After all the amazing reviews and post i read immich I decided to give it a try.
To be honest I am quite impressed, it’s fast and polished, it just works.
But I found a few quirks, and hit a wall with the developer that doesn’t seems kind to listen to users that much (on these issues at least!)
Maybe you guys have suggestions?
Here I go:
One: it does not support base URLs, witch means that I had to spin a dedicated sub domain to be able to access it over internet while all my other services are on a single sub domain. I can work with that, but why. Dev already shut this request down in the past as “insecure”. Which I find baffling. (I mean use mydomain/immich instead of immich.mydomain)
Two: auth cannot be tied to reverse proxy. I get it, it provides OAuth. But it’s much more complex than proxy based auth… And overkill for many cases, mine for sure.
Three: impossible to disable authentication at all, which would just work fine in my use case. There is a switch that seems for that, but no, it’s only for using OAuth.
Four: I cannot find a way to browse by location, only by map. (Locations list seems to be half baked unless I am missing something).
Five: no way to deploy on bare metal, and I tried! due to lack of documentation (only info I found where very very outdated), and no willingness to provide info about that either. Seems that docker is so much better that supporting bare metal is a waste of time.
Six: basically impossible to manage easily public albums. like a public landing page. I get this might be outside immich scope.
Seven: even if now you can import existing libraries, it still does not detect albums withinbthem (sub folders) which is very annoying.
So, overall its a great project and very promising, faster and more reliable than Libre Photos in my use case, but still lacking some basic features that the Dev seems not interested in adding. He developed it to please his wife, I get it :) - no pun intended, doing all this take lots of time, I know.
These are the alternatives I know of:
Photo prism requires a subscription for reverse Geo coding.
LibrePhotos feels sluggish and kind if abandoned.
Are there any others? (Piwigo and Lytchee are great tools, but different kind of tools)
Let’s hope for immich, Dev is working a lit, let’s hope for the best.
I stand with you for the subdomain and bare metal thing. There are many great applications that I’m facing trouble implementing since I don’t have control over A domain settings within my setup. Setting mysite.xyz/something is trivial that I have full control over. Docker thing I can understand to some extent but I wish it was as simple as python venv kind of thing.
I’m sure people will come after me saying this or that is very easy but your post proves that I’m not alone. Maybe someone will come to the rescue of us novices too.
Us novices?
No, it’s not that. The point is not that using a sub domain is easy or not, you might not have access to using one or maybe your setup is just “ugly” using one or you just don’t want to use one.
Its standard practice in all web based software to allow base URLs. Maybe the choice of framework wasn’t the best one from this point of view.
As for docker, deploying immich on bare metal should be fairly easy, if they provided binaries to download. The complex part is to build it not deploy.
But you gave me an idea: get the binaries from the docker image… Maybe I will try.
Once you have the bins, deploying will be simple. Updating instead will be more complex due to having to download a new docker image and extract again each time.
Another such application that I wish had easy implementation for what you call base URLs is Apache Superset. Such a great application that I’m unable to use in my setup.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CA (SSL) Certificate Authority DNS Domain Name Service/System IP Internet Protocol SSL Secure Sockets Layer, for transparent encryption
3 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #444 for this sub, first seen 21st Jan 2024, 05:55] [FAQ] [Full list] [Contact] [Source code]
deleted by creator
Yes I mean https://mydomain/immich, like all other self-hosted tools do.
Auth just with name, please why email??? And maybe get that name from already performed proxy auth, not many tools does, but some do. Its a neat feature.
But immich requires an EMAIL and will also enforce it, so you cannot fool it with a plain username. I just want consistency with the rest of the world.
Docker is enough? Maybe, but bare metal should always be an option. Always. Just write down some basic steps or publish the build script already in place for releases.
And for albums I mean that it should recognize that external libraries have already albums in the form of subfolders.
I will open tickets and feature requests of course, this post is here to share my findings and your aggressive reply is out of place.
By the way, I am talking with strangers on the internet and the objective is to help solve those issues.
deleted by creator
- You request binaries but you havent said why
Why are you after bins? Maybe they dev in a container to start with. As you say, you can pull them out if you need…
Yes I can pull them out but upgrading would be a mess overtime.
If they released also binaries, I can write my install/upgrade scripts and voila, bare metal easy.
I already do this for a few tools not available trough gentoo package manager
So you want binaries for the soul purpose of wanting to write an install script for them?
I was looking more for a functional or performance reason incase it was something I was not aware of.
In those cases I would have used the sources which are available…
Not having a binary release (docker doesn’t count for practical reasons for my goal) hinders bare metal installation as the biggest limiting factor is building the sources, or better having the proper instructions to build them properly.
You still have not said why you want it on bare metal?!!!
Why are you after bins?
While Docker is a great tool with lots of reasons to use it, why should it MUST be the only solution? Installing on bare-metal gives me more control of what and how i install and i fond it more fun than typing “docker compose up”. There are already tons of package managers (including npm, pip etc) that another one, one on which you have even less control (let’s talk about all these images created so that everything runs as root?), is not really needed for me at least.
I want the possibility to go bare-metal, and i will go bare-metal every time i have the possibility. Yes Docker might seems more convenient, but do i need a reason NOT to use Docker, really? Are we at this point? This is “self-hosting” which means doing things the way we prefer, not following the herd or going with packaged solutions. And i have more fun with bare-metal than Docker. Is this enough?
Why are you so much against giving the optional opportunity to go bare-metal then, can you elaborate?
I’ve been using it for about a month, and love it.
My one complaint: self-signed certs on reverse proxies seem to break the android app backup. I’m not sure why, but internal CA seems to make things angry. Its more likely to be a local setup issue than anything in immich, but frustrating to pin down.
Android hates self signed certs, unless you generate the correct cert type then install the cert to android’s root CA trust.
I’ve tried this many times and it has never worked for me :( I can never generate a proper cert.
I’d love a pointer to a tutorial that works.
Here’s how I generated the CA:
# openssl genrsa -des3 -out my-ca.key 2048 # openssl req -x509 -new -nodes -key my-ca.key -sha256 -days 1825 -out my-ca.pem
I’m sure I’ll receive flak for how I went about it, but importing that pem into the “install certificates” bit of the settings works like a charm.
Why self sign? Use Let’s Encrypt, its free and works just great. That’s what I do
All the traffic is internal, so I can get away with it 🙃
Really was just interested in what cert generation entailed and did a fun little dive a few years back.
I also have internal only traffic, but I still use let’s encrypt. I self signed for a couple of years, but switching to proper certificates made things much simpler and better. Especially on mobile.
I use a combination of my own domain and caddy. and duckdns, since my domain registrar does not have an api caddy can use, but I can point my domain to my duckdns domain and it works 👍
I’m the bad guy that installed my CA where needed lol but nice!
Self signed certs needs to be allowed explicitly. If the app didn’t took those into consideration then there is not much you can do.
Another point against immich I guess if you need self signed.
I will try to support immich actively in the future, even if my free time is really small nowadays.
My current backup strategy is BTSync, which while super easy to get going is a pain in the ass to look up old images. Using direct IP on the app works perfectly, and the DNS lookup only works internally anyways.
All that to say that I’m probably going to use it and remove the btsync approach in a couple months.
Immich is very good for photo backup. I would say it’s it best use. Be aware of the limitations above tough.
I find very annoying not having a bare metal installation way. Will try to make it work in the future maybe.
As explained in this discussion this seems to be a problem with the web interface only, caused by the framework used by the interface (Svelte). It seems that getting subpaths to work with Svelte is not supported, and the Immich devs are probably right to think it should be fixed by Svelte, not by Immich.
I fully agree…