📸 How I Self-Hosted a Smart Photo Album with Face Detection - Free, Secure, and Private

🧠 Why I Did This

Google Photos is a popular and convenient option for storing and managing your photos — no doubt. But once you run out of free storage (15GB shared across Gmail, Drive, and Photos), you’re stuck either:

• Paying a monthly fee

• Compressing your precious photos

• Or manually managing space

And beyond storage, there's another issue - your data lives on someone else's servers, often scanned, categorized, and used to train models.

That’s when I decided to take control and build my own smart photo system. With Immich and Cloudflare Tunnel, I now have:

• AI-powered face and object detection

• A Google Photos–like timeline

• Unlimited uploads

• Zero cost

• And most importantly — complete privacy

🚀 What You’ll Get

By the end of this guide, you'll have:

✅ A private, feature-rich photo album
✅ Accessible from anywhere on your custom domain
✅ With face detection, object tagging, and smart search
✅ Running entirely on your own device
✅ Free, encrypted, and zero third-party storage

🔧 Architecture Overview

• Immich running locally via Docker

• Cloudflare Tunnel to expose it to the internet

• Custom domain (e.g., photos.mydomain.com)

• HTTPS and WAF via Cloudflare

• Amphetamine to keep your Mac always awake

• Monitoring script to alert you on service downtime

🐳 Step 1: Set Up Immich Locally with Docker

Clone and run the official Docker setup:

git clone https://github.com/immich-app/immich.git 
cd immich 
cp .env.example .env 
docker compose up -d 

Access Immich at http://localhost:2283, register your account, and you're ready to start uploading and tagging.

🌐 Step 2: Expose Immich via Cloudflare Tunnel (Token Method)

Cloudflare Tunnel is magic — it securely exposes your local service to the web without exposing your IP or messing with NAT/firewall.

✅ Setup:

1. Sign up at Cloudflare, add your domain

2. Install cloudflared:

brew install cloudflared

1. Create a tunnel from the dashboard, and copy the one-liner:

cloudflared tunnel run --token <your-unique-token> 

1. Run the command — your Immich instance is now live at https://photos.yourdomain.com!

2. Want it to run on startup? Install it as a background service:

cloudflared service install --token <your-unique-token> 

🌍 Step 3: Set DNS and Routing in Cloudflare

In your Cloudflare dashboard:

• Go to DNS → Add CNAME for photos → point it to your-tunnel-id.cfargotunnel.com

• Enable the orange cloud proxy toggle (for HTTPS + DDoS protection)

• Your site is now publicly accessible with end-to-end encryption!

💡 Keep Your Mac Awake with Amphetamine

Since this setup runs from your Mac, you want to make sure it doesn’t sleep or suspend Docker/tunnel processes.

I used Amphetamine — a free utility to keep your machine awake:

• Runs silently in the menu bar

• Allows conditional triggers (e.g., keep awake when Docker is running)

• Perfect for long-running home servers

🖥️ Optional: Run It on an Old Mac Mini or Spare Laptop

To free up your main machine, consider running Immich on:

• 🧠 An old Mac Mini (Intel or M1)

• 💻 A spare laptop (Linux/macOS/Windows with WSL2)

• 🧊 A Raspberry Pi 4 or Jetson Nano (works well, especially with GPU)

Tip: Connect it via Ethernet, and use Amphetamine or caffeinate CLI to prevent sleep.

📟 Bonus: Minimal Monitoring Script

You can set up a basic check to ensure your Immich server is running and alert you via email or webhook if it crashes.

Here's a sample Bash script (check-immich.sh):

#!/bin/bash

URL="http://localhost:2283"
STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$URL")

if [ "$STATUS" -ne 200 ]; then
 echo "Immich down! Status: $STATUS" \
 | mail -s "Immich Alert" [email protected]
fi

Run it via cron every 5 minutes:

*/5 * * * * /path/to/check-immich.sh 

Or integrate with Slack/Webhook/Pushover for mobile alerts.

🧠 Immich Features You'll Love

• 📸 Face recognition and grouping

• 🧠 Object detection (e.g., find “beach” or “bike” photos)

• 🔎 Smart search by date, location, or tags

• 📆 Google Photos–like timeline

• 🗂️ Custom albums

• 📲 Mobile app for auto-uploads from iOS/Android

• 👨👩👧👦 Multiple users with shared albums

🔒 Privacy & Security Highlights

• Zero third-party access — all media and metadata stays local

• Cloudflare handles HTTPS and firewall

• No port forwarding — reduces exposure to attacks

• Open-source and auditable codebase

✅ Final Thoughts

With Immich + Cloudflare Tunnel, I now have a fully private, intelligent photo album:

• 🆓 Free

• 🔒 Secure

• 🌍 Globally accessible

• 📡 Always running

• 🧠 Packed with AI smarts — all local

This was one of the most satisfying weekend projects I’ve done — and now I own my memories, fully.

🔗 Resources

• Immich GitHub

• Cloudflare Tunnel Docs

• Amphetamine for macOS

• Photo by Soragrit Wongsa on Unsplash