Table of Contents

Immich

Immich is a selfhosted gallery server like Google Photos.

On irix it uses local storage for the database, cache and thumbnails and for photo storage, the OneDrive 1TB business developer account via rclone mount.

See official docs for configuration at https://immich.app/docs/install/requirements

Use the imman script to update and start or shut Immich down.

Periodic CPU spikes

When Immich and friends are running, they provide a healthcheck feature that can result in periodical CPU spikes. To disable this, just turn off healthchecks in the docker-compose file:
healthcheck:
disable: true

Authentication

Access is secured by client certs on web interface (port 443) and by HTTP auth header on mobile (port 2299). This is done to avoid exposing immich's auth UI.

Immich can use self-signed/client certs directly in the app by importing them under settings before initial login.

NOTE: As of January 2025, Immich currently has a bug (no plans to fix) when deployed behind a reverse proxy with additional client certs: the mobile app's (Android & iOS) video player cannot play online-only videos, it can't pass the certificate to the video player's API request (I think)

Storage

Immich's library folder is configured as /home/debian/immich/data. It stores everything here, from uploaded media to thumbnails. The data/library folder is actually the rclone onedrive mount, and immich sees it and uses it as a regular folder.

The storage template is ON for easier organisation and backup. Immich also now correctly reports the onedrive space not the system space.

rclone

rclone is used to mount onedrive storage to a local folder for the immich library.

A systemd unit rclone-onedrive is used to mount onedrive under /home/debian/immich/data/library so immich uploads all assets directly to onedrive.
Thumbnails are stored locally under data/thumbs and the full-size assets are stored on onedrive. The files are uploaded to the disk, then to onedrive. The oldest local files are deleted when max size is reached.

Noticed that rclone is slow to sync deletions from onedrive (the scan interval I presume). This is not a huge problem, as I don't touch the library from onedrive web UI.

rclone-onedrive.service: 

[Unit]
Description=Onedrive MS365 Dev (rclone)
AssertPathIsDirectory=/home/debian/immich/data/
 
[Service]
Type=simple
ExecStart=/usr/bin/rclone mount \
        --config=/home/debian/.config/rclone/rclone.conf \
        --allow-other \
	--allow-non-empty \
	--metadata \
        --vfs-cache-mode full \
	--vfs-cache-max-size 50G \
	--vfs-cache-max-age 168h \
	--cache-dir /home/debian/.cache/rclone \ 
        --transfers 6 \
        --dir-cache-time=60m \
        --cache-info-age=60m \
	onedrive:PHOTOS /home/debian/immich/data/library/
ExecStop=/bin/fusermount -u /home/debian/immich/data/library/
Restart=always
RestartSec=10
 
[Install]
WantedBy=default.target

Specify a cache directory for rclone that isn't a tmpfs if you don't want to run out of memory.

See Rclone - mount, Rclone - onedrive
See https://forum.rclone.org/t/vfs-cache-mode-full-vs-writes/34746 for an example rclone mount command with vfs-cache options (google drive here)

Nginx

Nginx is used to reverse proxy immich for the WAN. Lets encrypt certs are managed by certbot.

Two sites are used: immich and immich-mobile. See Authentication why.