Immich - Getting Started Guide
Immich is a self-hosted photo and video management platform - a privacy-focused alternative to Google Photos. It features automatic backup from mobile devices, facial recognition, smart search and shared albums. Everything runs on your server via Docker Compose, giving you full control over your data.
Step 1 - Verify Immich Works
Your server's IP address and root password are shown on the Server Details page in your client panel. Immich is already running after the server starts. Open your browser and go to:
http://your.server.ip:2283You should see the Immich registration page. If the page does not load, wait 1-2 minutes for all containers to start.
On first access, fill in the form to create your administrator account:
- Email - your email address (used as login)
- Password - choose a strong password
- First Name and Last Name
Click Sign Up to create the account. After registration, the sign-up page is disabled - only the admin can create additional users from the Administration panel.
If you placed the server behind a VyOS router on a private network, either connect over a VPN and reach Immich on the server's private IP (recommended for a personal service), or configure port forwarding (port 22 for SSH, port 2283 for Immich web interface, ports 80/443 if you set up a domain with SSL).
Step 2 - Install Mobile App (Optional)
Immich has mobile apps for automatic photo and video backup:
- iOS - download Immich from the App Store
- Android - download Immich from Google Play or F-Droid
In the app, enter your server URL and log in with the account you created:
http://your.server.ip:2283Enable Background Backup in the app settings to automatically upload new photos and videos.
Step 3 - Configure Domain and SSL (Optional)
To access Immich via your own domain with HTTPS:
- Create an A record in your DNS settings pointing your domain to the server IP
- Wait for DNS propagation (usually a few minutes)
- Connect via SSH and set up Nginx as a reverse proxy with a Let's Encrypt certificate:
ssh root@your.server.ipapt update && apt install -y nginx certbot python3-certbot-nginx
cat > /etc/nginx/sites-available/immich << 'EOF'
server {
listen 80;
server_name your-domain.com;
client_max_body_size 50000M;
location / {
proxy_pass http://127.0.0.1:2283;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
EOF
ln -s /etc/nginx/sites-available/immich /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx
certbot --nginx -d your-domain.comReplace your-domain.com with your actual domain. Certbot will configure SSL and set up automatic renewal. The client_max_body_size directive allows uploading large video files. After setup, update the server URL in your mobile app to https://your-domain.com.
Post-Installation
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH | 5 failed logins | 10 minutes |
Useful commands:
# Check banned IPs
fail2ban-client status sshd
# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Storage Management
Photos and videos are stored in /opt/immich/upload/. A typical phone photo is 3-5 MB; videos are much larger. Immich also generates thumbnails and ML embeddings (~20% overhead). To check disk usage:
df -h /
du -sh /opt/immich/upload/Service Management
Immich runs as a systemd service via Docker Compose:
# Check container status
cd /opt/immich && docker compose ps
# View logs
cd /opt/immich && docker compose logs -f
# Restart Immich
systemctl restart immichUpdates
To update Immich to the latest version:
cd /opt/immich
curl -fsSL https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml -o docker-compose.yml
docker compose pull
docker compose down && docker compose up -dAlways check the release notes before updating for any breaking changes.
Backups
Back up two things: the upload folder and the database:
# Database backup
docker exec -t immich_postgres pg_dumpall -c -U postgres > /opt/immich/db_backup.sql
# Database restore (if needed)
cat /opt/immich/db_backup.sql | docker exec -i immich_postgres psql -U postgresSoftware Included
| Component | Version |
|---|---|
| Ubuntu | 24.04 LTS |
| Docker | Latest |
| Immich | Latest |
| PostgreSQL | 14 (Docker) |
| Valkey (Redis) | 9 (Docker) |
| Fail2Ban | 1.0 |
Troubleshooting
| Problem | Solution |
|---|---|
| Web interface not loading after first boot | Wait 1-2 minutes for containers to start. Check: cd /opt/immich && docker compose ps |
| Containers keep restarting | Check logs: cd /opt/immich && docker compose logs --tail 50. Verify you have at least 4 GB RAM |
| Mobile app cannot connect | Verify the server URL includes the port: http://your.server.ip:2283 |
| Out of disk space | Clean Docker cache: docker system prune -a. Consider resizing the disk in your client panel |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP |
| Forgot root password | Use VNC console in your client panel to reset it |