The Ultimate Immich Setup Guide

DeGoogling (or DeAppling) from Google Photos and iCloud Photos with an open-source alternative to these services assures deeper privacy and control. In this guide, we will migrate your photos and videos, set up Immich, and complete a 3-2-1 backup solution for your most important photos and videos. This is not free or even cheaper than big tech image services, so this journey isn't for the faint of heart, but if you want to retain some sense of privacy and ownership, this is the way. This guide is meant for beginners, but feel free to ask questions, and don't feel bad about now fully understanding something!

What is Immich? Immich is an open-source and self-hosted application that replaces most of the functionality in Google Photos, iCloud Photos, and other photo backup systems. If you are content with your current cloud storage solution, please by all means continue to use it. Bigger companies can give redundancy at scale, where we can't, but we can still do a good job with even a 3-2-1 Backup Plan. 3-2-1 as in three copies of data: original copy, which is reflected in Immich, and two more copies of that data. Two different media: the server itself and external hard drives + cloud. One copy off-site: the cloud. This will give us ample backups without a ton of effort. And we will automate this so we don't have to worry about it later. You can pick the cloud version if you don't have a spare computer to use, or the local version if you do have a computer that can be on 24/7. Both methods will involve purchasing a domain and a virtual private server in order to use Immich outside the home.

If you are creating a cloud server, the system will require 4GB of RAM and 2 CPU cores. If you are hosting on a spare computer at home and want to access the app outside of home, you will need to purchase a VM with at least 1GB of RAM and 1 CPU core. Additionally, with the cloud server, you will need to buy storage as your photo library grows.

This guide assumes you have a spare computer you can leave on 24/7 or are willing to pay for a cloud server you have access to, and have another computer to access everything with. This guide will presume the usage of Ubuntu Server as well (for local and cloud).

Preface

What is the Cloud? Typically, large companies will use datacenters that hold a bunch of servers that connect to a high-speed internal private network that then uses software to translate traffic to your VM. Think of a data center as the post office sorting mail before reaching your home, and your home as the virtual machine. With hosting your application locally (with a little cloud help), you manage everything, but with an app like Immich, you don't need to worry about it as heavily as you would with something like a social media app.

We need to buy our VPS. A virtual private server is a cloud server that we have access to 24/7, and we don't have to worry about power or maintenance. It costs monthly, but on Digital Ocean, it's not super bad at all. What's Digital Ocean? Digital Ocean is a platform that provisions cloud resources to you to do things with, including VPS (virtual private servers, also known as virtual machines), which allow you to run services and apps in the cloud. I will show how to get the virtual machine that will either host our application directly or serve our local server publicly and securely.

What is a domain? Domains are commonly known as URLs that we use in order to go to certain server resources that are shared publicly. Google.com feels better than 142.251.16.139. Humans technically don't need them in order to connect to resources, but it makes it easier for humans to remember. Many places sell domains, and they are basically yearly subscriptions. Typically, they are very cheap, but require your "personal information". However, Namecheap redacts that information for free by default on most domains.

Namecheap

Domains are used in order to share our application publicly. Buying a domain is easy, and I will help with getting one to use for Immich. If you don't want to share Immich publicly and use it just in your house, you can skip this part. We will be using Namecheap, but you can use whatever domain provider you please. You just need to look up DNS management to link the domain to the application.

On Namecheap, most domains are about $20 a year; however, they often have sales on certain ones. They also require an address for compliance reasons, but most, if not all, domains I've bought from them come with WHOIS protection (hides identity). However, addresses aren't verified, so do with that information as you will. Create an account and start brainstorming a name. After creating your account, search for the name of the domain you want.

Add it to your cart and you will be redirected to your cart. Make sure the Domain Privacy is enabled, and then you can confirm your order. You can use PayPal or a credit card.

After you purchase, hover over your account name, click Dashboard, and click Manage on the domain you just purchased. Click on "Advanced DNS" and leave the page up. We are going to buy the VM so we can either host the app or Pangolin, which will let us share Immich from home, publicly.

Digital Ocean

Digital Ocean allows you to 'rent' cloud infrastructure for whatever you need. One of the things Digital Ocean offers is "Droplets," or virtual machines. These machines allow us to run software with a public IP address, so the resources can be accessed publicly. You don't need to use Digital Ocean for virtual machines if you don't want to. I'm just very familiar with Digital Ocean (there are cheaper services). Sign up for an account, link a payment method, and we can move on to selecting a Droplet.

Under Manage on the left, click on Droplets. Click on Create Droplet. Choose the Region closest to the people who will be using Immich with you (or just you). Let the OS as Ubuntu and whatever the Version is listed as-is. For Droplet Type, select Basic under Shared CPU.

The next steps depend on whether you are hosting Immich locally or in the cloud. If you are hosting Immich locally, select the $6/mo option and $24/mo option for hosting in the cloud (untested, but you may be able to do $12/mo). Scroll to Choose Authentication Method and click Password. Create a password (PLEASE REMEMBER THIS) for root access to your VM. Scroll to Hostname and put "Immich" and click "Create Droplet". It should open up to the creation of the droplet in the first project. Click on "Immich" and click on the number next to IPv4 to copy it. We will need this to link the domain to Immich.

Linking The Domain

In Namecheap, go down to "Host Records" and click "Add New Record". Under Type select A Record, under Host type "@", under IP Address, type in (or paste) the IP Address from Digital Ocean, and leave TTL as default.

If you are taking the local route, add another A record with "pangolin" under Host, the same IP address, and TTL as the default.

If you are taking the local route, you can wipe the computer and put server software on there. You can install Ubuntu Server on your spare computer, and the link supplied has a tutorial you can use. If you don't want to wipe anything on your spare computer, you can still use it, but you may need more resources (RAM, Storage) on a system with a desktop operating system like macOS or Windows 11.

Now that we have the domain and VPS/computer ready, we can start to install Immich.

Installation

This begins the portion of the installation of Immich. Depending on whether you are doing a local install or a cloud install, you will log in a different way.

If you are creating a local install, make sure it is plugged in, turned on, and connected to the internet. With your primary computer, open your terminal and type ssh <username>@<servername>, and when it asks for your password, type it in as well. Hit Enter.

If you are creating a local install, all you will need to do is log in to Digital Ocean, navigate to the Droplets page, click on the three dots, and then click Access Console. You will need your root password from earlier.

Install Software

You will need to install Docker; it's a containerization software that makes it easy to install and manage applications in one place.

In your server, open the terminal and create a directory for Immich-related files: mkdir ./immich and cd into it.

Download the Docker Compose file: wget -O docker-compose.yml https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml. In your terminal, type nano .env and hit enter. nano is a command-line text editor, so we can make the small changes we may need. The template has a line that breaks the installation of the application. Go to the name: immich and remove that line. Hit Ctrl+X and Y to save the file.

Docker Compose makes it easier to deploy related containers together using a file, instead of multiple commands separately.

Download the .env file: wget -O .env https://github.com/immich-app/immich/releases/latest/download/example.env. This file allows you to inject specific values into Docker to be used in this instance of Docker. Think of it like the blanks in Mad Libs. There is a main body already provided, but the blanks (.env) allow you to have a different story than someone else. Rename the example.env file with the command mv example.env .env.

We are going to set up our environment in the .env file. First, we need to find our timezone for Immich; the environment files need a specific timezone identifier for time-related functionality. Go to Wikipedia and find your 'TZ identifier' (e.g, America/Chicago) and copy it somewhere. Hop into your command line and type openssl rand -base64 32 and copy the output.

In your terminal, type nano .env and hit enter. We need to do is go to where it says #TZ=Etc/UTC. Erase the # and then paste (Ctrl+Shift+V) the 'TZ identifier' we copied earlier. Also, go down to DB_PASSWORD and erase postgres and paste (Ctrl+Shift+V) the openssl output. Hit Ctrl+X and Y to save the file. We are now ready to deploy (run the application) 🚀. Type docker compose up -d in the terminal.

Open a browser on another device and then type http://<ip-address>:2283 (or http://<domain>). It should prompt you to create an admin account (main user). Make sure to remember this information. If you want to create other users, you can click on the top-right > Administration > Users (on the left) > Create user.

Hardware Acceleration (*Optional)

Immich includes hardware acceleration for facial recognition, which just makes the functionality faster on certain hardware, so if you don't care about faster processing on large imports of photos/video, you can skip this. Even without hardware acceleration, you will have facial recognition.

You will need to identify your GPU for your device somehow (lspci | grep -i 'vga\|3d\|2d' works for Linux) and identify if the vendor matches Mali (armnn), NVIDIA (cuda), AMD (rocm), Intel (openvino), or Rockchip (rknn). If you are interested, download the machine learning config file in the terminal (make sure you are in ~/immich before running this command) with this line: wget -O .env https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml. Then nano docker-compose.yml and edit under immich-machine-learning and remove the "#" next to extends, file, and service. On the line under immich-machine-learning, where it says "-release}": add the vendor code next to "-release}" (i.e, if you had an AMD GPU, change to "-release}-rocm").

Where it says service: cpu, remove cpu and add the same vendor code. Hit Ctrl+X and Y to save the file. Run docker-compose up -d.

Hosting (Local Only)

In order for the local Immich to be accessible to people outside of your home, you need to connect your spare computer to the virtual machine created earlier. We will use an application named Pangolin (free) to connect from a virtual machine to the local, safely and securely.

The instructions are here, but I will also walk through them. Log in to your virtual machine in Digital Ocean. Create a directory called pangolin using mkdir pangolin and then cd pangolin. Run this command: curl -fsSL https://digpangolin.com/get-installer.sh | bash, and then when it's done, run the command sudo ./installer. Follow the steps for the installer. Here are what you can put for the questions, hitting enter to go to the next question: leave as-is, (the name of the domain you purchased), leave as-is, enter your personal email, leave as-is, leave as-is, leave as-is (installs Docker), leave as-is, leave as-is.

Follow the link shown in the console and set up the admin account and "Organization" (It's like a team/group name).

Create a site (which I like to think as a server). Name it Immich, leave the Tunnel Type as-is. Copy and save the Newt credentials somewhere on your primary computer (securely). Also, save the text in the commands box in "Install Newt" somewhere. Make sure you save them and hit "Create Site". We will use that command on your local computer.

Now click on Manage Resources, then Add Resource. Add "Immich" as the name and make sure Immich (or what you named the Site) is under site. Leave Resource Type as HTTPS Resource and under HTTPS Settings, type your domain you purchased for Domain and select it when it comes up with a green checkmark. Click on Create Resource. Under Proxy, leave http, type localhost for IP/Hostname and 2283 for Port. Click Add Target.

Click on Authentication and unselect "Use Platform SSO." This disables the Pangolin login screen and firewall, which won't allow you to connect to Pangolin without setting up an additional account for Pangolin, and denies access to Immich via the mobile app. Click Save Users and Roles. Now go to the domain you have to see if it is working.

Mobile App

Despite Immich being an open-source application and free for core functionality, there are free applications for both iOS and Android. Download the one for your devices. You can import and sync albums just like in Google Photos and iCloud Photos.

After opening it will ask for your "Server Endpoint URL" which is http://<ip-address>:2283/api (or https://<domain>/api). Go to the cloud icon in the top right of the screen and select the albums you want to back up. Immich has the ability to back up in the background as long as the app is "active". After backing up, you should now be able to see the photos on the web version of the application.

Migrating from Google / iCloud Photos

Most reading this are looking to migrate from Google or Apple, and luckily, there are solutions to uploading all of those photos at once. Immich does support multiple files at once (see non .zip folders) via web interface, but doesn't easily handle multiple files at once. Enter: immich-go. It's an open source tool (located here) that can bulk upload to Immich servers with support for Google Photos Takeout and iCloud Photos Takeout.

Takeout for those services typically takes a while, but in order to migrate, you need to get it started (it can take a couple of days, depending on how many photos/videos you have). Google Takeout is here. Apple Takeout is here.

You will need to create an API key, which will grant access to your instance of Immich. KEEP TRACK OF AND PROTECT THE KEY! Once it is created, the app will not show it to you again, and make sure no one else has the key. Go to http://<ip>:2283/user-settings?isOpen=api-keys or https://<domain>/user-settings?isOpen=api-keys on your instance of Immich and click "New API Key". You can name the key whatever you want (immich-go, for example), select "Select All" checkbox and hit create. Save the API key somewhere safe.

Download the latest version of immich-go on your primary computer from this link. If you are using it on a macOS computer, pick immich-go_Darwin_arm64 or immich-go_Darwin_x86_64. If you are on a Linux computer, pick immich-go_Linux_x86_64. If you are on Windows, pick immich-go_Windows_x86_64.

Unzip the package and open your terminal. You should be able to enter cd Downloads so you can run the immich-go application. With your archives in Downloads, we can upload to Immich.

For example, if you have an iCloud Photos backup, you can run this command:

immich-go upload from-icloud --server=http://<ip>:2283 --api-key=<created api key> "iCloud Photo.zip"

or with domain immich-go upload from-icloud --server=http://domain --api-key=<created api key> "iCloud Photo.zip"

similarily, if you have a Google Photos backup, you can run this command:

immich-go upload from-google-photos --server=http://<ip>:2283 --api-key=<created api key>

or with domain immich-go upload from-google-photos --server=http://<domain> --api-key=<created api key>

Now we have successfully migrated and can decommission our existing services (after verifying that most of the files made it). Time to back up.

Backup

Immich holds two important pieces of information: configuration (your Immich settings) and media (the actual photos and videos). Immich will automatically back up your config to your server, but in order to have a 3-2-1 backup, we need to back up our config and media library to an external drive and cloud storage (or tape or SSD). If you aren't interested in cloud storage (1 offsite), you can back up to an SSD and physically move it (have it live outside of your server location). This tutorial will depict the server, external drive, and cloud backup. If you are hosting Immich in the cloud, 3-2-1 still applies, but you can use Digital Ocean's backup service. Bother Josh about creating a guide for this if you read this.

Backblaze B2

Backblaze B2 is an S3-compatible storage offering, which is one of the cheapest I've seen so far, but there are many S3-compatible storage offerings. S3 is Amazon's Object Storage, and objects are files that are organized for computers, versus filesystems, which have an easier mental model for humans. It allows us to store our backups in a way that makes it easy to store and retrieve them later. The first 10 GB saved are free, and then it $6 per TB per month. There is also their Personal Computer $99/year, which is unlimited, but I don't have a workflow for that at the moment.

We are going to use B2 to save our backups to the cloud. Sign up here. After signing up for an account, we need to create a bucket. A bucket is a container for objects (see files). The name has to be GLOBALLY unique, meaning no one else can have it. For example: immich-<mix of random letters> could work, just make sure to save the bucket name somewhere.

Afterwards, head to the "Application Keys". Scroll down to "Your Application Keys". Click on Add A New Application Key. Fill the "Name of Key" field with something easy to remember. Fill "Allow access to Buckets" with the name of the bucket you created and leave the rest alone. Hit "Create New Key" and then take note of the keyID, keyName, and applicationKey. If you aren't on a shared device, screenshot the box and leave the page open. Now you have everything you need to link Backblaze to the CLI program. The CLI program will allow us to upload at will to our cloud storage and open the door for automation later.

Installing the b2 package is possible via multiple methods, but we will do the binary method (if you don't have Python installed, click on the multiple methods link). Open your command-line and type this command: wget https://github.com/Backblaze/B2_Command_Line_Tool/releases/latest/download/b2-linux. Then run chmod +x ./b2-linux and lastly sudo mv b2-linux /usr/local/bin/b2 this will allow your system to use b2 globally (anywhere on the computer).

You should be able to enter the command ./b2 in your terminal without issue. Now, put in the command b2 account authorize. This will allow you to 'log in' without issue in the future. For "Backblaze application key ID", copy and paste from the page with the key open, and for "Backblaze application key", do the same with the applicationKey. There won't be a display when you copy and paste for an applicationKey, so don't worry about not seeing anything. Afterwards, you should get a bunch of information on the screen confirmation of 'login' success. You are now ready for backup.

Mounting an External Drive

In order to use your external drive on a Linux distribution, you will need to mount it. Don't worry about this for Windows, Mac, or Desktop Linux distros. Here is a link to instructions. After mounting, create a folder in the drive.

cd /media/external
mkdir -p /media/external/immich-backup

Backup Config

To back up the config to the external drive, run this command on your server:

docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | gzip > "immich_config_backup_$(date +%F).sql.gz"

To back up the config to an external drive:

To back up the config to a Backblaze B2:

b2 file upload <bucketname> dump.sql.gz immich_config_backup_$(date +%F).sql.gz

Backup Media

Open a terminal and cd immich to move to your immich folder. Create a zip archive of the media with this command:

sudo tar -czf ./immich_media_backup_$(date +%F).tar.gz ./library

To back up your photos to the external drive, run this command on your server in the same folder.

cp ./immich_media_backup_$(date +%F).tar.gz /media/external/immich-backup/

To back up the media to a Backblaze B2:

b2 file upload <bucketname> ./immich_media_backup_$(date +%F).tar.gz immich_media_backup_$(date +%F).tar.gz

Restore

Restoring is useful if your config gets corrupted or any other loss of data occurs. You restore and back up on the server hosting Immich. If a hard drive goes bad, you should replace it and copy the backups from other sources to it. You can download your latest backup from Backblaze.

You will need to tear down the application in Docker. You will need to cd immich before running the following script. This script tears everything down:

docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch
# rm -rf DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch
docker compose pull             # Update to latest version of Immich (if desired)
docker compose create           # Create Docker containers for Immich apps without running them
docker start immich_postgres    # Start Postgres server
sleep 10                        # Wait for Postgres server to start up

Now you are ready to restore your data.

Unzip

You will need to copy your data from your other sources to your server in a place that is handy if it isn't on your server already. Downloading the latest media and config backup from b2 if need be.

Open a terminal. This example command unzips a media backup from a mounted flash drive to the working directory for immich on the server: tar -xvzf /media/external/immich_media_backup_2025-08-20.tar.gz -C ~/immich

For example: "/mnt/external/immich_media_backup_2025-08-20.tar.gz" is the location of the source/backup, and "-C ~/immich" is where the app lives on the server.

The command below is how you restore the configuration:

gunzip --stdout "/media/external/immich_config_backup_$(date +%F).sql.gz" \
| sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
| docker exec -i immich_postgres psql --dbname=postgres --username=postgres

Then, when you have run the commands for media and config, go ahead and run docker compose up -d. Shortly, you will be able to visit your instance of Immich and will be ready to go.

Conclusion

An alternative to big tech image services is Immich! It's more private, easy to use, and configurable. With this tutorial, we have a 3-2-1 backup, meaning if anything happens, we can replace what broke and restore within an hour. This isn't for everyone, but you are learning skills that will help preserve and protect intangibles that are impossible to replace.

You are now able to install packages on a server, back up, and restore folders, and learned a bit about using the command line. If you have any questions, feel free to join the Discord or DM me!