Immich: A Private and Powerful Alternative to Google Photos and Nextcloud Memories
Immich is a self-hosted photo and video backup solution that has been gaining traction among privacy-conscious users. It aims to provide a sleek and performant alternative to mainstream services like Google Photos, while offering the flexibility of being open-source and hosted on your own infrastructure.
Unlike tools like Nextcloud Memories, which piggybacks on the file structure of Nextcloud and relies on plugins (and even fails on a good face detection), Immich is built from the ground up for media management. It supports automatic backups from mobile devices, face detection, albums, map view, search, and more — all without sending your data to third parties.
🛠️ Setting Up Immich with Portainer and Docker Compose
Immich is very easy to deploy using Docker, especially if you’re already using Portainer to manage your containers. Here’s a quick guide to get you started:
🔧 Prerequisites
- Docker and Docker Compose installed
- Portainer setup (optional but recommended)
- A domain and reverse proxy (e.g., NGINX with Let’s Encrypt - useful if you want to access Immich from outside your LAN)
📄 Docker Compose Example
- Head to Immich’s Portainer guide.
- Use their provided stack template or paste the Docker Compose YAML into Portainer:
I would highly recommend not to use the
releasetag for the docker container - you should never use such a tag (orlatest), because restarting the container may result in an unwanted upgrade!
Deploy the stack and wait for all services to come up.
Access Immich via your configured domain and create your first user (this will be the admin account).
🔐 Security Concerns: No 2FA?
Initially, I was excited about Immich, but then I hit a wall — there is no native 2FA (Two-Factor Authentication) support yet.
For someone who takes self-hosting and digital security seriously, this was a letdown. Fortunately, there’s a workaround…
🔁 Coupling Immich with Nextcloud Using OAuth/OIDC
Immich supports OAuth2/OpenID Connect for authentication. I integrated it with my Nextcloud instance using the OIDC app.
✅ Benefits:
- Seamless login with existing Nextcloud users
- Leverages Nextcloud’s 2FA capabilities
- One central identity provider (SSO-like experience)
You can find the official setup guide here: Immich OAuth Setup
Make sure you:
- Install and configure the OIDC app on Nextcloud
- Register Immich as a client
- Provide the correct redirect URIs and credentials
Pitfalls: When adding Nextcloud as an OAuth provider, you need to use the following URL path
https://<FQDN>/index.php/.well-known/openid-configuration. If you want to use the Immich smartphone app too, you need to add a second redirect URI in Nextcloud too:app.immich:///oauth-callback!
🛡️ Extra Layer: Basic Auth on NGINX for Remote Access
Since Immich’s mobile app requires access over the internet, I added basic HTTP authentication on my NGINX reverse proxy. This acts as a first gate before reaching Immich’s login screen.
🔑 Why add Basic Auth?
- Prevent brute-force or bot attacks
- Adds an extra authentication layer
🗂️ Organizing Media: Apply a Storage Template
To keep your file system tidy and ensure media files are structured in a way that makes sense, Immich supports storage templates. These templates determine how your uploaded photos and videos are stored on disk.
✨ Benefits of Storage Templates:
- Easier to browse or back up manually
- Reduces clutter and flat folder structures
- Keeps related media grouped together (e.g., by year/month/user)
You can customize this from the admin settings under:
1
Settings → Server → Storage Template
For example, using the following template:
1
{{y}}/{{MM}}/{{filename}}
Will organize uploads like this:
1
2
3
4
5
uploads/
└── user123/
└── 2024/
└── 04/
└── myphoto.jpg
More on this here: Immich Storage Template Docs
🚚 Migrating from Google Photos with immich-go
The migration process from Google Photos was surprisingly smooth thanks to immich-go, a dedicated migration tool.
🧳 Features of immich-go:
- Reads your Google Takeout archive
- Uploads directly to your Immich instance
- Preserves metadata (timestamps, albums, etc.)
I just had to:
- Extract the Takeout ZIP
- Configure the tool with my Immich URL and access token
- Run it — and watch years of memories migrate effortlessly
🧠 Final Thoughts
Immich is an incredible tool for anyone looking to own their data without compromising on features. While the lack of 2FA might scare off some users, pairing it with Nextcloud as an identity provider and reverse proxy authentication can easily bridge that gap.
The migration from Google Photos was painless, and now I have full control over my photo library — fast, searchable, and private.
If you’re managing a home server or NAS and looking to replace Google Photos or Nextcloud Memories, Immich is well worth a try.