Immich

docker-compose.yml

name: 'service_immich'        

networks:
  proxy:
    external: true # ---> To Traefik Reverse Proxy
  cloudflared_network:
    external: true # ---> To Cloudflare Tunnel network
  backend:
    driver: bridge # ---> Insider network accessible only to Immich services and sidearts

volumes:
  Users:
    external: true # ---> Personal photos live here
  Photos:
    external: true # ---> My Photography library lives here

services:

# IMMICH SERVER - This is the main service
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    networks:
      - backend
      - proxy
    ports:
      - 2283:2283
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - Photos:/photos
      - Users:/users
    env_file:
      - stack.env
    depends_on:
      - redis
      - database
    restart: unless-stopped
    labels: 
      # If you aren't using Traefik or Flame Dashboard, you can disable these labels
      - "traefik.enable=true"
      - "traefik.http.routers.immich.entrypoints=http"
      - "traefik.http.routers.immich.rule=Host(`immich.${DOMAIN_NAME}`)"
      - "traefik.http.middlewares.immich-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.immich.middlewares=immich-https-redirect"
      - "traefik.http.routers.immich-secure.entrypoints=https"
      - "traefik.http.routers.immich-secure.rule=Host(`immich.${DOMAIN_NAME}`)"
      - "traefik.http.routers.immich-secure.tls=true"
      - "traefik.http.routers.immich-secure.service=immich"
      - "traefik.http.services.immich.loadbalancer.server.port=2283"
      - "traefik.docker.network=proxy"
      # Flame Dashboard labels
      - "flame.type=app"
      - "flame.name=Immich"
      - "flame.url=https://immich.${DOMAIN_NAME}"
      - "flame.category=${C_GEN}"
      - "flame.icon=immich.png"
      - "flame.order=5"

# IMMICH COMPONENTS - These are components from the main stack - DB, Redis, AI
  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    networks:
      - backend
    volumes:
      - ${DIR_CONFIG}/immich/models:/cache
    env_file:
      - stack.env
    restart: unless-stopped

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3
    networks:
      - backend
    volumes:
      - ${DIR_CONFIG}/immich/redis:/data
    restart: unless-stopped

  database:
    container_name: immich_postgres
    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    networks:
      - backend
    env_file:
      - stack.env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      PG_DATA: /var/lib/postgresql/data
    volumes:
      - ${DIR_CONFIG}/immich/db:/var/lib/postgresql/data
    restart: unless-stopped

# IMMICH SIDECAR COMPONENTS - These are services created by the community to add certain functionality via API
  immich-folder-album-creator:
    container_name: immich_folder_album_creator
    image: salvoxia/immich-folder-album-creator:latest
    restart: unless-stopped
    networks:
      - backend
    environment:
      API_URL: http://immich_server:2283/api
      API_KEY: xxxxxxxxxxxxxxxxx # ---> Get from Immich UI
      ROOT_PATH: "/photos,/users"
      ALBUM_LEVELS: 3
      CRON_EXPRESSION: "0 */1 * * *"
      TZ: ${TZ}

  immich-public-proxy:
    image: ghcr.io/tenekev/immich-public-proxy:latest
    container_name: immich_public_proxy
    restart: unless-stopped
    ports:
      - 3808:3000
    networks:
      - backend
      - cloudflared_network
    environment:
      - IMMICH_URL=http://immich-server:2283
    configs:
      - source: immich_public_proxy_config
        target: /app/config.json
        mode: 0444 # rrr
    healthcheck:
      test: wget -q --spider http://localhost:3000/share/healthcheck || exit 1
      start_period: 10s
      timeout: 5s

configs:
  immich_public_proxy_config:
    content: |
      {
        "ipp": {
          "responseHeaders": {
            "Cache-Control": "public, max-age=2592000",
            "Access-Control-Allow-Origin":  "*"
          },
          "singleImageGallery": false,
          "singleItemAutoOpen": true,
          "downloadOriginalPhoto": false,
          "showGalleryTitle": true,
          "allowDownloadAll": true
        },
        "lightGallery": {
          "controls": true,
          "download": true,
          "mobileSettings": {
            "controls": true,
            "showCloseIcon": true,
            "download": true
          }
        }
      }

stack.env

UPLOAD_LOCATION=/Services/appdata/immich/upload
LOG_LEVEL=log
JWT_SECRET=QDdLs+ajgdYpHmCU/gXJOzwQQVnp5AnATEa5vMB9bTzRDRDI/bNg2w/CkQm5oi57XwQHc/UhY83rKFZpF0RHPt3kJenAQkJLG+iFJIkmAceCMjb9JfXG3SiZ7W0YEBw03wssIymQJ7YUkvhA1x9mczHQzR+2SdnnKMg13eWsh4g

DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE_NAME=immich

REDIS_HOSTNAME=immich_redis

IMMICH_WEB_URL=http://immich-web:3000
IMMICH_SERVER_URL=http://immich-server:3001
IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003

DOMAIN_NAME=yourdomainname.tld       # This works with Traefik Reverse Proxy, if you have it: immich.yourdomainname.tld

DIR_CONFIG=/Services/appdata         # Where Immich library data, models etc is stored

PGID=1000
PUID=1000
TZ=Europe/London

C_GEN=🏛️ General                    # These work with Flame Dashboard labels. Can be ignored.
C_ADMIN=⚙️ Administration
C_NET=🕸️ Network
C_ARR=☠️ Arrr!
C_DEV=🏗️ Development
C_WEB=🌐 Webservers
C_PRV=🔒 Private
C_MON=📊 Statistics