Immich Machine Learning with Tailscale Integration

This project sets up a Immich Machine Learning instance with Tailscale VPN integration using Docker Compose. It creates a secure, private network connection for your Immich Machine Learning instance using Tailscale.

Prerequisites

• Docker and Docker Compose installed on your system
• A Tailscale account and auth key (get one from https://login.tailscale.com/admin/authkeys)
• Basic understanding of Docker and networking concepts

Project Structure

ts-immich-machine-learning/
├── docker-compose.yml
└── tailscale/
    ├── tailscale-data/     # Persistent Tailscale state
    └── config/             # Tailscale configuration files

Setup Instructions

1. Clone the Repository

   git clone https://gitea.damconsulting.llc/DAM/ts-immich-machine-learning
   cd ts-immich-machine-learning
   

2. Create Required Directories

   mkdir -p tailscale/tailscale-data
   

3. Configure Tailscale

   • Replace {{YOUR_TAILSCALE_AUTHKEY}} in the docker-compose.yml with your actual Tailscale auth key
   • Optionally, update the file in tailscale/config/serve.json if you need specific Tailscale serve configurations
     • CAUTION: Changing "${TS_CERT_DOMAIN}:443": false to true will expose the service to the internet

4. Configure Immich Machine Learning

   • See the documentation for configuration options

5. Start the Services

   docker compose up -d
   

6. Wait for Certificate to propagate [~2m]

7. Configure Immich

   • After starting the services your service should be available via tailnet at https://immich-machine-learning.{{YOUR_TAILNET_DOMAIN}}.ts.net ie https://immich-machine-learning.tail12345.ts.net/
   • Add the new machine learning service to the immich configuration json under the machineLearning.urls as desired. If you are using the basic DAM Immich deployment, and have not changed the base config, there will be a localhost endpoint which points to the immich-machine-learning service from that deployment. update the list according to your desired configuration.

Services

immich-machine-learning-ts (Tailscale)

• Runs Tailscale VPN client
• Image: tailscale/tailscale:latest
• Container name: immich-machine-learning-ts
• Hostname: immich-machine-learning
• Requires NET_ADMIN and SYS_MODULE capabilities
• Persists state in ./tailscale/tailscale-data
• Uses configuration from ./tailscale/config

immich-machine-learning

• Depends on immich-machine-learning-ts service

Usage

• After starting the services your service should be available via tailnet at https://immich-machine-learning.{{YOUR_TAILNET_DOMAIN}}.ts.net ie https://immich-machine-learning.tail12345.ts.net/
• To manually get the Tailscale IP/hostname of your container:

  docker logs immich-machine-learning-ts
  

  Look for the Tailscale IP address in the logs.

Optional Features

• Uncomment and adjust the ports mapping if you need direct access (without Tailscale):

  ports:
  - 3003:3003
  

• Stopping the Services

  docker compose down
  

Troubleshooting

• Check container logs:

  docker logs immich-machine-learning-ts
  docker logs immich-machine-learning
  

• Ensure your Tailscale auth key is valid and not expired
• Verify the configuration files have proper permissions
• Make sure required directories exist before starting

Notes

• The Immich Machine Learning service uses the Tailscale service's network stack via network_mode: service:immich-machine-learning-ts
• Direct port mapping is disabled by default as Tailscale handles the networking
• Services restart automatically unless explicitly stopped
• For more information:
  • Tailscale documentation: https://tailscale.com/kb/
  • Immich Machine Learning documentation
  • Immich Machine Learning repository