amrit-regmi/immich_edge

immich-edge is a self-hosted helper for Immich, the open-source photo and video backup app many people run on a computer at home. The problem it solves is bandwidth: a home internet upload speed is often too slow when friends or family browse your shared photos from outside the house. immich-edge runs on a cheap rented VPS, a small cloud server, and acts as a fast middle layer that caches thumbnails, previews, and encoded videos so external viewers do not have to wait for your home server every time. The full photo library stays at home. The VPS runs four pieces inside Docker containers. Caddy handles HTTPS using a free Let's Encrypt certificate. Nginx checks authentication and serves the cached files. A small Go service called Auth handles the actual permission checks by calling the Immich API over a private VPN tunnel like Tailscale or WireGuard. In one mode, an rclone background process also pulls thumbnail and video files from the home server on a schedule. There are two cache modes. In proxy mode, Nginx caches files on the fly as people view them, keyed per user so one viewer cannot see another viewer's thumbnails. In static mode, rclone copies the relevant Immich folders to the VPS in the background and Nginx serves them straight from disk. Static mode includes pre-eviction of old files when the cache size limit is reached, an incremental sync for new files, and a full sync once every 24 hours to clean up deleted ones. Every request, whether from a logged-in session, an API key, or a shared link, goes through the same gate. Recent auth results are cached in memory for about ten seconds to avoid a round trip over the VPN on every request. Configuration is by environment variables in a .env file, covering domain, VPN endpoint, cache size, TTLs, rate limits, and rclone settings. Getting started is git clone, edit .env, docker compose up.