Immich & Photo Management Guide#
1. Synology Photo Workflow#
Album Creation#
- In Synology Photo:
- Move images from Personal space to Shared Space.
- Create an album with the moved images.
2. Immich Management#
External Libraries & Albums#
- Scan Libraries: Settings > Administration > External Library > Scan All Libraries.
- Monitor Progress: Jobs > Check when the job is finished.
- Create Album: Main page > Albums > Create Album > Select Photos.
- Sharing: Share with Nadine.
Backup Strategy#
- MacStudio: Use Carbon Copy Cloner to sync HP1 Photos to UNAS.
- UNAS: Backup the Immich folder from UNAS to HP1, HP7, and HP11.
3. Cloudflare Zero Trust: Mobile App Bypass#
Setup Cloudflare bypass access to allow the Immich mobile app to connect without manual Google Auth browser prompts. Reference: Cloudflare Tunnel Guide
Infrastructure Setup#
- Set up the Cloudflare connector via Docker.
- Configure the Application to secure the connector via Google account.
- Add the route for Immich (immich.proxmox.app):
- Path: Zero Trust > Network > Connector > Edit > Published application routes > Add route.
- Type:
http - URL:
10.1.2.231:2283
Create Service Token#
- Go to Zero Trust > Access Control > Service Credentials.
- Click Create Service Token.
- Name:
Immich Mobile Access. - Duration: Non-expiring.
- Important: Copy the Client ID and Client Secret to 1Password immediately.
Configure Access Policy#
- Go to Zero Trust > Access Control > Applications.
- Edit
proxmox.app - Google Auth> Policies > Create new policy. - Policy Name:
Immich Mobile App. - Action:
Bypass. - Rule: Include > Selector > Service Token >
Immich Mobile Access.
Mobile App Configuration#
- In the Immich Mobile App: Settings > Advanced > Custom proxy headers.
- Create the first header:
- Header name:
CF-Access-Client-id - Header value:
[Your_Client_ID_From_1Password]
- Header name:
- Create the second header:
- Header name:
CF-Access-Client-Secret - Header value:
[Your_Client_Secret_From_1Password]
- Header name: