Environment Variables


To change environment variables, you must recreate the Immich containers. Just restarting the containers does not replace the environment within the container!

In order to recreate the container using docker compose, run docker compose up -d. In most cases docker will recognize that the .env file has changed and recreate the affected containers. If this does not work, try running docker compose up -d --force-recreate.

Docker Compose

IMMICH_VERSIONImage tagsreleaseserver, machine learning
UPLOAD_LOCATIONHost path for uploadsserver
DB_DATA_LOCATIONHost path for Postgres databasedatabase

These environment variables are used by the docker-compose.yml file and do NOT affect the containers directly.


IMMICH_ENVEnvironment (production, development)productionserver, machine learningapi, microservices
IMMICH_LOG_LEVELLog level (verbose, debug, log, warn, error)logserver, machine learningapi, microservices
IMMICH_MEDIA_LOCATIONMedia location inside the container ⚠️You probably shouldn't set this*2⚠️./upload*3serverapi, microservices
IMMICH_CONFIG_FILEPath to config fileserverapi, microservices
NO_COLORSet to true to disable color-coded log outputfalseserver, machine learning
CPU_CORESNumber of cores available to the Immich serverauto-detected CPU core countserver
IMMICH_API_METRICS_PORTPort for the OTEL metrics8081serverapi
IMMICH_MICROSERVICES_METRICS_PORTPort for the OTEL metrics8082servermicroservices
IMMICH_PROCESS_INVALID_IMAGESWhen true, generate thumbnails for invalid imagesservermicroservices
IMMICH_TRUSTED_PROXIESList of comma-separated IPs set as trusted proxiesserverapi
IMMICH_IGNORE_MOUNT_CHECK_ERRORSSee System Integrityserverapi, microservices

*1: TZ should be set to a TZ identifier from this list. For example, TZ="Etc/UTC". TZ is used by exiftool as a fallback in case the timezone cannot be determined from the image metadata. It is also used for logfile timestamps and cron job execution.

*2: This path is where the Immich code looks for the files, which is internal to the docker container. Setting it to a path on your host will certainly break things, you should use the UPLOAD_LOCATION variable instead.

*3: With the default WORKDIR of /usr/src/app, this path will resolve to /usr/src/app/upload. It only needs to be set if the Immich deployment method is changing.


IMMICH_WORKERS_INCLUDEOnly run these workers.server
IMMICH_WORKERS_EXCLUDEDo not run these workers. Matches against default workers, or IMMICH_WORKERS_INCLUDE if specified.server

IMMICH_HOSTListening host0.0.0.0
IMMICH_PORTListening port2283 (server), 3003 (machine learning)


DB_URLDatabase URLserver
DB_HOSTNAMEDatabase hostdatabaseserver
DB_PORTDatabase port5432server
DB_USERNAMEDatabase userpostgresserver, database*1
DB_PASSWORDDatabase passwordpostgresserver, database*1
DB_DATABASE_NAMEDatabase nameimmichserver, database*1
DB_VECTOR_EXTENSION*2Database vector extension (one of [pgvector,])pgvecto.rsserver
DB_SKIP_MIGRATIONSWhether to skip running migrations on startup (one of [true, false])falseserver

*1: The values of DB_USERNAME, DB_PASSWORD, and DB_DATABASE_NAME are passed to the Postgres container as the variables POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB in docker-compose.yml.

*2: This setting cannot be changed after the server has successfully started up.


All DB_ variables must be provided to all Immich workers, including api and microservices.

DB_URL must be in the format postgresql://immichdbusername:immichdbpassword@postgreshost:postgresport/immichdatabasename. You can require SSL by adding ?sslmode=require to the end of the DB_URL string, or require SSL and skip certificate verification by adding ?sslmode=require&sslmode=no-verify.

When DB_URL is defined, the DB_HOSTNAME, DB_PORT, DB_USERNAME, DB_PASSWORD and DB_DATABASE_NAME database variables are ignored.


REDIS_URLRedis URLserver
REDIS_SOCKETRedis socketserver
REDIS_HOSTNAMERedis hostredisserver
REDIS_PORTRedis port6379server
REDIS_USERNAMERedis usernameserver
REDIS_PASSWORDRedis passwordserver
REDIS_DBINDEXRedis DB index0server

All REDIS_ variables must be provided to all Immich workers, including api and microservices.

REDIS_URL must start with ioredis:// and then include a base64 encoded JSON string for the configuration. More information can be found in the upstream ioredis documentation.


Redis (Sentinel) URL example JSON before encoding:

"sentinels": [
"host": "redis-sentinel-node-0",
"port": 26379
"host": "redis-sentinel-node-1",
"port": 26379
"host": "redis-sentinel-node-2",
"port": 26379
"name": "redis-sentinel"

Machine Learning

MACHINE_LEARNING_MODEL_TTLInactivity time (s) before a model is unloaded (disabled if <= 0)300machine learning
MACHINE_LEARNING_MODEL_TTL_POLL_SInterval (s) between checks for the model TTL (disabled if <= 0)10machine learning
MACHINE_LEARNING_CACHE_FOLDERDirectory where models are downloaded/cachemachine learning
MACHINE_LEARNING_REQUEST_THREADS*1Thread count of the request thread pool (disabled if <= 0)number of CPU coresmachine learning
MACHINE_LEARNING_MODEL_INTER_OP_THREADSNumber of parallel model operations1machine learning
MACHINE_LEARNING_MODEL_INTRA_OP_THREADSNumber of threads for each model operation2machine learning
MACHINE_LEARNING_WORKERS*2Number of worker processes to spawn1machine learning
MACHINE_LEARNING_HTTP_KEEPALIVE_TIMEOUT_S*3HTTP Keep-alive time in seconds2machine learning
MACHINE_LEARNING_WORKER_TIMEOUTMaximum time (s) of unresponsiveness before a worker is killed120 (300 if using OpenVINO)machine learning
MACHINE_LEARNING_PRELOAD__CLIP__TEXTUALComma-separated list of (textual) CLIP model(s) to preload and cachemachine learning
MACHINE_LEARNING_PRELOAD__CLIP__VISUALComma-separated list of (visual) CLIP model(s) to preload and cachemachine learning
MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__RECOGNITIONComma-separated list of (recognition) facial recognition model(s) to preload and cachemachine learning
MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__DETECTIONComma-separated list of (detection) facial recognition model(s) to preload and cachemachine learning
MACHINE_LEARNING_ANNEnable ARM-NN hardware acceleration if supportedTruemachine learning
MACHINE_LEARNING_ANN_FP16_TURBOExecute operations in FP16 precision: increasing speed, reducing precision (applies only to ARM-NN)Falsemachine learning
MACHINE_LEARNING_ANN_TUNING_LEVELARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)2machine learning
MACHINE_LEARNING_DEVICE_IDS*4Device IDs to use in multi-GPU environments0machine learning
MACHINE_LEARNING_MAX_BATCH_SIZE__FACIAL_RECOGNITIONSet the maximum number of faces that will be processed at once by the facial recognition modelNone (1 if using OpenVINO)machine learning
MACHINE_LEARNING_PING_TIMEOUTHow long (ms) to wait for a PING response when checking if an ML server is available2000server
MACHINE_LEARNING_AVAILABILITY_BACKOFF_TIMEHow long to ignore ML servers that are offline before trying again30000server
MACHINE_LEARNING_RKNNEnable RKNN hardware acceleration if supportedTruemachine learning
MACHINE_LEARNING_RKNN_THREADSHow many threads of RKNN runtime should be spinned up while inferencing.1machine learning

*1: It is recommended to begin with this parameter when changing the concurrency levels of the machine learning service and then tune the other ones.

*2: Since each process duplicates models in memory, changing this is not recommended unless you have abundant memory to go around.

*3: For scenarios like HPA in K8S.

*4: Using multiple GPUs requires MACHINE_LEARNING_WORKERS to be set greater than 1. A single device is assigned to each worker in round-robin priority.


While the textual model is the only one required for smart search, some users may experience slow first searches due to backups triggering loading of the other models into memory, which blocks other requests until completed. To avoid this, you can preload the other models (visual, recognition, and detection) if you have enough RAM to do so.

Additional machine learning parameters can be tuned from the admin UI.


IMMICH_TELEMETRY_INCLUDECollect these telemetries. List of host, api, io, repo, job. Note: You can also specify all to enable allserverapi, microservices
IMMICH_TELEMETRY_EXCLUDEDo not collect these telemetries. List of host, api, io, repo, jobserverapi, microservices

Docker Secrets

The following variables support the use of Docker secrets for additional security.

To use any of these, replace the regular environment variable with the equivalent _FILE environment variable. The value of the _FILE variable should be set to the path of a file containing the variable value.

Regular VariableEquivalent Docker Secrets '_FILE' Variable

*1: See the official documentation for details on how to use Docker Secrets in the Postgres image.

*2: See this comment for an example of how to use a Docker secret for the password in the Redis container.