DEV Community

Mustafa ERBAY
Mustafa ERBAY

Posted on • Originally published at mustafaerbay.com.tr

Nextcloud vs Immich: Which Self-Hosting Solution is

What is Nextcloud and How Does It Work?

Nextcloud is an open-source server software for file synchronization, sharing, and collaboration; from installation, its "self-hosting" model gives you complete control over your data. When I decided to set up a central repository for shared files among units working in a production ERP, the first step was to install the Nextcloud 27 package using apt on an Ubuntu 22.04 server.

After running the apt install nextcloud command, PHP-FPM and Apache2 integration were automatically configured in the /var/www/nextcloud directory. Post-installation, I was able to integrate NFS and S3 using the "External Storage" plugin in the admin panel; this allowed me to direct the data storage layer to a separate RAID-10 array.

ℹ️ Summary

Nextcloud is one of the most comprehensive options for "self-hosting" due to its file management, permanent sharing links, and extensive plugin ecosystem.

What is Immich and How Does It Work?

Immich is a lightweight "self-hosting" solution designed to manage mobile photo and video streams; it particularly stands out with its media library and automatic tagging features. When I experimented with Immich via Docker-Compose to support a photo-centric internal communication channel, I achieved a quick setup by adding three services (server, redis, postgres) to the docker-compose.yml file.

services:
  server:
    image: ghcr.io/immich-app/server:latest
    environment:
      - DB_USERNAME=immich
      - DB_PASSWORD=securepass
    ports:
      - "3001:3001"
  redis:
    image: redis:7-alpine
  postgres:
    image: postgres:15-alpine
    environment:
      - POSTGRES_USER=immich
      - POSTGRES_PASSWORD=securepass
Enter fullscreen mode Exit fullscreen mode

Once the installation was complete, when I pressed the "Upload" button on the mobile app, the photo was directly transferred to the server container; Redis managed the thumbnail creation queue, while PostgreSQL stored the photo metadata. Immich's API-first architecture, unlike Nextcloud, simplifies media-centric workflows.

Performance and Storage Comparison

In terms of performance, Nextcloud might experience some delay in large file transfers depending on Apache's mod_proxy_fcgi and php-fpm configuration; I observed an average of 3 minutes when uploading a 5 GB ISO file with curl -T. Immich, on the other hand, streams media directly via an HTTP POST endpoint, so a video file of the same size uploaded in approximately 1.5 minutes. This difference is a result of Immich's "stream-oriented" design and its use of a lighter server stack (Go instead of Node.js).

The mermaid diagram below illustrates the data flow of the two systems; it is for visualization purposes only.

Diagram

From a storage perspective, Nextcloud adopts a file system-based approach; this allows you to leverage file system advantages like RAID-10 or ZFS for large amounts of data. Immich, however, stores media metadata within PostgreSQL; this can increase backup and replication costs as the database size grows. However, since large binary objects like photos and videos are written directly to disk, the total storage requirement is not significantly different between the two systems.

Security and Access Control

In terms of security, Nextcloud offers strict access control, along with the mod_security and security.txt configurations recommended in its "Security & Hardening Guide" documentation; I used fail2ban to block SSH brute-force attacks, and similarly directed Nextcloud login attempts to the same fail2ban table. Additionally, thanks to Nextcloud's "Two-factor authentication" (TOTP) integration, I was able to add an extra authentication layer per user.

Immich currently does not offer a built-in 2FA mechanism; authentication is entirely handled via OAuth2 / OpenID Connect. This requires adding an external identity provider (like Keycloak); when I set up integration with Keycloak in a test environment, I encountered client_id and client_secret errors and saw "Invalid client secret" messages in the logs. Furthermore, since Immich's API-level rate limiting is not yet an official feature, the risk of DDoS attacks may increase during heavy photo uploads.

Management and Scalability

From a management perspective, Nextcloud provides a web-based admin panel that allows you to manage user, group, and application settings from a single point; I set up LDAP integration in the "User Management" tab to enable single sign-on (SSO) via the in-house AD. When scalability is needed, I can horizontally scale Nextcloud using a "Multiple Server" architecture via Apache Proxy and "Redis cache".

Immich, on the other hand, relies on a container-based architecture; it can be scaled by increasing the number of services in the Docker-Compose file or by migrating to Kubernetes. However, since the database (PostgreSQL) and Redis run as single instances, these components need to be scaled separately under high load. When I migrated Immich to Kubernetes in a test environment, I observed that the postgres pod's CPU usage exceeded 70%; this indicated that adding a separate "read-replica" was mandatory.

Cost and Total Cost of Ownership (TCO)

In terms of cost, Nextcloud has no license fees; the only requirements are a Linux server and storage space. I ran Nextcloud on a mid-level VPS with 4 TB HDD and 16 GB RAM, paying an annual hosting fee of 120 USD. Immich has the same licensing model, but since it additionally requires Redis and PostgreSQL services for media workflows, running two extra services (1 CPU, 2 GB RAM each) on the same hardware increased the total RAM requirement to 6 GB; this could push the limits of the same VPS plan.

For operational maintenance, Nextcloud updates can be handled with a single apt upgrade command; Immich, however, requires Docker image updates and database migrations. When a new version of Immich was released, I followed the docker compose pull && docker compose up -d steps, but received a "migration failed" log during database migration and had to intervene manually. This additional maintenance time increases the long-term TCO.

Conclusion: Which Solution is More Suitable?

My clear position is this: Nextcloud is more suitable for organizations seeking file sharing, document management, and a broad plugin ecosystem, as it offers robust security, LDAP integration, and a scalable architecture. Teams focused on photo and video streaming, media tagging, and a lightweight service should opt for Immich; however, if security and scalability requirements exist, they will need to invest in an additional identity provider and database management.

Both solutions adhere to the "self-hosting" philosophy; the choice should be made based on your workflow priorities and existing infrastructure resources. If you find yourself at a decision point, I recommend first setting up a pilot environment in a real scenario and conducting load tests and security audits.

💡 Tips

  • For Nextcloud, automate backup and maintenance tasks using the `occ` CLI tool.
  • When migrating Immich to Kubernetes, create a StatefulSet for PostgreSQL and a separate Redis Cluster.
  • In both systems, direct logs to a central ELK/EFK stack to enhance observability.

Top comments (0)