Version v1.47.3

* feat(nginx): refactor + ipv6 + increased buffer

* Revert changes to proxy buffering

* remove commented lines

.editorconfig

@@ -0,0 +1,19 @@
+# Editor configuration, see https://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{ts,js}]
+quote_type = single
+
+[*.{md,mdx}]
+max_line_length = off
+trim_trailing_whitespace = false
+
+[*.{yml,yaml}]
+quote_type = double

.github/DISCUSSION_TEMPLATE/feature-request.yaml

@@ -0,0 +1,24 @@
+title: "[Feature] <feature-name-goes-here>"
+labels: ["feature"]
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please use this form to request new feature for Immich
+  - type: textarea
+    id: feature
+    attributes:
+      label: The feature
+    validations:
+      required: true
+
+  - type: checkboxes
+    validations:
+      required: true
+    attributes:
+      label: Platform
+      options:
+        - label: Server
+        - label: Web
+        - label: Mobile

.github/FUNDING.yml

@@ -1,4 +1,5 @@
 # These are supported funding model platforms
 
 github: alextran1502
+liberapay: alex.tran1502
 custom: https://www.buymeacoffee.com/altran1502

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,46 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: '[BUG] <title>'
-labels: bug, need triage
-assignees: ''
-
----
-
-<!--
-Note: Please search to see if an issue already exists for the bug you encountered.
--->
-
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**Task List**
-
-*Please complete the task list below. We need this information to help us reproduce the bug or point out problems in your setup. You are not providing enough info may delay our effort to help you.*
-
-- [ ] I have read thoroughly the README setup and installation instructions.
-- [ ] I have included my `docker-compose` file.
-- [ ] I have included my redacted `.env` file.
-- [ ] I have included information on my machine, and environment.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**System**
-- Phone OS [iOS, Android]: `<version>`
-- Server Version: `<version>`
-- Mobile App Version: `<version>`
-
-**Additional context**
-Add any other context about the problem here.

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,100 @@
+name: Report an issue with Immich
+description: Report an issue with Immich
+labels: ["bug", "need triage"]
+title: "[BUG] <title>"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This issue form is for reporting bugs only!
+
+        If you have a feature or enhancement request, please use the [feature request][fr] section of our [GitHub Discussions][fr].
+
+        [fr]: https://github.com/immich-app/immich/discussions/new?category=feature-request
+
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: The bug
+      description: >-
+        Describe the issue you are experiencing here, to communicate to the
+        maintainers. Tell us what you were trying to do and what happened.
+
+        Provide a clear and concise description of what the problem is.
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Environment
+
+  - type: input
+    validations:
+      required: true
+    attributes:
+      label: The OS that Immich Server is running on
+      placeholder: Ubuntu 22.10, Debian, Arch...etc
+
+  - type: input
+    id: version
+    validations:
+      required: true
+    attributes:
+      label: Version of Immich Server
+      placeholder: v1.0.0
+
+  - type: input
+    validations:
+      required: true
+    attributes:
+      label: Version of Immich Mobile App
+      placeholder: v1.0.0
+
+  - type: checkboxes
+    validations:
+      required: true
+    attributes:
+      label: Platform with the issue
+      options:
+        - label: Server
+        - label: Web
+        - label: Mobile
+
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Your docker-compose.yml content
+      render: YAML
+
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Your .env content
+      description: Please provide the redacted .env content of your setup
+      render: Shell
+
+  - type: textarea
+    id: repro
+    attributes:
+      label: Reproduction steps
+      description: "How do you trigger this bug? Please walk us through it step by step."
+      value: |
+        1.
+        2.
+        3.
+        ...
+      render: bash
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Additional information
+      description: >
+        If you have any additional information for us, use the field below.
+
+  - type: markdown
+    attributes:
+      value: Thank you for submitting the form

.github/ISSUE_TEMPLATE/config.yml

@@ -1 +1,11 @@
 blank_issues_enabled: false
+contact_links:
+  - name: I have a question or need support
+    url: https://discord.gg/D8JsnBEuKb
+    about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
+  - name: Feature Request
+    url: https://github.com/immich-app/immich/discussions/new?category=feature-request
+    about: Please use our GitHub Discussion for making feature requests.
+  - name: I'm unsure where to go
+    url: https://discord.gg/D8JsnBEuKb
+    about: If you are unsure where to go, then joining our Discord is recommended; Just ask!

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -1,32 +0,0 @@
-name: Feature Request
-description: Request a feature that you would like for the app
-title: "[Feature]: "
-labels: ["feature", "need triage"]
-assignees:
-  - ""
-
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this feature request!
-
-  - type: textarea
-    id: feature-detail
-    attributes:
-      label: Feature detail
-      placeholder: Describe the feature you would like to see for the app
-    validations:
-      required: true
-
-  - type: dropdown
-    id: platform
-    attributes:
-      label: Platform
-      description: Choose the platform for the feature
-      options:
-        - Web
-        - Mobile App
-        - Server
-    validations:
-      required: true

.github/workflows/build-mobile.yml

@@ -0,0 +1,67 @@
+name: Build Mobile
+
+on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      ref:
+        required: false
+        type: string
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  build-sign-android:
+    name: Build and sign Android
+    runs-on: macos-12
+
+    steps:
+      - name: Determine ref
+        id: get-ref
+        run: |
+          input_ref="${{ inputs.ref }}"
+          github_ref="${{ github.sha }}"
+          ref="${input_ref:-$github_ref}"
+          echo "ref=$ref" >> $GITHUB_OUTPUT
+          
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ steps.get-ref.outputs.ref }}
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: "zulu"
+          java-version: "12.x"
+          cache: "gradle"
+
+      - name: Setup Flutter SDK
+        uses: subosito/flutter-action@v2
+        with:
+          channel: "stable"
+          flutter-version: "3.7.3"
+          cache: true
+
+      - name: Create the Keystore
+        env:
+          KEY_JKS: ${{ secrets.KEY_JKS }}
+        working-directory: ./mobile
+        run: echo $KEY_JKS | base64 -d > android/key.jks
+
+      - name: Get Packages
+        working-directory: ./mobile
+        run: flutter pub get
+
+      - name: Build Android App Bundle
+        working-directory: ./mobile
+        env:
+          ALIAS: ${{ secrets.ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
+          ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
+        run: flutter build apk --release
+
+      - name: Publish Android Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: release-apk-signed
+          path: mobile/build/app/outputs/flutter-apk/app-release.apk

.github/workflows/build_push_docker_latest.yml

@@ -1,152 +0,0 @@
-name: Build and Push Docker Image - Latest
-
-on:
-  workflow_dispatch:
-  push:
-    branches: [main]
-
-jobs:
-  # This image include both the server and microservices - the two containers can be slitted into separated
-  # service with its coressponding entry file.
-  build_and_push_server_monorepo_latest:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and push Immich Mono Repo
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./server
-          file: ./server/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            altran1502/immich-server:latest
-            ghcr.io/${{ github.repository_owner }}/immich-server:latest
-
-  build_and_push_machine_learning_latest:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Machine Learning
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./machine-learning
-          file: ./machine-learning/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            altran1502/immich-machine-learning:latest
-            ghcr.io/${{ github.repository_owner }}/immich-machine-learning:latest
-
-  build_and_push_web_latest:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Web
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./web
-          file: ./web/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          target: prod
-          push: true
-          tags: |
-            altran1502/immich-web:latest
-            ghcr.io/${{ github.repository_owner }}/immich-web:latest
-
-  build_and_push_nginx_latest:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Proxy
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./nginx
-          file: ./nginx/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: true
-          tags: |
-            altran1502/immich-proxy:latest
-            ghcr.io/${{ github.repository_owner }}/immich-proxy:latest

.github/workflows/build_push_docker_staging.yml

@@ -1,168 +0,0 @@
-name: Build and Push Docker Image - Staging
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches: [main]
-
-jobs:
-  # This image include both the server and microservices - the two containers can be slitted into separated
-  # service with its coressponding entry file.
-  build_and_push_server_monorepo_staging:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and push Immich Mono Repo
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./server
-          file: ./server/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'pull_request' && github.repository == 'immich-app/immich' }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            altran1502/immich-server:staging
-            altran1502/immich-server:${{ github.event.pull_request.number }}
-            ghcr.io/${{ github.repository_owner }}/immich-server:staging
-            ghcr.io/${{ github.repository_owner }}/immich-server:${{ github.event.pull_request.number }}
-
-  build_and_push_machine_learning_staging:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Machine Learning
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./machine-learning
-          file: ./machine-learning/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'pull_request' && github.repository == 'immich-app/immich' }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            altran1502/immich-machine-learning:staging
-            altran1502/immich-machine-learning:${{ github.event.pull_request.number }}
-            ghcr.io/${{ github.repository_owner }}/immich-machine-learning:staging
-            ghcr.io/${{ github.repository_owner }}/immich-machine-learning:${{ github.event.pull_request.number }}
-
-  build_and_push_web_staging:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Web
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./web
-          file: ./web/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          target: prod
-          push: ${{ github.event_name == 'pull_request' && github.repository == 'immich-app/immich' }}
-          tags: |
-            altran1502/immich-web:staging
-            altran1502/immich-web:${{ github.event.pull_request.number }}
-            ghcr.io/${{ github.repository_owner }}/immich-web:staging
-            ghcr.io/${{ github.repository_owner }}/immich-web:${{ github.event.pull_request.number }}
-
-  build_and_push_nginx_staging:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        if: ${{ github.repository == 'immich-app/immich' }}
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Proxy
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./nginx
-          file: ./nginx/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'pull_request' && github.repository == 'immich-app/immich' }}
-          tags: |
-            altran1502/immich-proxy:staging
-            altran1502/immich-proxy:${{ github.event.pull_request.number }}
-            ghcr.io/${{ github.repository_owner }}/immich-proxy:staging
-            ghcr.io/${{ github.repository_owner }}/immich-proxy:${{ github.event.pull_request.number }}

.github/workflows/build_push_server_release.yml

@@ -1,197 +0,0 @@
-name: Build and push Docker image - Release
-
-on:
-  workflow_dispatch:
-  release:
-    types: [published]
-
-jobs:
-  build_and_push_server_monorepo_release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          ref: 'main'
-          fetch-depth: 0
-
-      - name: 'Get Previous tag'
-        id: previoustag
-        uses: 'WyriHaximus/github-action-get-previous-tag@v1'
-        with:
-          fallback: latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push immich-server release
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./server
-          file: ./server/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            altran1502/immich-server:${{ steps.previoustag.outputs.tag }}
-            altran1502/immich-server:release
-            ghcr.io/${{ github.repository_owner }}/immich-server:${{ steps.previoustag.outputs.tag }}
-            ghcr.io/${{ github.repository_owner }}/immich-server:release
-
-  build_and_push_machine_learning_release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: 'Get Previous tag'
-        id: previoustag
-        uses: 'WyriHaximus/github-action-get-previous-tag@v1'
-        with:
-          fallback: latest
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and Push Machine Learning
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./machine-learning
-          file: ./machine-learning/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            altran1502/immich-machine-learning:${{ steps.previoustag.outputs.tag }}
-            altran1502/immich-machine-learning:release
-            ghcr.io/${{ github.repository_owner }}/immich-machine-learning:${{ steps.previoustag.outputs.tag }}
-            ghcr.io/${{ github.repository_owner }}/immich-machine-learning:release
-
-  build_and_push_web_release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          ref: 'main'
-          fetch-depth: 0
-
-      - name: 'Get Previous tag'
-        id: previoustag
-        uses: 'WyriHaximus/github-action-get-previous-tag@v1'
-        with:
-          fallback: latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push immich-web release
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./web
-          file: ./web/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          target: prod
-          tags: |
-            altran1502/immich-web:${{ steps.previoustag.outputs.tag }}
-            altran1502/immich-web:release
-            ghcr.io/${{ github.repository_owner }}/immich-web:${{ steps.previoustag.outputs.tag }}
-            ghcr.io/${{ github.repository_owner }}/immich-web:release
-
-  build_and_push_nginx_release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          ref: 'main'
-          fetch-depth: 0
-
-      - name: 'Get Previous tag'
-        id: previoustag
-        uses: 'WyriHaximus/github-action-get-previous-tag@v1'
-        with:
-          fallback: latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.1.0
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2.2.1
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push immich-proxy release
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: ./nginx
-          file: ./nginx/Dockerfile
-          platforms: linux/arm/v7,linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: |
-            altran1502/immich-proxy:release
-            altran1502/immich-proxy:${{ steps.previoustag.outputs.tag }}
-            ghcr.io/${{ github.repository_owner }}/immich-proxy:${{ steps.previoustag.outputs.tag }}
-            ghcr.io/${{ github.repository_owner }}/immich-proxy:release

.github/workflows/cache-cleanup.yml

@@ -0,0 +1,33 @@
+name: Clean up actions cache on PR close
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+          
+          REPO=${{ github.repository }}
+          BRANCH=${{ github.ref }}
+
+          echo "Fetching list of cache keys"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+
+          ## Setting this to not fail the workflow while deleting cache keys. 
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/dispatch_sdk_update.yml

@@ -8,6 +8,7 @@ on:
 jobs:
   update-sdk-repos:
     runs-on: ubuntu-latest
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - uses: actions/github-script@v6
         with:

.github/workflows/docker.yml

@@ -0,0 +1,101 @@
+name: Build and Push Docker Images
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  release:
+    types: [published]
+
+jobs:
+  build_and_push:
+    runs-on: ubuntu-latest
+    strategy:
+      # Prevent a failure in one image from stopping the other builds
+      fail-fast: false
+      matrix:
+        include:
+          - context: "server"
+            image: "immich-server"
+          - context: "web"
+            image: "immich-web"
+          - context: "machine-learning"
+            image: "immich-machine-learning"
+          - context: "nginx"
+            image: "immich-proxy"
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2.1.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2.4.1
+        # Workaround to fix error:
+        # failed to push: failed to copy: io: read/write on closed pipe
+        # See https://github.com/docker/build-push-action/issues/761
+        with:
+          driver-opts: |
+            image=moby/buildkit:v0.10.6
+
+      - name: Login to Docker Hub
+        # Only push to Docker Hub when making a release
+        if: ${{ github.event_name == 'release' }}
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        # Skip when PR from a fork
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          flavor: |
+            # Disable latest tag
+            latest=false
+          images: |
+            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
+            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
+          tags: |
+            # Tag with branch name
+            type=ref,event=branch
+            # Tag with pr-number
+            type=ref,event=pr
+            # Tag with git tag on release
+            type=ref,event=tag
+            type=raw,value=release,enable=${{ github.event_name == 'release' }}
+
+      - name: Determine build cache output
+        id: cache-target
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            # Essentially just ignore the cache output (PR can't write to registry cache)
+            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
+          else
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push image
+        uses: docker/build-push-action@v4.0.0
+        with:
+          context: ${{ matrix.context }}
+          platforms: linux/arm/v7,linux/amd64,linux/arm64
+          # Skip pushing when PR from a fork
+          push: ${{ !github.event.pull_request.head.repo.fork }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
+          cache-to: ${{ steps.cache-target.outputs.cache-to }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}

.github/workflows/prepare-release.yml

@@ -0,0 +1,78 @@
+name: Prepare new release
+
+on:
+  workflow_dispatch:
+    inputs:
+      serverBump:
+        description: "Bump server version"
+        required: true
+        default: "false"
+        type: choice
+        options:
+          - "false"
+          - minor
+          - patch
+      mobileBump:
+        description: "Bump mobile build number"
+        required: false
+        type: boolean
+
+jobs:
+  bump_version:
+    runs-on: ubuntu-latest
+    
+    outputs:
+      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}
+
+      - name: Bump version
+        run: misc/release/pump-version.sh -s "${{ inputs.serverBump }}" -m "${{ inputs.mobileBump }}"
+
+      - name: Commit and tag
+        id: push-tag
+        uses: EndBug/add-and-commit@v9
+        with:
+          author_name: Immich Release Bot
+          author_email: bot@immich.app
+          message: "Version ${{ env.IMMICH_VERSION }}"
+          tag: ${{ env.IMMICH_VERSION }}
+          push: true
+          
+  build_mobile:
+    uses: ./.github/workflows/build-mobile.yml
+    needs: bump_version
+    secrets: inherit
+    with:
+      ref: ${{ needs.bump_version.outputs.ref }}
+
+  prepare_release:
+    runs-on: ubuntu-latest
+    needs: build_mobile
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}
+          
+      - name: Download APK
+        uses: actions/download-artifact@v3
+        with:
+          name: release-apk-signed
+
+      - name: Create draft release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          tag_name: ${{ env.IMMICH_VERSION }}
+          generate_release_notes: true
+          body_path: misc/release/notes.tmpl
+          files: |
+            docker/docker-compose.yml
+            docker/example.env
+            *.apk

.github/workflows/static_analysis.yml

@@ -0,0 +1,31 @@
+name: Static Code Analysis
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  mobile-dart-analyze:
+    name: Run Dart Code Analysis
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Flutter SDK
+        uses: subosito/flutter-action@v2
+        with:
+          channel: 'stable'
+          flutter-version: '3.7.3'
+
+      - name: Install dependencies
+        run: dart pub get
+        working-directory: ./mobile
+
+      - name: Run dart analyze
+        run: dart analyze --fatal-infos
+        working-directory: ./mobile
+

.github/workflows/test.yml

@@ -39,3 +39,56 @@ jobs:
 
       - name: Run tests
         run: cd web && npm ci && npm run check:all
+
+  mobile-unit-tests:
+    name: Run mobile unit tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup Flutter SDK
+        uses: subosito/flutter-action@v2
+        with:
+          channel: 'stable'
+          flutter-version: '3.7.3'
+      - name: Run tests
+        working-directory: ./mobile
+        run: flutter test
+
+  mobile-integration-tests:
+    name: Run mobile end-to-end integration tests
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'adopt'
+          java-version: '11'
+      - name: Cache android SDK
+        uses: actions/cache@v3
+        id: android-sdk
+        with:
+          key: android-sdk
+          path: |
+            /usr/local/lib/android/
+            ~/.android
+      - name: Setup Android SDK
+        if: steps.android-sdk.outputs.cache-hit != 'true'
+        uses: android-actions/setup-android@v2
+      - name: Setup Flutter SDK
+        uses: subosito/flutter-action@v2
+        with:
+          channel: 'stable'
+          flutter-version: '3.7.3'
+      - name: Run integration tests
+        uses: reactivecircus/android-emulator-runner@v2.27.0
+        with:
+          working-directory: ./mobile
+          api-level: 29
+          arch: x86_64
+          profile: pixel
+          target: default
+          emulator-options: -no-window -gpu swiftshader_indirect -no-snapshot -noaudio -no-boot-anim
+          disable-linux-hw-accel: false
+          script: |
+            flutter pub get
+            flutter test integration_test

.gitignore

@@ -4,3 +4,9 @@
 .idea
 
 docker/upload
+uploads
+coverage
+
+mobile/gradle.properties
+mobile/openapi/pubspec.lock
+mobile/*.jks

README.md

@@ -30,6 +30,7 @@
 ## Content
 
 - [Official Documentation](https://immich.app/docs)
+- [Roadmap](https://github.com/orgs/immich-app/projects/1)
 - [Demo](#demo)
 - [Features](#features)
 - [Introduction](https://immich.app/docs/overview/introduction)
@@ -78,6 +79,7 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 | OAuth support                               | Yes     | Yes |
 | LivePhoto backup and playback               | iOS     | Yes |
 | User-defined storage structure              | Yes     | Yes |
+| Public Sharing                              | N/A     | Yes |
 
 # Support the project
 
@@ -91,6 +93,9 @@ If you feel like this is the right cause and the app is something you are seeing
 
 - [Monthly donation](https://github.com/sponsors/alextran1502) via GitHub Sponsors
 - [One-time donation](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502) via Github Sponsors
+- [Librepay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
 
 # Known Issues
 

docker/.env.test

@@ -5,14 +5,11 @@ DB_PASSWORD=postgres
 DB_DATABASE_NAME=e2e_test
 
 # Redis
-REDIS_HOSTNAME=immich_redis_test
+REDIS_HOSTNAME=immich-redis-test
 
 # Upload File Config
 UPLOAD_LOCATION=./upload
 
-# JWT SECRET
-JWT_SECRET=randomstringthatissolongandpowerfulthatnoonecanguess
-
 # MAPBOX
 ## ENABLE_MAPBOX is either true of false -> if true, you have to provide MAPBOX_KEY
 ENABLE_MAPBOX=false

docker/docker-compose.dev.yml

@@ -1,7 +1,8 @@
-version: '3.8'
+version: "3.8"
 
 services:
   immich-server:
+    container_name: immich_server
     image: immich-server-dev:latest
     build:
       context: ../server
@@ -13,6 +14,7 @@ services:
       - ${UPLOAD_LOCATION}:/usr/src/app/upload
       - /usr/src/app/node_modules
     ports:
+      - 3001:3001
       - 9230:9230
     env_file:
       - .env
@@ -23,6 +25,7 @@ services:
       - database
 
   immich-machine-learning:
+    container_name: immich_machine_learning
     image: immich-machine-learning-dev:latest
     build:
       context: ../machine-learning
@@ -41,6 +44,7 @@ services:
       - database
 
   immich-microservices:
+    container_name: immich_microservices
     image: immich-microservices:latest
     build:
       context: ../server
@@ -60,6 +64,7 @@ services:
       - immich-server
 
   immich-web:
+    container_name: immich_web
     image: immich-web-dev:1.9.0
     build:
       context: ../web
@@ -71,6 +76,7 @@ services:
     environment:
       # Rename these values for svelte public interface
       - PUBLIC_IMMICH_SERVER_URL=${IMMICH_SERVER_URL}
+      - PUBLIC_IMMICH_API_URL_EXTERNAL=${IMMICH_API_URL_EXTERNAL}
     ports:
       - 3000:3000
       - 24678:24678

docker/docker-compose.staging.yml

@@ -2,6 +2,7 @@ version: "3.8"
 
 services:
   immich-server:
+    container_name: immich_server
     image: altran1502/immich-server:staging
     entrypoint: ["/bin/sh", "./start-server.sh"]
     volumes:
@@ -16,6 +17,7 @@ services:
     restart: always
 
   immich-microservices:
+    container_name: immich_microservices
     image: altran1502/immich-server:staging
     entrypoint: ["/bin/sh", "./start-microservices.sh"]
     volumes:
@@ -30,6 +32,7 @@ services:
     restart: always
 
   immich-machine-learning:
+    container_name: immich_machine_learning
     image: altran1502/immich-machine-learning:staging
     entrypoint: ["/bin/sh", "./entrypoint.sh"]
     volumes:
@@ -43,6 +46,7 @@ services:
     restart: always
 
   immich-web:
+    container_name: immich_web
     image: altran1502/immich-web:staging
     entrypoint: ["/bin/sh", "./entrypoint.sh"]
     env_file:
@@ -50,6 +54,7 @@ services:
     environment:
       # Rename these values for svelte public interface
       - PUBLIC_IMMICH_SERVER_URL=${IMMICH_SERVER_URL}
+      - PUBLIC_IMMICH_API_URL_EXTERNAL=${IMMICH_API_URL_EXTERNAL}
     restart: always
 
   redis:

docker/docker-compose.yml

@@ -2,6 +2,7 @@ version: "3.8"
 
 services:
   immich-server:
+    container_name: immich_server
     image: altran1502/immich-server:release
     entrypoint: ["/bin/sh", "./start-server.sh"]
     volumes:
@@ -16,6 +17,7 @@ services:
     restart: always
 
   immich-microservices:
+    container_name: immich_microservices
     image: altran1502/immich-server:release
     entrypoint: ["/bin/sh", "./start-microservices.sh"]
     volumes:
@@ -30,6 +32,7 @@ services:
     restart: always
 
   immich-machine-learning:
+    container_name: immich_machine_learning
     image: altran1502/immich-machine-learning:release
     entrypoint: ["/bin/sh", "./entrypoint.sh"]
     volumes:
@@ -43,13 +46,11 @@ services:
     restart: always
 
   immich-web:
+    container_name: immich_web
     image: altran1502/immich-web:release
     entrypoint: ["/bin/sh", "./entrypoint.sh"]
     env_file:
       - .env
-    environment:
-      # Rename these values for svelte public interface
-      - PUBLIC_IMMICH_SERVER_URL=${IMMICH_SERVER_URL}
     restart: always
 
   redis:

docker/example.env

@@ -30,16 +30,6 @@ REDIS_HOSTNAME=immich_redis
 
 UPLOAD_LOCATION=absolute_location_on_your_machine_where_you_want_to_store_the_backup
 
-###################################################################################
-# JWT SECRET
-#
-# This JWT_SECRET is used to sign the authentication keys for user login
-# You should set it to a long randomly generated value
-# You can use this command to generate one: openssl rand -base64 128
-###################################################################################
-
-JWT_SECRET=
-
 ###################################################################################
 # Reverse Geocoding
 #
@@ -76,3 +66,14 @@ PUBLIC_LOGIN_PAGE_MESSAGE=
 IMMICH_WEB_URL=http://immich-web:3000
 IMMICH_SERVER_URL=http://immich-server:3001
 IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003
+
+####################################################################################
+# Alternative API's External Address - Optional
+#
+# This is an advanced feature used to control the public server endpoint returned to clients during Well-known discovery.
+# You should only use this if you want mobile apps to access the immich API over a custom URL. Do not include trailing slash.
+# NOTE: At this time, the web app will not be affected by this setting and will continue to use the relative path: /api
+# Examples: http://localhost:3001, http://immich-api.example.com, etc
+####################################################################################
+
+#IMMICH_API_URL_EXTERNAL=http://localhost:3001

docs/docs/FAQ.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 6
+sidebar_position: 7
 ---
 
 # FAQ
@@ -20,9 +20,9 @@ Immich doesn't have the mechanism to sync an existing directory with the server.
 
 The initial approach of Immich is to become a backup tool, primarily for mobile device usage. Thus, all the assets must be uploaded from the mobile client. The app was architectured to perform that job well.
 
-### What happens to existing files after I choose a new [Storage Template](/docs/features/storage-template.mdx)?
+### What happens to existing files after I choose a new [Storage Template](/docs/administration/storage-template.mdx)?
 
-Template changes will only apply to new assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/docs/features/jobs.md) page.
+Template changes will only apply to new assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/docs/administration/jobs.md) page.
 
 ### Why is object detection not very good?
 
@@ -38,11 +38,11 @@ Most Immich components are typically deployed using docker. To see logs for depl
 2. Set the corresponding `user` argument in `docker-compose` for each service.
 3. Add an additional volume to `immich-microservices` that mounts internally to `/usr/src/app/.reverse-geocoding-dump`.
 
-The non-root user/group needs will need read/write access to the volume mounts, including `UPLOAD_LOCATION`.
+The non-root user/group needs read/write access to the volume mounts, including `UPLOAD_LOCATION`.
 
 ### How can I reset the admin password?
 
-The admin password can be reset by running the [reset-admin-password](/docs/features/server-commands.md) command on the immich-server.
+The admin password can be reset by running the [reset-admin-password](/docs/administration/server-commands.md) command on the immich-server.
 
 ### How can I **purge** data from Immich?
 

docs/docs/administration/_category_.json

@@ -0,0 +1,5 @@
+{
+    "label": "Administration",
+    "position": 4
+  }
+  

docs/docs/administration/jobs.md

@@ -18,6 +18,6 @@ Several Immich functionalities are implemented as jobs, which run in the backgro
 
 ## Storage Migration
 
-This job can be run after changing the [Storage Template](/docs/features/storage-template.mdx), in order to apply the change to the existing library.
+This job can be run after changing the [Storage Template](/docs/administration/storage-template.mdx), in order to apply the change to the existing library.
 
 ![Storage Migration](./img/admin-jobs-template.png)

docs/docs/administration/oauth.md

@@ -0,0 +1,107 @@
+# OAuth Authentication
+
+This page contains details about using OAuth in Immich.
+
+:::tip
+Unable to set `app.immich:/` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
+:::
+
+## Overview
+
+Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an identity layer built on top of OAuth2. OIDC is supported by most identity providers, including:
+
+- [Authentik](https://goauthentik.io/integrations/sources/oauth/#openid-connect)
+- [Authelia](https://www.authelia.com/configuration/identity-providers/open-id-connect/)
+- [Okta](https://www.okta.com/openid-connect/)
+- [Google](https://developers.google.com/identity/openid-connect/openid-connect)
+
+## Prerequisites
+
+Before enabling OAuth in Immich, a new client application needs to be configured in the 3rd-party authentication server. While the specifics of this setup vary from provider to provider, the general approach should be the same.
+
+1. Create a new (Client) Application
+
+   1. The **Provider** type should be `OpenID Connect` or `OAuth2`
+   2. The **Client type** should be `Confidential`
+   3. The **Application** type should be `Web`
+   4. The **Grant** type should be `Authorization Code`
+
+2. Configure Redirect URIs/Origins
+
+   The **Sign-in redirect URIs** should include:
+
+   - `app.immich:/` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
+   - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
+   - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
+
+   Redirect URIs should contain all the domains you will be using to access Immich. Some examples include:
+
+   Mobile
+
+   - `app.immich:/` (You **MUST** include this for iOS and Android mobile apps to work properly)
+
+   Localhost
+
+   - `http://localhost:2283/auth/login`
+   - `http://localhost:2283/user-settings`
+
+   Local IP
+
+   - `http://192.168.0.200:2283/auth/login`
+   - `http://192.168.0.200:2283/user-settings`
+
+   Hostname
+
+   - `https://immich.example.com/auth/login`)
+   - `https://immich.example.com/user-settings`)
+
+## Enable OAuth
+
+Once you have a new OAuth client application configured, Immich can be configured using the Administration Settings page, available on the web (Administration -> Settings).
+
+| Setting                                              | Type    | Default              | Description                                                                         |
+| ---------------------------------------------------- | ------- | -------------------- | ----------------------------------------------------------------------------------- |
+| Enabled                                              | boolean | false                | Enable/disable OAuth                                                                |
+| Issuer URL                                           | URL     | (required)           | Required. Self-discovery URL for client (from previous step)                        |
+| Client ID                                            | string  | (required)           | Required. Client ID (from previous step)                                            |
+| Client Secret                                        | string  | (required)           | Required. Client Secret (previous step)                                             |
+| Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
+| Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
+| Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
+| [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
+| [Mobile Redirect URI Override](#mobile-redirect-uri) | URL     | (empty)              | Http(s) alternative mobile redirect URI                                             |
+
+:::info
+The Issuer URL should look something like the following, and return a valid json document.
+
+- `https://accounts.google.com/.well-known/openid-configuration`
+- `http://localhost:9000/application/o/immich/.well-known/openid-configuration`
+
+The `.well-known/openid-configuration` part of the url is optional and will be automatically added during discovery.
+:::
+
+## Auto Launch
+
+When Auto Launch is enabled, the login page will automatically redirect the user to the OAuth authorization url, to login with OAuth. To access the login screen again, use the browser's back button, or navigate directly to `/auth/login?autoLaunch=0`.
+
+## Mobile Redirect URI
+
+The redirect URI for the mobile app is `app.immich:/`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
+
+1. Configure an http(s) endpoint to forwards requests to `app.immich:/`
+2. Whitelist the new endpoint as a valid redirect URI with your provider.
+3. Specify the new endpoint as the `Mobile Redirect URI Override`, in the OAuth settings.
+
+With these steps in place, you should be able to use OAuth from the [Mobile App](/docs/features/mobile-app.mdx) without a custom scheme redirect URI.
+
+:::info
+Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:/`, and can be used for step 1.
+:::
+
+## Example Configuration
+
+Here's an example of OAuth configured for Authentik:
+
+![OAuth Settings](./img/oauth-settings.png)
+
+[oidc]: https://openid.net/connect/

docs/docs/administration/password-login.md

@@ -0,0 +1,32 @@
+# Password Login
+
+An overview of password login and related settings for Immich.
+
+## Enable/Disable
+
+Immich supports password login, which is enabled by default. The preferred way to disable it is via the [Administration Page](#administration-page), although it can also be changed via a [Server Command](#server-command) as well.
+
+### Administration Page
+
+To toggle the password login setting via the web, navigate to the "Administration", expand "Password Authentication", toggle the "Enabled" switch, and press "Save".
+
+![Password Login Settings](./img/password-login-settings.png)
+
+### Server Command
+
+There are two [Server Commands](/docs/administration/server-commands.md) for password login:
+
+1. `enable-password-login`
+2. `disable-password-login`
+
+See [Server Commands](/docs/administration/server-commands.md) for more details about how to run them.
+
+## Password Reset
+
+### Admin
+
+To reset the administrator password, use the `reset-admin-password` [Server Command](/docs/administration/server-commands.md).
+
+### User
+
+Immich does not currently support self-service password reset. However, the administration can reset passwords for other users. See [User Management: Password Reset](/docs/administration/user-management.mdx#password-reset) for more information about how to do this.

docs/docs/administration/server-commands.md

@@ -0,0 +1,33 @@
+# Server Commands
+
+The `immich-server` docker image comes preinstalled with an administrative CLI (`immich`) that supports the following commands:
+
+| Command                  | Description                           |
+| ------------------------ | ------------------------------------- |
+| `help`                   | Display help                          |
+| `reset-admin-password`   | Reset the password for the admin user |
+| `disable-password-login` | Disable password login                |
+| `enable-password-login`  | Enable password login                 |
+| `list-users`             | List Immich users                     |
+
+## How to run a command
+
+To run a command, [connect](/docs/guides/docker-help.md#attach-to-a-container) to the `immich_server` container and then execute the command via `immich <command>`.
+
+## Examples
+
+Reset Admin Password
+
+![Reset Admin Password](./img/reset-admin-password.png)
+
+Disable Password Login
+
+![Disable Password Login](./img/disable-password-login.png)
+
+Enabled Password Login
+
+![Enable Password Login](./img/enable-password-login.png)
+
+List Users
+
+![List Users](./img/list-users.png)

docs/docs/administration/user-management.mdx

@@ -16,3 +16,9 @@ Immich supports multiple users, each with their own library.
 ## Delete a User
 
 If you need to remove a user from Immich, head to "Administration", where users can be scheduled for deletion. The user account will immediately become disabled and their library and all associated data will be removed after 7 days.
+
+## Password Reset
+
+To reset a user's password, click the pencil icon to edit a user, then click "Reset Password". The user's password will be reset to "password" and they have to change it next time the sign in.
+
+![Reset Password](./img/user-management-update.png)

docs/docs/developer/_category_.json

@@ -1,4 +1,4 @@
 {
   "label": "Developer",
-  "position": 4
+  "position": 5
 }

docs/docs/developer/contributing.md

@@ -0,0 +1,43 @@
+---
+sidebar_position: 3
+---
+
+# Contributing
+
+Contributions are welcome!
+
+## PR Checklist
+
+When contributing code through a pull request, please check the following:
+
+### Web Checks
+
+- [ ] `npm run lint` (linting via ESLint)
+- [ ] `npm run format` (formatting via Prettier)
+- [ ] `npm run check` (Type checking via SvelteKit)
+- [ ] `npm test` (Tests via Jest)
+
+:::tip
+Run all web checks with `npm run check:all`
+:::
+
+### Server Checks
+
+- [ ] `npm run lint` (linting via ESLint)
+- [ ] `npm run format` (formatting via Prettier)
+- [ ] `npm run check` (Type checking via `tsc`)
+- [ ] `npm test` (Tests via Jest)
+
+:::tip
+Run all server checks with `npm run check:all`
+:::
+
+### Open API
+
+The Open API client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file.
+
+- [ ] `npm run api:generate`
+
+:::tip
+This can also be run via `make api` from the project root directory (not in the `server` folder)
+:::

docs/docs/developer/setup.md

@@ -23,8 +23,8 @@ All the services are packaged to run as with single Docker Compose command.
 ### Instructions
 
 1. Clone the project repo.
-2. Run `cp docker/.env.example docker/.env`.
-3. Edit `docker/.env` to provide values for the required variables `UPLOAD_LOCATION` and `JWT_SECRET`.
+2. Run `cp docker/example.env docker/.env`.
+3. Edit `docker/.env` to provide values for the required variable `UPLOAD_LOCATION`.
 4. From the root directory, run:
 
 ```bash title="Start development server"
@@ -99,7 +99,7 @@ After making any changes in the `server/libs/database/src/entities`, a database
 2. Run
 
 ```bash
-npm run typeorm -- migration:generate ./libs/database/src/<migration-name> -d libs/database/src/config/database.config.ts
+npm run typeorm -- migration:generate ./libs/infra/src/db/<migration-name> -d ./libs/infra/src/db/config/database.config.ts
 ```
 
 3. Check if the migration file makes sense.

docs/docs/features/bulk-upload.md

@@ -20,7 +20,7 @@ npm i -g immich
 Specify user's credentials, Immich's server address and port, and the directory you would like to upload videos/photos from.
 
 ```bash
-immich upload --email testuser@email.com --password password --server http://192.168.1.216:2283/api -d your/target/directory
+immich upload --key HFEJ38DNSDUEG --server http://192.168.1.216:2283/api -d your/target/directory
 ```
 
 ---
@@ -31,28 +31,52 @@ immich upload --email testuser@email.com --password password --server http://192
 | ---------------- | ------------------------------------------------------------------- |
 | --yes / -y       | Assume yes on all interactive prompts                               |
 | --delete / -da   | Delete local assets after upload                                    |
-| --email / -e     | User's email                                                        |
-| --password / -pw | User's password                                                     |
+| --key / -k       | User's API key                                                      |
 | --server / -s    | Immich's server address                                             |
 | --directory / -d | Directory to upload from                                            |
 | --threads / -t   | Number of threads to use (Default 5)                                |
 | --album/ -al     | Create albums for assets based on the parent folder or a given name |
 
+### Obtain the API Key
+
+The API key can be obtained in the user setting panel on the web interface.
+
+![Obtain Api Key](./img/obtain-api-key.png)
+
+
 ### Run via Docker
 
-Be aware that as this runs inside a container it mounts your current directory as a volume, and for the -d flag you need to use the path inside the container.
+You can run the CLI inside of a docker container to avoid needing to install anything.
 
-```bash
-docker run -it --rm -v $(pwd):/import ghcr.io/immich-app/immich-cli:latest upload --email testuser@email.com --password password --server http://192.168.1.216:2283/api -d /import
+:::caution Running inside Docker
+Be aware that as this runs inside a container, you need to mount the folder from which you want to import into the container.
+:::
+
+```bash title="Upload current directory"
+cd /DIRECTORY/WITH/IMAGES
+docker run -it --rm -v $(pwd):/import ghcr.io/immich-app/immich-cli:latest upload --key HFEJ38DNSDUEG --server http://192.168.1.216:2283/api
 ```
 
-Optionally, you can create an alias:
+```bash title="Upload target directory"
+docker run -it --rm -v /DIRECTORY/WITH/IMAGES:/import ghcr.io/immich-app/immich-cli:latest upload --key HFEJ38DNSDUEG --server http://192.168.1.216:2283/api
+```
 
-```bash
+```bash title="Create an alias"
 alias immich="docker run -it --rm -v $(pwd):/import ghcr.io/immich-app/immich-cli:latest"
-immich upload --email testuser@email.com --password password --server http://192.168.1.216:2283/api -d /import
+immich upload --key HFEJ38DNSDUEG --server http://192.168.1.216:2283/api
 ```
 
+:::tip Internal networking
+If you are running the CLI container on the same machine as your Immich server, you may not be able to reach the external address. In that case, try the following steps:
+1. Find the internal Docker network used by Immich via `docker network ls`.
+2. Adapt the above command to pass the `--network <immich_network>` argument to `docker run`, substituting `<immich_network>` with the result from step 1.
+3. Use `--server http://immich-server:3001/` for the upload command instead of the external address.
+
+```bash title="Upload to internal address"
+docker run --network immich_default -it --rm -v $(pwd):/import ghcr.io/immich-app/immich-cli:latest upload --key HFEJ38DNSDUEG --server http://immich-server:3001/
+```
+:::
+
 ### Run from source
 
 ```bash title="Clone Repository"
@@ -68,5 +92,5 @@ npm run build
 ```
 
 ```bash title="Run the command"
-node bin/index.js upload --email testuser@email.com --password password --server http://192.168.1.216:2283/api -d your/target/directory
+node bin/index.js upload --key HFEJ38DNSDUEG --server http://192.168.1.216:2283/api -d your/target/directory
 ```

docs/docs/features/oauth.md

@@ -1,85 +0,0 @@
-# OAuth Authentication
-
-This page contains details about using OAuth in Immich.
-
-## Overview
-
-Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an identity layer built on top of OAuth2. OIDC is supported by most identity providers, including:
-
-- [Authentik](https://goauthentik.io/integrations/sources/oauth/#openid-connect)
-- [Authelia](https://www.authelia.com/configuration/identity-providers/open-id-connect/)
-- [Okta](https://www.okta.com/openid-connect/)
-- [Google](https://developers.google.com/identity/openid-connect/openid-connect)
-
-## Prerequisites
-
-Before enabling OAuth in Immich, a new client application needs to be configured in the 3rd-party authentication server. While the specifics of this setup vary from provider to provider, the general approach should be the same.
-
-1. Create a new (Client) Application
-
-   1. The **Provider** type should be `OpenID Connect` or `OAuth2`
-   2. The **Client type** should be `Confidential`
-   3. The **Application** type should be `Web`
-   4. The **Grant** type should be `Authorization Code`
-
-2. Configure Redirect URIs/Origins
-
-The **Sign-in redirect URIs** should include:
-
-- `app.immich:/` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
-- `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
-- `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
-
-:::info Redirect URIs
-
-Redirect URIs should contain all the domains you will be using to access Immich. Some examples include:
-
-Mobile
-
-- `app.immich:/` (You **MUST** include this for iOS and Android mobile apps to work properly)
-
-Localhost
-
-- `http://localhost:2283/auth/login`
-- `http://localhost:2283/user-settings`
-
-Local IP
-
-- `http://192.168.0.200:2283/auth/login`
-- `http://192.168.0.200:2283/user-settings`
-
-Hostname
-
-- `https://immich.example.com/auth/login`)
-- `https://immich.example.com/user-settings`)
-
-:::
-
-## Enable OAuth
-
-Once you have a new OAuth client application configured, Immich can be configured using the Administration Settings page, available on the web (Administration -> Settings).
-
-| Setting       | Type    | Default              | Description                                                               |
-| ------------- | ------- | -------------------- | ------------------------------------------------------------------------- |
-| Enabled       | boolean | false                | Enable/disable OAuth                                                      |
-| Issuer URL    | URL     | (required)           | Required. Self-discovery URL for client (from previous step)              |
-| Client ID     | string  | (required)           | Required. Client ID (from previous step)                                  |
-| Client secret | string  | (required)           | Required. Client Secret (previous step)                                   |
-| Scope         | string  | openid email profile | Full list of scopes to send with the request (space delimited)            |
-| Button text   | string  | Login with OAuth     | Text for the OAuth button on the web                                      |
-| Auto register | boolean | true                 | When true, will automatically register a user the first time they sign in |
-
-:::info
-The Issuer URL should look something like the following, and return a valid json document.
-
-- `https://accounts.google.com/.well-known/openid-configuration`
-- `http://localhost:9000/application/o/immich/.well-known/openid-configuration`
-
-The `.well-known/openid-configuration` part of the url is optional and will be automatically added during discovery.
-:::
-
-Here's an example of OAuth configured for Authentik:
-
-![OAuth Settings](./img/oauth-settings.png)
-
-[oidc]: https://openid.net/connect/

docs/docs/features/server-commands.md

@@ -1,21 +0,0 @@
-# Server Commands
-
-The `immich-server` docker image comes preinstalled with an administrative CLI that supports the following commands:
-
-| Command                       | Description                           |
-| ----------------------------- | ------------------------------------- |
-| `immich help`                 | Display help                          |
-| `immich reset-admin-password` | Reset the password for the admin user |
-
-## How to run a command
-
-To run a command, connect to the container and then execute it. For example:
-
-```bash
-docker exec -it immich-server_1 sh
-
-/usr/src/app$ immich reset-admin-password
-? Please choose a new password (optional) immich-is-awesome-unlike-this-password
-New password:
-immich-is-awesome-unlike-this-password
-```

docs/docs/features/user-settings.md

@@ -15,9 +15,9 @@ Users can change their own passwords.
 ![Change Password](./img/user-change-password.png)
 
 :::tip Reset Password
-The admin can reset a password through the [User Management](/docs/features/user-management.mdx) screen.
+The admin can reset a password through the [User Management](/docs/administration/user-management.mdx) screen.
 :::
 
 :::tip Reset Admin Password
-The admin password can be reset using a [Server Command](/docs/features/server-commands.md)
+The admin password can be reset using a [Server Command](/docs/administration/server-commands.md)
 :::

docs/docs/guides/_category_.json

@@ -1,4 +1,4 @@
 {
   "label": "Guides",
-  "position": 5
+  "position": 6
 }

docs/docs/guides/docker-help.md

@@ -4,11 +4,27 @@ sidebar_position: 1
 
 # Docker Help
 
-## Logs
+## Containers
 
-```bash title="Log Examples"
+```bash
 docker ps                         # see a list of running containers
 docker ps -a                      # see a list of running and stopped containers
+```
+
+## Attach to a Container
+
+```bash
+docker exec -it <id or name> <command>          # attach to a container with a command
+docker exec -it immich_server sh
+docker exec -it immich_microservices sh
+docker exec -it immich_machine_learning sh
+docker exec -it immich_web sh
+docker exec -it immich_proxy sh
+```
+
+## Logs
+
+```bash
 docker logs <id or name>          # see the logs for a specific container (by id or name)
 
 docker logs immich_server

docs/docs/install/all-in-one.md

@@ -0,0 +1,21 @@
+---
+sidebar_position: 70
+---
+
+# All-In-One [Community]
+
+:::note
+This is a community contribution and not officially supported by the Immich team, but included here for convenience.
+
+**Please report issues to the corresponding [Github Repository][github].**
+:::
+
+## Installation
+
+For installation instructions, refer to the [Github Repository][github].
+
+## Issues
+
+For issues, open an issue on the associated [GitHub Repository][github].
+
+[github]: https://github.com/imagegenius/docker-immich/

docs/docs/install/docker-compose.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 3
+sidebar_position: 30
 ---
 
 # Docker Compose [Recommended]
@@ -8,16 +8,16 @@ Docker Compose is the recommended method to run Immich in production. Below are
 
 ### Step 1 - Download the required files
 
-Download [`docker-compose.yml`][compose-file] [`.env.example`][env-file].
+Download [`docker-compose.yml`][compose-file] [`example.env`][env-file].
 
 From a directory of your choice (e.g. `./immich-app`) run the following commands:
 
 ```bash title="Get docker-compose.yml file"
-wget https://raw.githubusercontent.com/immich-app/immich/main/docker/docker-compose.yml
+wget https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 ```
 
 ```bash title="Get .env file"
-wget -O .env https://raw.githubusercontent.com/immich-app/immich/main/docker/.env.example
+wget -O .env https://github.com/immich-app/immich/releases/latest/download/example.env
 ```
 
 ### Step 2 - Populate the .env file with custom values
@@ -63,15 +63,6 @@ UPLOAD_LOCATION=absolute_location_on_your_machine_where_you_want_to_store_the_ba
 
 LOG_LEVEL=simple
 
-###################################################################################
-# JWT SECRET
-###################################################################################
-
-# This JWT_SECRET is used to sign the authentication keys for user login
-# You should set it to a long randomly generated value
-# You can use this command to generate one: openssl rand -base64 128
-JWT_SECRET=
-
 ###################################################################################
 # Reverse Geocoding
 ####################################################################################
@@ -102,11 +93,6 @@ PUBLIC_LOGIN_PAGE_MESSAGE="My Family Photos and Videos Backup Server"
 
 - Populate custom database information if necessary.
 - Populate `UPLOAD_LOCATION` with your preferred location for storing backup assets.
-- Populate a secret value for `JWT_SECRET`. You can use the command below to generate a secure key:
-
-```bash title="Command to generate secure JWT_SECRET key"
-openssl rand -base64 128
-```
 
 ### Step 3 - Start the containers
 
@@ -120,11 +106,16 @@ For more information on how to use the application, please refer to the [Post In
 
 ### Step 4 - Upgrading
 
-When a new version of Immich is (released)[], the application can be upgraded with the following commands, run in the directory with the `docker-compose.yml` file:
+When a new version of Immich is [released](https://github.com/immich-app/immich/releases), the application can be upgraded with the following commands, run in the directory with the `docker-compose.yml` file:
 
 ```bash title="Upgrade Immich"
 docker-compose pull && docker-compose up -d # Or `docker compose`
 ```
 
-[compose-file]: https://raw.githubusercontent.com/immich-app/immich/main/docker/docker-compose.yml
-[env-file]: https://raw.githubusercontent.com/immich-app/immich/main/docker/.env.example
+:::caution Automatic Updates
+Immich is currently under heavy development, which means you can expect breaking changes and bugs. Therefore, we recommend reading the release notes prior to updating and to take special care when using automated tools like [Watchtower][watchtower].
+:::
+
+[compose-file]: https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
+[env-file]: https://github.com/immich-app/immich/releases/latest/download/example.env
+[watchtower]: https://containrrr.dev/watchtower/

docs/docs/install/kubernetes.md

@@ -0,0 +1,24 @@
+---
+sidebar_position: 40
+---
+
+# Kubernetes
+
+You can deploy Immich on Kubernetes using [the official Helm chart](https://github.com/immich-app/immich-charts/tree/main/charts/apps/immich). 
+
+If you want examples of how other people run Immich on Kubernetes, using the official chart or otherwise, you can find them at https://nanne.dev/k8s-at-home-search/#/immich.
+
+:::caution DNS in Alpine containers
+Immich makes use of Alpine container images. These can encounter [a DNS resolution bug](https://stackoverflow.com/a/65593511) on Kubernetes clusters if the host 
+nodes have a search domain set, like:
+
+```
+$ cat /etc/resolv.conf
+search home.lan
+nameserver 192.168.1.1
+```
+
+When you encounter this bug, it will cause the immich-microservices to crash on startup because it cannot download 
+the geocoder data. This can be solved in one of two ways: Either reconfigure your nodes to remove the searchdomain from 
+`resolv.conf`, or set the `DISABLE_REVERSE_GEOCODING` environment variable for Immich to `true` to disable the geocoder.
+:::

docs/docs/install/portainer.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 4
+sidebar_position: 50
 ---
 
 # Portainer
@@ -9,7 +9,7 @@ Install Immich using Portainer's Stack feature.
 1. Go to "**Stacks**" in the left sidebar.
 2. Click on "**Add stack**".
 3. Give the stack a name (i.e. Immich), and select "**Web Editor**" as the build method.
-4. Copy the content of the `docker-compose.yml` file from the [GitHub repository](https://raw.githubusercontent.com/immich-app/immich/main/docker/docker-compose.yml).
+4. Copy the content of the `docker-compose.yml` file from the [GitHub repository](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml).
 5. Replace `.env` with `stack.env` for all containers that need to use environment variables in the web editor.
 
 <img
@@ -28,7 +28,7 @@ Install Immich using Portainer's Stack feature.
   alt="Dot Env Example"
 />
 
-9. Copy the content of the `.env.example` file from the [GitHub repository](https://raw.githubusercontent.com/immich-app/immich/main/docker/.env.example) and paste into the editor.
+9. Copy the content of the `example.env` file from the [GitHub repository](https://github.com/immich-app/immich/releases/latest/download/example.env) and paste into the editor.
 10. Switch back to "**Simple Mode**".
 
 <img
@@ -40,11 +40,6 @@ Install Immich using Portainer's Stack feature.
 
 * Populate custom database information if necessary.
 * Populate `UPLOAD_LOCATION` with your preferred location for storing backup assets.
-* Populate a secret value for `JWT_SECRET`. You can use the command below to generate a secure key:
-
-```bash title="Generate secure JWT_SECRET key"
-openssl rand -base64 128
-```
 
 11. Click on "**Deploy the stack**".
 

docs/docs/install/requirements.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 1
+sidebar_position: 10
 ---
 
 

docs/docs/install/script.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 2
+sidebar_position: 20
 ---
 
 # Install Script [Experimental]
@@ -16,7 +16,7 @@ curl -o- https://raw.githubusercontent.com/immich-app/immich/main/install.sh | b
 
 The script will perform the following actions:
 
-1. Download [docker-compose.yml](https://github.com/immich-app/immich/blob/main/docker/docker-compose.yml), and the [.env](https://github.com/immich-app/immich/blob/main/docker/.env.example) file from the main branch of the [repository](https://github.com/immich-app/immich).
+1. Download [docker-compose.yml](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml), and the [.env](https://github.com/immich-app/immich/releases/latest/download/example.env) file from the main branch of the [repository](https://github.com/immich-app/immich).
 2. Populate the `.env` file with necessary information based on the current directory path.
 3. Start the containers.
 

docs/docs/install/unraid.md

@@ -1,10 +1,28 @@
 ---
-sidebar_position: 5
+sidebar_position: 60
 ---
 
 # Unraid
 
-Immich can easily be installed and updated on Unraid using the [Docker Compose Manager](https://forums.unraid.net/topic/114415-plugin-docker-compose-manager/) plugin from the Unraid Community Apps.
+Immich can easily be installed and updated on Unraid via:
+1. [Docker Compose Manager](https://forums.unraid.net/topic/114415-plugin-docker-compose-manager/) plugin from the Unraid Community Apps
+2. Community made template on the Unraid Community Apps
+
+## Community Applications Template
+
+:::info
+
+- The Unraid template uses a community made image and is not officially supported by Immich
+
+:::
+
+In order to install Immich from the Unraid CA, you will need an existing Redis and PostgreSQL 14 container, If you do not already have Redis or PostgreSQL you can install them from the Unraid CA, just make sure you choose PostgreSQL **14**.
+
+Once you have Redis and PostgreSQL running, search for Immich on the Unraid CA, Choose either of the templates listed and fill out the example variables.
+
+For more information about setting up the community image see [here](https://github.com/imagegenius/docker-immich#application-setup) 
+
+## Docker-Compose Method (Official)
 
 :::info
 
@@ -27,7 +45,7 @@ alt="Select Plugins > Compose.Manager > Add New Stack > Label it Immich"
 />
 
 3.  Select the cog ⚙️ next to Immich then click "**Edit Stack**"
-4.  Click "**Compose File**" and then paste the entire contents of the [Immich Docker Compose](https://raw.githubusercontent.com/immich-app/immich/main/docker/docker-compose.yml) file into the Unraid editor
+4.  Click "**Compose File**" and then paste the entire contents of the [Immich Docker Compose](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) file into the Unraid editor
     <details >
         <summary>Using an existing Postgres container? Click me! Otherwise proceed to step 5.</summary>
         <ul>
@@ -53,9 +71,8 @@ alt="Select Plugins > Compose.Manager > Add New Stack > Label it Immich"
     </details>
 5.  Click "**Save Changes**", you will be promoted to edit stack UI labels, just leave this blank and click "**Ok**"
 6.  Select the cog ⚙️ next to Immich, click "**Edit Stack**", then click "**Env File**"
-7.  Past the entire contents of the [Immich .env.example](https://raw.githubusercontent.com/immich-app/immich/main/docker/.env.example) file into the Unraid editor, then **before saving** edit the following:
+7.  Past the entire contents of the [Immich example.env](https://github.com/immich-app/immich/releases/latest/download/example.env) file into the Unraid editor, then **before saving** edit the following:
 
-    - `JWT_SECRET`: Generate a unique secret and paste the value here > Can be generated by either typing `openssl rand -base64 128` in your terminal or copying from [uuidgenerator](https://www.uuidgenerator.net/version1)
     - `UPLOAD_LOCATION`: Create a folder in your Images Unraid share and place the **absolute** location here > For example my _"images"_ share has a folder within it called _"immich"_. If I browse to this directory in the terminal and type `pwd` the output is `/mnt/user/images/immich`. This is the exact value I need to enter as my `UPLOAD_LOCATION`
 
       <img

docs/docs/overview/help.md

@@ -8,7 +8,7 @@ Running into an issue or have a question? Try the following:
 
 1. Check the [FAQs](/docs/FAQ.md).
 2. Read through the [Release Notes][github-releases].
-3. Search through existing [Github Issues][github-issues].
+3. Search through existing [GitHub Issues][github-issues].
 4. Open a help ticket on [Discord][discord-link].
 
 [github-issues]: https://github.com/immich-app/immich/releases

docs/docs/overview/support-the-project.md

@@ -13,13 +13,17 @@ If you feel like this is the right cause and the app is something you see yourse
 ## Donation
 
 - Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
-- One-time donation via [Github Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Librepay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+
 
 ## Contributing
 
 There are lots of non-monetary ways to contribute to Immich as well.
 
-1. Testing - Using Immich and reporting bugs is a great way to help support the project. Found a bug? [Open an issue on Github][github-issue].
+1. Testing - Using Immich and reporting bugs is a great way to help support the project. Found a bug? [Open an issue on GitHub][github-issue].
 1. Translations - The Immich mobile app has been translated into [17 languages][github-langs] so far! To contribute with translations, email me at alex.tran1502@gmail.com or send me a message on discord.
 1. Development - If you are a programmer or developer, take a look at Immich's [technology stack](/docs/developer/architecture.md) and consider fixing bugs or building new features. The team and I are always looking for new contributors. For information about how to contribute as a developer, see the [Developer](/docs/developer/architecture.md) section.
 

docs/docs/partials/_mobile-app-download.md

@@ -3,4 +3,4 @@ The mobile app can be downloaded from the following places:
 - [Google Play Store](https://play.google.com/store/apps/details?id=app.alextran.immich)
 - [Apple App Store](https://apps.apple.com/us/app/immich/id1613945652)
 - [F-Droid](https://f-droid.org/packages/app.alextran.immich)
-- [Github Releases (apk)](https://github.com/immich-app/immich/releases)
+- [GitHub Releases (apk)](https://github.com/immich-app/immich/releases)

docs/docusaurus.config.js

@@ -105,16 +105,16 @@ const config = {
             position: "right",
             label: "API",
           },
-          {
-            to: "/blog",
-            position: "right",
-            label: "Blog",
-          },
           {
             href: "https://github.com/immich-app/immich",
             label: "GitHub",
             position: "right",
           },
+          {
+            href: "https://github.com/orgs/immich-app/projects/1",
+            label: "Roadmap",
+            position: "right",
+          },
         ],
       },
       footer: {
@@ -143,16 +143,20 @@ const config = {
             ],
           },
           {
-            title: "More",
+            title: "Links",
             items: [
-              {
-                label: "Blog",
-                to: "/blog",
-              },
+              // {
+              //   label: "Blog",
+              //   to: "/blog",
+              // },
               {
                 label: "GitHub",
                 href: "https://github.com/immich-app/immich",
               },
+              {
+                label: "Roadmap",
+                href: "https://github.com/orgs/immich-app/projects/1",
+              },
             ],
           },
         ],

docs/src/pages/index.tsx

@@ -15,7 +15,7 @@ function HomepageHeader() {
           <p>ON MOBILE DEVICE</p>
         </div>
 
-        <div className="flex place-items-center place-content-center mt-9 mb-16 gap-4 ">
+        <div className="flex flex-col sm:flex-row place-items-center place-content-center mt-9 mb-16 gap-4 ">
           <Link
             className="flex place-items-center place-content-center py-3 px-8 border bg-immich-primary dark:bg-immich-dark-primary rounded-full no-underline hover:no-underline text-white hover:text-gray-50 dark:text-immich-dark-bg font-bold"
             to="docs/overview/introduction"

docs/vercel.json

@@ -13,9 +13,15 @@
     { "source": "/docs/overview/technology-stack", "destination": "/docs/developer/architecture" },
     { "source": "/docs/usage/automatic-backup", "destination": "/docs/features/automatic-backup" },
     { "source": "/docs/usage/bulk-upload", "destination": "/docs/features/bulk-upload" },
-    { "source": "/docs/usage/oauth", "destination": "/docs/features/oauth" },
+    { "source": "/docs/usage/oauth", "destination": "/docs/administration/oauth" },
     { "source": "/docs/usage/post-installation", "destination": "/docs/install/post-install" },
     { "source": "/docs/usage/update", "destination": "/docs/install/docker-compose#step-4---upgrading" },
-    { "source": "/docs/usage/server-commands", "destination": "/docs/features/server-commands" }
+    { "source": "/docs/usage/server-commands", "destination": "/docs/administration/server-commands" },
+    { "source": "/docs/features/jobs", "destination": "/docs/administration/jobs" },
+    { "source": "/docs/features/oauth", "destination": "/docs/administration/oauth" },
+    { "source": "/docs/features/password-login", "destination": "/docs/administration/password-login" },
+    { "source": "/docs/features/server-commands", "destination": "/docs/administration/server-commands" },
+    { "source": "/docs/features/storage-template", "destination": "/docs/administration/storage-template" },
+    { "source": "/docs/features/user-management", "destination": "/docs/administration/user-management" }
   ]
 }

install.sh

@@ -28,7 +28,7 @@ download_docker_compose_file() {
 
 download_dot_env_file() {
   echo "Downloading .env file..."
-  curl -L https://raw.githubusercontent.com/immich-app/immich/$release_version/docker/.env.example -o ./.env >/dev/null 2>&1
+  curl -L https://raw.githubusercontent.com/immich-app/immich/$release_version/docker/example.env -o ./.env >/dev/null 2>&1
 }
 
 replace_env_value() {
@@ -45,12 +45,6 @@ populate_upload_location() {
   replace_env_value "UPLOAD_LOCATION" $upload_location
 }
 
-generate_jwt_secret() {
-  echo "Generating JWT_SECRET value..."
-  jwt_secret=$(openssl rand -base64 128)
-  replace_env_value "JWT_SECRET" $jwt_secret
-}
-
 start_docker_compose() {
   echo "Starting Immich's docker containers"
 
@@ -92,5 +86,4 @@ create_immich_directory
 download_docker_compose_file
 download_dot_env_file
 populate_upload_location
-generate_jwt_secret
 start_docker_compose

localizely.yml

@@ -34,3 +34,11 @@ download:
       locale_code: pt-BR
     - file: mobile/assets/i18n/pl-PL.json
       locale_code: pl-PL
+    - file: mobile/assets/i18n/sk-SK.json
+      locale_code: sk-SK
+    - file: mobile/assets/i18n/zh-CN.json
+      locale_code: zh-CN
+    - file: mobile/assets/i18n/ru-RU.json
+      locale_code: ru-RU
+    - file: mobile/assets/i18n/cs-CZ.json
+      locale_code: cs-CZ

machine-learning/Dockerfile

@@ -1,4 +1,3 @@
-
 FROM node:16-bullseye-slim as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
@@ -6,7 +5,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 WORKDIR /usr/src/app
 
 RUN apt-get update
-RUN apt-get install gcc g++ make cmake python3 python3-pip ffmpeg -y
+RUN apt-get install gcc g++ make cmake python3 python3-pip -y
 
 COPY package.json package-lock.json ./
 
@@ -15,24 +14,17 @@ RUN npm rebuild @tensorflow/tfjs-node --build-from-source
 
 COPY . .
 
-
 FROM builder as prod
 
 RUN npm run build
-
 RUN npm prune --omit=dev
 
-
 FROM node:16-bullseye-slim
 
 ARG DEBIAN_FRONTEND=noninteractive
 
 WORKDIR /usr/src/app
 
-RUN apt-get update \
-  && apt-get install -y ffmpeg \
-  && rm -rf /var/cache/apt/lists
-
 COPY --from=prod /usr/src/app/node_modules ./node_modules
 COPY --from=prod /usr/src/app/dist ./dist
 

machine-learning/entrypoint.sh

@@ -1,3 +1,4 @@
+#! /bin/sh
 # npm run typeorm migration:run
 # npm run start:prod
-node dist/main.js
+exec node dist/main.js

machine-learning/package.json

@@ -23,19 +23,9 @@
   "dependencies": {
     "@nestjs/common": "^8.0.0",
     "@nestjs/core": "^8.0.0",
-    "@nestjs/mapped-types": "^1.0.1",
-    "@nestjs/platform-express": "^8.0.0",
     "@tensorflow-models/coco-ssd": "^2.2.2",
     "@tensorflow-models/mobilenet": "^2.1.0",
-    "@tensorflow/tfjs": "^3.19.0",
-    "@tensorflow/tfjs-converter": "^3.19.0",
-    "@tensorflow/tfjs-core": "^3.19.0",
-    "@tensorflow/tfjs-node": "^3.19.0",
-    "@tensorflow/tfjs-node-gpu": "^3.19.0",
-    "@trpc/server": "^9.20.3",
-    "reflect-metadata": "^0.1.13",
-    "rimraf": "^3.0.2",
-    "rxjs": "^7.2.0"
+    "@tensorflow/tfjs-node": "^3.19.0"
   },
   "devDependencies": {
     "@nestjs/cli": "^8.2.4",
@@ -52,6 +42,7 @@
     "eslint-plugin-prettier": "^4.0.0",
     "jest": "^27.2.5",
     "prettier": "^2.3.2",
+    "rimraf": "^3.0.2",
     "source-map-support": "^0.5.20",
     "supertest": "^6.1.3",
     "ts-jest": "^27.0.3",

machine-learning/src/main.ts

@@ -5,7 +5,9 @@ import { Logger } from '@nestjs/common';
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
 
-  await app.listen(3003, () => {
+  const port = Number(process.env.MACHINE_LEARNING_PORT) || 3003;
+
+  await app.listen(port, () => {
     if (process.env.NODE_ENV == 'development') {
       Logger.log(
         'Running Immich Machine Learning in DEVELOPMENT environment',

misc/release/notes.tmpl

@@ -0,0 +1,21 @@
+## Highlights
+
+{{RELEASE HIGHLIGHTS}}
+
+As always, please consider supporting the project.
+
+🎉 Cheer! 🎉
+
+
+## Support
+
+<p align="center">
+<img src="https://media.giphy.com/media/LStqgGESXW8XnuCv5y/giphy.gif" width="250" title="Loading ~4000 images/videos"> 
+</p>
+
+
+If you find the project helpful and it helps you in some ways, you can support the project [one time](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502) or [monthly](https://github.com/sponsors/alextran1502) from GitHub Sponsors
+
+It is a great way to let me know that you want me to continue developing and working on this project for years to come.
+
+## What's Changed

misc/release/pump-version.sh

@@ -0,0 +1,81 @@
+#/bin/bash
+
+#
+# Pump one or both of the server/mobile versions in appropriate files
+#
+# usage: './scripts/pump-version.sh -s <major|minor|patch> <-m>
+#
+# examples:
+#    ./scripts/pump-version.sh -s major        # 1.0.0+50 => 2.0.0+50
+#    ./scripts/pump-version.sh -s minor -m     # 1.0.0+50 => 1.1.0+51
+#    ./scripts/pump-version.sh -m              # 1.0.0+50 => 1.0.0+51
+#
+
+SERVER_PUMP="false"
+MOBILE_PUMP="false"
+
+while getopts 's:m:' flag; do
+  case "${flag}" in
+  s) SERVER_PUMP=${OPTARG} ;;
+  m) MOBILE_PUMP=${OPTARG} ;;
+  *)
+    echo "Invalid args"
+    exit 1
+    ;;
+  esac
+done
+
+CURRENT_SERVER=$(cat server/package.json | jq -r '.version')
+MAJOR=$(echo $CURRENT_SERVER | cut -d '.' -f1)
+MINOR=$(echo $CURRENT_SERVER | cut -d '.' -f2)
+PATCH=$(echo $CURRENT_SERVER | cut -d '.' -f3)
+
+if [[ $SERVER_PUMP == "major" ]]; then
+  MAJOR=$((MAJOR + 1))
+  MINOR=0
+  PATCH=0
+elif [[ $SERVER_PUMP == "minor" ]]; then
+  MINOR=$((MINOR + 1))
+  PATCH=0
+elif [[ $SERVER_PUMP == "patch" ]]; then
+  PATCH=$((PATCH + 1))
+elif [[ $SERVER_PUMP == "false" ]]; then
+  echo 'Skipping Server Pump'
+else
+  echo 'Expected <major|minor|patch|false> for the server argument'
+  exit 1
+fi
+
+NEXT_SERVER=$MAJOR.$MINOR.$PATCH
+
+CURRENT_MOBILE=$(cat mobile/pubspec.yaml | grep "^version: .*+[0-9]\+$" | cut -d "+" -f2)
+NEXT_MOBILE=$CURRENT_MOBILE
+if [[ $MOBILE_PUMP == "true" ]]; then
+  set $((NEXT_MOBILE++))
+elif [[ $MOBILE_PUMP == "false" ]]; then
+  echo 'Skipping Mobile Pump'
+else
+  echo "Fatal: MOBILE_PUMP value $MOBILE_PUMP is invalid"
+  exit 1
+fi
+
+if [ "$CURRENT_SERVER" != "$NEXT_SERVER" ]; then
+
+  echo "Pumping Server: $CURRENT_SERVER => $NEXT_SERVER"
+
+  sed -i "s/^  \"version\": \"$CURRENT_SERVER\",$/  \"version\": \"$NEXT_SERVER\",/" server/package.json
+  sed -i "s/^  \"version\": \"$CURRENT_SERVER\",$/  \"version\": \"$NEXT_SERVER\",/" server/package-lock.json
+  sed -i "s/\"version\": \"$CURRENT_SERVER\",$/\"version\": \"$NEXT_SERVER\",/" server/immich-openapi-specs.json
+  sed -i "s/\"android\.injected\.version\.name\" => \"$CURRENT_SERVER\",/\"android\.injected\.version\.name\" => \"$NEXT_SERVER\",/" mobile/android/fastlane/Fastfile
+  sed -i "s/version_number: \"$CURRENT_SERVER\"$/version_number: \"$NEXT_SERVER\"/" mobile/ios/fastlane/Fastfile
+fi
+
+if [ "$CURRENT_MOBILE" != "$NEXT_MOBILE" ]; then
+
+  echo "Pumping Mobile: $CURRENT_MOBILE => $NEXT_MOBILE"
+
+  sed -i "s/\"android\.injected\.version\.code\" => $CURRENT_MOBILE,/\"android\.injected\.version\.code\" => $NEXT_MOBILE,/" mobile/android/fastlane/Fastfile
+  sed -i "s/^version: $CURRENT_SERVER+$CURRENT_MOBILE$/version: $NEXT_SERVER+$NEXT_MOBILE/" mobile/pubspec.yaml
+fi
+
+echo "IMMICH_VERSION=v$NEXT_SERVER" >>$GITHUB_ENV

mobile/android/app/build.gradle

@@ -59,17 +59,19 @@ android {
 
    signingConfigs {
        release {
-           keyAlias keystoreProperties['keyAlias']
-           keyPassword keystoreProperties['keyPassword']
-           storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
-           storePassword keystoreProperties['storePassword']
+            def keyAliasVal = System.getenv("ALIAS")
+            def keyPasswordVal = System.getenv("ANDROID_KEY_PASSWORD")
+            def storePasswordVal = System.getenv("ANDROID_STORE_PASSWORD")
+
+            keyAlias keyAliasVal ? keyAliasVal : keystoreProperties['keyAlias']
+            keyPassword keyPasswordVal ? keyPasswordVal : keystoreProperties['keyPassword']
+            storeFile file("../key.jks") ? file("../key.jks") : file(keystoreProperties['storeFile'])
+            storePassword storePasswordVal ? storePasswordVal : keystoreProperties['storePassword']
        }
    }
 
     buildTypes {
         release {
-            // TODO: Add your own signing config for the release build.
-            // Signing with the debug keys for now, so `flutter run --release` works.
             signingConfig signingConfigs.release
         }
     }

mobile/android/app/src/main/AndroidManifest.xml

@@ -2,6 +2,11 @@
   xmlns:tools="http://schemas.android.com/tools">
   <application android:label="Immich" android:name=".ImmichApp" android:usesCleartextTraffic="true"
     android:icon="@mipmap/ic_launcher" android:requestLegacyExternalStorage="true">
+
+    <meta-data
+      android:name="io.flutter.embedding.android.EnableImpeller"
+      android:value="false" />
+
     <activity android:name=".MainActivity" android:exported="true" android:launchMode="singleTop"
       android:theme="@style/LaunchTheme"
       android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"

mobile/android/app/src/main/res/drawable-night-v21/launch_background.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<layer-list xmlns:android="http://schemas.android.com/apk/res/android">
+    <item>
+        <bitmap android:gravity="fill" android:src="@drawable/background"/>
+    </item>
+    <item>
+        <bitmap android:gravity="center" android:src="@drawable/splash"/>
+    </item>
+</layer-list>

mobile/android/app/src/main/res/drawable-night/launch_background.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<layer-list xmlns:android="http://schemas.android.com/apk/res/android">
+    <item>
+        <bitmap android:gravity="fill" android:src="@drawable/background"/>
+    </item>
+    <item>
+        <bitmap android:gravity="center" android:src="@drawable/splash"/>
+    </item>
+</layer-list>

mobile/android/app/src/main/res/drawable-v21/launch_background.xml

@@ -1,12 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- Modify this file to customize your launch splash screen -->
 <layer-list xmlns:android="http://schemas.android.com/apk/res/android">
-    <item android:drawable="?android:colorBackground" />
-
-    <!-- You can insert your own image assets here -->
-    <!-- <item>
-        <bitmap
-            android:gravity="center"
-            android:src="@mipmap/launch_image" />
-    </item> -->
+    <item>
+        <bitmap android:gravity="fill" android:src="@drawable/background"/>
+    </item>
+    <item>
+        <bitmap android:gravity="center" android:src="@drawable/splash"/>
+    </item>
 </layer-list>