- docker v27+
- docker compose v2.29+
Note
To create random password you can use command openssl rand -hex 32
-
Prepare env file. Copy
.env.exampleto.envand change allchangemeto secure passwords. Also updateVOLUMES_BIND_ROOTvariable if you want to store data in specific folder. -
Setup domain variables in
.envfiles.2.1. For local run (dev purposes for example) you can use .local domains Just add them to your hosts file (
/etc/hostsfor Linux andC:\Windows\System32\drivers\etcfor Windows)127.0.0.1 id.traefik.local 127.0.0.1 budget.traefik.local 127.0.0.1 affine.traefik.local 127.0.0.1 immich.traefik.local
Also set this vars in
.envto disable https on Keycloak. It is required to avoid tls checks with self-signed certificates by other services with OAuth.KC_PROTO=http KC_HTTP_ENABLED=true KC_PROXY_TLS_ENABLED=false
2.2 For production run with real domain you should add DNS records at first for subdomains and update next vars in
.envKC_DOMAIN=id.example.com ACTUAL_DOMAIN=budget.example.com AF_DOMAIN=affine.example.com IMM_DOMAIN=immich.example.com KC_PROTO=https KC_HTTP_ENABLED=false KC_PROXY_TLS_ENABLED=true
-
Run
docker compose up -d -
Finish setup for actual budget container with next commands
sh docker exec -it nas-actual-budget-1 node src/scripts/reset-password.js docker exec -it nas-actual-budget-1 node src/scripts/enable-openid.js -
Open keycloak domain and create users
-
Open Affine domain and finish setup with creation admin account
-
Open Immich domain and finish setup with creation admin account
-
Start usage