Immich: opinion revised
(wiki.gardiol.org)
from Shimitar@downonthestreet.eu to selfhosted@lemmy.world on 24 Feb 13:40
https://downonthestreet.eu/post/21218
from Shimitar@downonthestreet.eu to selfhosted@lemmy.world on 24 Feb 13:40
https://downonthestreet.eu/post/21218
Hi fellow self-hoster.
Almost one year ago i did experiment with Immich and found, at the time, that it was not up to pair to what i was expecting from it. Basically my use case was slightly different from the Immich user experience.
After all this time i decided to give it another go and i am amazed! It has grown a lot, it now has all the features i need and where lacking at the time.
So, in just a few hours i set it up and configured my external libraries, backup, storage template and OIDC authentication with authelia. All works.
Great kudos to the devs which are doing an amazing work.
I have documented all the steps of the process with the link on top of this post, hope it can be useful for someone.
threaded - newest
I love immich. I just wish for two things:
What is synchronized deletes on client server?
I assume that server-side asset deletions are applied to client libraries. I.e. If I take a picture on my phone, but then later delete the picture from immich on another device, it will then also remove the original copy on the client (phone) that took it.
Yes, more control over what happens between server/client. Sorry, that wasnt clear.
Immich aims to be a google photos replacement, which has this function built in.
Now, I don’t care if it works only one way, but it should be clear.
That’s why I only use immich as a gallery and not as a photo backup solution. I manage the syncing with syncthing.
Assuming you mean Android, FYI syncthing for android is discontinued, so you might want to look into other options.
github.com/syncthing/syncthing-android?tab=readme…
There has been a fork out for a long time now that is still developed, it’s called syncthing-fork
Thank you for this. I plan to look at the authentication part more closely, but that’s the part I can’t quite figure out (being an amateur at this stuff but still trying), since I’m nervous with just a password accessing it remotely or from the phone.
Authelia, NGINX, there is so much that’s confusing to me, but this might help.
Feel free to ask, even in pm, if I can help. Not a guru myself, but getting a bit more experience overtime.
I’d recommend setting up a VPN, like tailscale. The internet is an evil place where everyone hates you and a single tiny mistake will mess you up. Remove risk and enjoy the hobby more.
Some people will argue that serving stuff on open ports to the public internet is fine. They are not wrong, but don’t do it until you know, understand and accept the risks.(’normal_distribution_meme.pbm’)
Remember, risk is ’probability’ times ’shitshow’, and other people can, in general, only help you determine the probability.
good general advice until you have to try to explain to your SO the VPN is required on their smart TV to access Jellyfin.
Then you expose your service on your local network as well. You can even do fancy stuff to get DNS and certs working if you want to bother. If the SO lives elsewhere, you get to deploy a raspberry to project services into their local network.
This piqued my interest!
What’s a good way of doing it? What services, besides the VPN, would run on that RPi (or some other SBC or other tiny device…) to make Jellyfin accessible on the local network?
Well, I’d just go for a reverse proxy I guess. If you are lazy, just expose it as an ip without any dns. For working DNS, you can just add a public A-record for the local IP of the Pi. For certs, you can’t rely on the default http-method that letsencrypt use, you’ll need to do it via DNS or wildcards or something.
But the thing is, as your traffic is on a VPN, you can fuck up DNS and TLS and Auth all you want without getting pwnd.
It’s one thing to expose a single port that’s designed to be exposed to the Internet to allow external access to items you don’t care if the entire internet sees (Jellyfin).
Ots other thing when you expose a single port to allow access to items you absolutely do care if the entire internet sees (Immich).
If you’ve taken care to properly isolate that service, sure. You know, on a dedicated VM in a DMZ, without access to the rest of your network. Personally, I’d avoid using containers as the only barrier, but your risk acceptance is yours to manage.
Very low WAF score tough.
You mean ”hardcore WAF challenge”?
More like hardcoded WAF challenge.
I have a problem generating thumbnails for photos taken from summer 2023 until now (using my iPhone 12 Pro). It's like a format problem or something. I don't know ¯_(ツ)_/¯
You might want to submit a bug report. Their pace of development is insane for OSS.
Your website hasa banner that says it uses cookies and that by using it I acknowledge having read the privacy policy, but if I click More Information it takes me to a page the wiki says want created yet.
Never noticed. I don’t do anything with the cookies anyway, its just a docuwiki self hosted, no ads, no data collection, nothing. I don’t even store logs.
I might need to write the privacy policy… Will do tomorrow.
Im not familiar with doku wiki but here’s a few thoughts
The dokuwiki cookie is not for user tracking but for functional use. You don’t need user consent for functional use. OP should remove the useless cookie banner altogether
Afaik the cookie policy on your site is not GDPR compliant, at least how it is currently worded. If all cookies are “technically necessary” for function of the site, then I think all you need to do is say that. (I think for a wiki it’s acceptable to require clients to allow caching of image data, so your server doesn’t have to pay for more bandwidth).
If you don’t process any user data beyond what is technologically required to make the website work, you don’t need to inform the user about it.
i have double checked but i do not have any banner on my wiki at all… Where did you see one? The only cookie is a technical cookie only used for your preferences and no tracking.
Is it still free and open-source? Didn’t they change the license to “free unlimited trial” a while ago?
As far as I know the license doesn’t “do” anything. It’s just supporting the dev:
Source: immich.app/blog/2024/immich-licensing/
Oh, thanks. That’s very uplifting!
I’ve been trialing some similar apps and none of them really fully satisfy me, including immich. Mostly because they all make it clunky to exclude some photos from showing up, or indexing being slow as hell and not particularly good at removing photos I recently ignored, deleted or moved. Immich in particular is bad with the ignore part. I wish I could edit a text block that defined ignore rules like a gitignore, but instead you have to add each rule separately in the UI. Then it feels very slow to add thumbnails for raw files and slow to index period. So many of these apps seem to me like they fumbled the ball just short of a touchdown because otherwise the featuresets seem nice.
I have tried damselfly, immich, libre photos, photo prism, and I tried to configure nextcloud memories but I could not even get it running. It seemed pretty complicated and picky about its setup.
I went trough them all and probably a few more (photoview) and Immich is by far the best. Also at that pace of development it will be perfect soon.
Its by far the fastest for thumbnails and indexing so far at least on my hardware.
How did you do external backups?
Did you read the whole post? If so, did you go to his/her website?
Yeah I just didn’t understand it.
If anyone’s interested, here’s my Immich backup script. You setup rclone to use an S3 storage service like BackBlaze which is quite cheap. I also use a crypt which means RClone will encrypt and decrypt all files to/from the server. S3 configuration and crypt setup.
Then set this up as a cron job. With the “BACKUP_DIR” option when you delete a photo it will get moved to the “deleted” folder. You can go into your S3 provider’s lifecycle settings and have these get deleted after a number of days. I do 10 days. Or you can skip that and they’ll be gone forever.
Yeah, I don’t know what any of these words mean. I just want to click “export” and back all the data up to a flash drive. Is that too much to ask?
Well yeah you could go on the site and select whatever photos and hit download I suppose.
There’s no way to do that for your entire library. Also I assume that would not retain the Immich-specific metadata like the ML object tags and the “people” tagged in the photos.
You should have a backup solution for your server that should cover this, without that you should probably stick with managed photo backup services.
Thats…why I’m asking?
…is that not what Immich is?
Are you paying for Immich somewhere? Then you’d have to trust the administrator to back your data up. I had assumed you were self hosting and by managed services I meant like Google Photos, or indeed someone else’s Immich setup.
No.
Not doing that for reasons that shouldn’t need explaining.
If you’re self hosting then you could just copy all the files from your server onto an external drive. I have to say that’s not a great backup solution though, and you should learn more about administration of Linux servers so that when things break you can fix them. I wouldn’t rely on it as a safe solution to your photos otherwise.
I’m not looking to become a sysadmin, thanks. I just want somewhere to safely store and organize my private photos.
I don’t know how to access the filesystem and copying the library folders would not back up the metadata.
A great backup solution would be what I mentioned elsewhere. Just put a button to export it to a flash drive or an encrypted file server.
And that’s fine and understandable. But I don’t think that Immich is for you. It’s not consumer-grade software. It’s a piece of Linux server software that requires occasional maintenance and administration. We haven’t seen a breaking update in a while but Immich does occasionally release updates where things will break if you don’t dig in to the config files and reconfigure it.
If they implemented a proper backup system I wouldn’t have to worry about it breaking. That’s why I want it.
There’s nothing else I need to access the backend for.
“I want to be an F1 racer but I don’t wanna learn to drive”
That’s what I heard you say
@Ulrich @bdonvr It will indeed be hard to use Immich without some technical knowledge at the moment. The documentation explicitly warns that the software is changing fast and might break a few things.
I'm sure that some day they will have a paid hosted tier that will de-risk the technical aspects such as backups and resilience but thats not here yet.
Perhaps you could take a look at Ente Photos for a non-Google, privacy friendly (and encrypted) photo hosting solution.
https://ente.io/
I obviously have “some technical knowledge” as I was able to launch a server and install Immich. I just don’t understand why everyone seems entirely opposed to making things easier.
Give me the angry downvote all you want but, you are administering a system, you are literally a sysadmin
One rclone command isn’t much more complicated than one button.
Reading the comment I replied to, it appears to be much much more complicated. And I don’t understand how anyone can claim otherwise.
Key word is “appears”. Choose your source and destination, run rclone. That’s it. No harder than going to the page, clicking export, picking a folder, save. It’s really not hard at all, give it a try.
This tells me absolutely nothing about how to do that. Source for what? Destination for what? Choose them where? What is rclone? Where do I get it? How do I run it? What does it do?
All questions that don’t need to be answered before clicking a button in the UI.
E: That was very much not it, and they asked me to Google the rest of it.
The source and destination for the data we’re discussing? Only you know where you’re keeping it and where you’re backing it up to, so you’ll have to fill in those blanks yourself. The remainder of your questions can be answered with a cursory Google search (or other search engine of your choice).
I have no idea where that data is. Immich does.
Telling me to Google it is unhelpful and rude and further backs up my point that it is more complicated. If there is a button, I don’t need to research anything, I just click it.
Immich is not magic. You were the one that set up and configured it. If you are unable to remember, I’m sure you could examine your configuration.
I am unable to provide any more information about rclone bevause I have never used it myself, but I am damn sure that if I did even the barest amount of effort to learn it on my own that I could find all the information I need and more, instead of expecting the information to be spit into my mouth like a baby bird.
I did not ask for magic. I asked for a button to export my data. Unless you consider that to be magical?
I’m sure you could. And I’m sure I could. The problem is knowing what to do with that information. As it is, it might as well all be fucking hieroglyphics to me. I don’t understand it.
You seem to be unable to comprehend that everyone is not a sysadmin. I do, however, know how to click buttons in a UI.
I am happy to hold your hand through administering your server, but my support rates start at $120/hr.
Once again, not what I asked for. If you don’t have anything helpful to contribute, please feel free to stop replying to me.
You need to backup exactly two folders, which i have also pointed out in another commend and in the wiki.
However you back those folder up, it’s up to you.
I think it is. It doesn’t take much to understand which folders needs to be backed up. They are also pretty clear on the immich website on how to backup the database itself. No, just an “export” wouldn’t be good enough since the files themselves do not include the metadata.
Why is that?
Yeah I’m pretty tired of hearing things are “pretty clear” or “not that complicated” and then being directed to an absolute word salad of technical terms no one without a computer science degree would understand.
They could…add them?
I backup with restic the database backups done by immich, not the database itself, and the Library/library folder which contains the actual images and videos.
I used to use a docker container that makes db dumps of the database and drops it into the same persistent storage folder the main application uses. I use this for everything in docker that had a db.
Immich as recently integrated this into the app itself so its no longer needed.
All my docker persistent data is in a top level folder called dockerdata.
In that I have sub folders like immich which get mounted as volumes in the docker apps.
So now I have only 1 folder to backup for everything. I use zfs snapshots to backup locally (zfs auto shot) and borgmatic for remote backups (borgbase).
All my dockers all compose files that are in git.
I can restore he entire server by restoring 1 data folder and 1 compose file per stack.
I don’t understand how that’s helpful. If something is corrupted or my house burns down, a local backup is going to go with it. That’s why I asked for external backups.
Borgbase is remote
I have three tiers of backup. Never heard or the 3,2,1 rule?
3 backups 2 locations 1 offsite
I backup one time on an external disk connected to the server. A second time to another disk, connected on an OpenWRT router located in the patio. A third copy is uploaded to my VPS in the cloud.
not all three are symmetrical due to disk sizes. But critical data is always backed up on all three. Daily backups.
Restic do deduplication and encryption too, so actual data usage is really minimal and all is kept safe.
Nice comment
I quit as soon as I saw it still has a docker crutch. Fails security reqs due to the validation issue.
Thanks, though. Sounds like it’s gonna work well for you.
Pedantics
Pedants*
PeeOnThats*
Did you know: all language is fake and made up?
I’m curious;
Which ML CLIP model did you go with, and how accurate are you finding the search results?
I found the default kinda sub-par, particularly when it came to text in images.
Switched to “immich-app/XLM-Roberta-Large-Vit-B-16Plus” and it’s improved a bit; but I still find the search somewhat lacking.
The best one I have found was one of the newer ones that was added a few months ago. ViT-B-16-SigLIP__webli
Really impressed with the accuracy even with multi word search like “espresso machine”
How well does it do with text in images?
I often find searching for things like ‘horse’ will do a decent job bringing up images of horses, but will often miss images containing the word ‘horse’.
It does ok with that. better than the default model, but worse than the built in search on my phone.
I’m using immich for half a year or so now. There only problem is that it did not chunked uploads. So one large video just never uploaded, and I had to use nextcloud to upload it instead. Otherwise, it’s great.
If you’re self hosting Immich on your local network, I’ve gotten around this by setting the Immich app to use my local ip address while on my home wifi network.
Yes, i encountered this issue as well. Seems that tweaking NGINX setting helped. Still stupid that a large upload will stall all the others.
Haven’t checked in a while but is there any hope for cloud storage of the image library yet? I’m kind of holding out for S3 support because I don’t want to manage multiple terabytes locally.
I don’t think immich supports this natively but you could mount an S3 store with s3fs-fuse and put the library on there without much trouble. Or many other options like webdav.
My only issue with it is that on my iphone, the app constantly freezes and says I have 3 photos left to upload. It’s almost certain to freeze for a few minutes and the upload becomes stalled as well. This behavior made it take a long time to backup my library and it makes it a pain in the ass to share photos quickly with people. Popping into the webUI has none of these issues (just no uploading of my photos). I still quite love the app