Skip to content

Self Hosted

Hosting local https app

Using Caddy for easy self-signed internal certs

Install Caddy on your server.

https://caddyserver.com/docs/install

Edit the Caddy file

sudo nano /etc/caddy/Caddyfile

You'll need to use a different port for https that maps to the Immich port, 2283.

Add the following setting 2282 to use https.

https://192.168.4.173:2282 {
    reverse_proxy http://127.0.0.1:2283
    tls internal
}

You can also do the same with 127.0.0.1:

https://127.0.0.1:2282 {
    reverse_proxy http://127.0.0.1:2283
    tls internal
}

restart the Caddy service

sudo systemctl restart caddy

Trusting the self signed cert

Even though you have an encrypted https connection, the your browser will not recognized the self signed cert as being trusted which can be annoying. To tell your computer to trust your cert do the following

Linux

Copy the Caddy cert to the trusted certs store and update certificates

sudo cp ~/.local/share/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/caddy.crt
sudo update-ca-certificates

You may want to copy the cert to your home location to move it wherever else you need to move it

sudo cp /var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt ~/caddy-root.crt

Windows

  1. Open the Microsoft Management Console (MMC) Press Win + R to open the Run dialog box. Type mmc and press Enter. This will open the Microsoft Management Console.
  2. Add the Certificates Snap-in In the MMC window, click on File in the top-left corner. Select Add/Remove Snap-in. From the list of available snap-ins, choose Certificates and click Add. Choose Computer account and click Next. Select Local computer and click Finish. Click OK to close the snap-in window.
  3. Import the Certificate In the left-hand panel of MMC, expand Certificates (Local Computer). Right-click on Trusted Root Certification Authorities, then select All Tasks → Import. The Certificate Import Wizard will appear. Click Next. Browse to the location of your .crt file (e.g., the root.crt file from Caddy) and select it. Click Next, then choose Place all certificates in the following store and ensure Trusted Root Certification Authorities is selected. Click Next and then Finish to complete the import process. A confirmation message will appear, stating that the import was successful.
  4. Verify the Certificate Import In the MMC window, under Trusted Root Certification Authorities → Certificates, you should now see your Caddy root certificate listed there. You can double-click the certificate to view its details and ensure it is correctly imported.

Creating an Immich.local URL

I only got this working on the Ubuntu virtual machine itself. For some reason, other devices would not recognize immich.local.

Create a caddy block

immich.local {
    reverse_proxy http://127.0.0.1:2283
    tls internal
}

Install avahi

sudo apt install avahi-daemon

to check avahi advertisement

avahi-browse -a

or 

avahi-browse -art

Install avahi-utils

sudo apt install avahi-utils

then I ran 

avahi-publish -a immich.local -R 192.168.4.173

This got it running locally, but not to other devices on the network.