a CONFIG file instead of using the Web Interface. # This will tell the container, where in the /config folder is the configuration file. #- IMMICH_CONFIG_FILE=/config/immich.json ports: # NAS | Container - '2283:2283' depends_on: - redis - database restart: unless-stopped # Container #2 - ML Server immich-machine-learning: container_name: Immich-Machine-Learning # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag. # Example tag: ${IMMICH_VERSION:-release}-cuda image: ghcr.io/immich-app/immich-machine-learning:release # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration # file: hwaccel.ml.yml # service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable volumes: - model-cache:/cache environment: - TZ=Europe/Berlin - PUID=1026 - PGID=100 ports: # NAS | Container - '3003:3003' restart: unless-stopped # Container #3 - Cache server redis: container_name: Immich-Redis image: docker.io/redis:6.2-alpine@sha256:905c4ee67b8e0aa955331960d2aa745781e6bd89afc44a8584bfd13bc890f0ae environment: - TZ=Europe/Berlin - PUID=1026 - PGID=100 restart: unless-stopped # Container #4 - DB Server database: container_name: Immich-Postgres image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 environment: - TZ=Europe/Berlin - PUID=1026 - PGID=100 - POSTGRES_PASSWORD=postgres - POSTGRES_USER=postgres - POSTGRES_DB=immich - POSTGRES_INITDB_ARGS:'--data-checksums' volumes: # NAS | CONTAINER # Replace the left side (Left:Right) with your path to the DB folder in the NAS - /share/Docker/Data/Immich/DB:/var/lib/postgresql/data command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"] restart: unless-stopped volumes: model-cache:
Docker compose file credit: Jorge Pabon
Click Validate and ensure that everything is as it should be. Expand Advanced Settings, click Resources, and limit CPU to 2 cores, then click Create.
Once the application and all the containers are created, you will be able to log in using the web location http://your_docker_host:2283. Log in and configure the application to suit your needs.
Network:
Deployment will create a new network 172.1.29.0/24 and place all the containers there. This will, of course, be accessible locally. If you plan on publishing your site on the Internet, I strongly advise against forwarding ports on your router, but rather use CloudFlare tunnel to access your site. If you want to use CloudFlare tunnel, make sure to add an additional network interface to the Immich Server container that is on the same subnet as your CloudFlare tunnel! The upside of using CloudFlare is that it will expose your site using https tunnel; the downside is that everyone will be able to try to authenticate. The one way to mitigate this is by using CloudFlare Zero Trust, which will protect your Immich with another layer of security. Using CF Zero Trust will, though, break access to your Immich server via the mobile app when outside your network and wifi. This can be mitigated by using CF Zero Trust Service Authentication and custom headers in the Immich app. This will be covered in one of the future tutorials.
Backup:
Immich will automatically create a database backup every day and place it under [/share/Docker/Data/Immich]/Uploads/backup directory. Create 2 backup jobs, one for the database and the other for the data. I strongly advocate using the 3-2-1 backup strategy for both the database and the data.