This will use Nginx proxy module to build a caching proxy in front of Open Street Map’s tileserver and to serve a custom style.json for the maps.
This works well for me, since I already proxy all my services behind a single Nginx instance. It is probably possible to achieve similar results with other reverse proxies, but this would obviously need to be adapted.
Caching proxy
Inside Nginx’s http config block (usually in /etc/nginx/nginx.conf), create a cache zone (a directory that will hold cached responses from OSM) :
http {
# You should not need to edit existing lines in the http block, only add the line below
proxy_cache_path /var/cache/nginx/osm levels=1:2 keys_zone=osm:100m max_size=5g inactive=180d;
}
You may need to manually create the /var/cache/nginx/osm directory and set its owner to Nginx’s user (typically www-data on Debian based distros).
Customize the max_size parameter to change the maximum amount of cached data you want to store on your server. The inactive parameter will cause Nginx to discard cached data that’s not been accessed in this duration (180d ~ 6months).
Then, inside the server block that serves your Immich instance, create a new location block :
server {
listen 443 ssl;
server_name immich.your-domain.tld;
# You should not need to change your existing config, only add the location block below
location /map_proxy/ {
proxy_pass https://tile.openstreetmap.org/;
proxy_cache osm;
proxy_cache_valid 180d;
proxy_ignore_headers Cache-Control Expires;
proxy_ssl_server_name on;
proxy_ssl_name tile.openstreetmap.org;
proxy_set_header Host tile.openstreetmap.org;
proxy_set_header User-Agent "Nginx Caching Tile Proxy for self-hosters";
proxy_set_header Cookie "";
proxy_set_header Referer "";
}
}
Reload Nginx (sudo systemctl reload nginx). Confirm this works by visiting https://immich.your-domain.tld/map_proxy/0/0/0.png, which should now return a world map PNG (the one from https://tile.openstreetmap.org/0/0/0.png )
This config ignores cache control headers from OSM and sets its own cache validity duration (proxy_cache_valid parameter). After the specified duration, the proxy will re-fetch the tiles. 6 months seem reasonable to me for the use case, and it can probably be set to a few years without it causing issues.
Besides being lighter on OSM’s servers, the caching proxy will improve privacy by only requesting tiles from upstream when loaded for the first time. This config also strips cookies and referrer before forwarding the queries to OSM, as well as set a user agent for the proxy following OSM foundation’s guidelines (according to these guidelines, you should add a contact information to this user agent)
This can probably be made to work on a different domain than the one serving your Immich instance, but this probably requires to add the appropriate headers for CORS.
Replace immich.your-domain.tld with your actual Immich domain, and remember the absolute path you save this at.
One last update to nginx’s config
Since Immich currently does not provide a way to manually edit style.json, we need to serve it from http(s). Add one more location block below the previous one :
location /map_style.json {
alias /srv/immich/mapstyle.json;
}
Replace the alias parameter with the location where you saved the json mapstyle. After reloading nginx, your json style will be available at https://immich.your-domain.tld/map_style.json
Configure Immich to use this
For this last part, follow steps 8, 9, 10 from this guide (use the link to map_style.json for both light and dark themes). After clearing the browser or app’s cache, the map should now be loaded from your caching proxy. You can confirm this by tailing Nginx’s logs while you zoom and move around the map in Immich
Summary of comments from previous post
Self-hosting a tile server is not realistic in most cases
People who have previously worked with maps seem to confirm that there are no tile server solution lightweight enough to be self hosted by hobbyists. There is maybe some hope with generating tiles on demand, but someone with deep knowledge of the file formats involved in the process should confirm this.
Some interesting links were shared, which seem to confirm this is not realistically self-hostable with the available software :
In all this part, I want to emphasize that while there seems to be a consensus, this is only based on the few comments from the previous post and may be biased by the fact that we’re discussing it on a non-mainstream platform. If you disagree with anything below, please comment this post and explain your point of view.
Nobody declared that they had noticed the requests to a third-party server before
A non-negligible fraction of Immich users are interested in the privacy benefits over other solutions such as Google photos. These users do not like their self-hosted services to send requests to third-party servers without warning them first
The fix should consist of the following :
Clearly document the implications of enabling the map, and any feature that sends requests to third parties
Disable by default features that send requests to third parties (especially if it contains any form of geolocated data)
Provide a way to easily change the tile provider. A select menu with a few pre-configured style.json would be nice, along with a way to manually edit style.json (or at least some of its fields) directly from the Immich config page
They told me about hosting their own tile server earlier today. I’m really impressed by how fast they moved !
A pull request for a privacy page during the onboarding is in the works, and I’ve been working with them to update the settings page and documentation (with the goal of providing an easy way to switch map providers). They are also working on a privacy policy, and want to ship all of this in a few weeks as part of a single release.
Once again, I’m really impressed with how well they’re handling this
I’m pretty sure they are actually hosting it. The tech is quite different (cofractal uses urls ending with {z}/{x}/{y}, while their tile sever uses this stuff that works quite differently)
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
deleted by creator
They told me about hosting their own tile server earlier today. I’m really impressed by how fast they moved !
A pull request for a privacy page during the onboarding is in the works, and I’ve been working with them to update the settings page and documentation (with the goal of providing an easy way to switch map providers). They are also working on a privacy policy, and want to ship all of this in a few weeks as part of a single release.
Once again, I’m really impressed with how well they’re handling this
Are they really hosting it themselves or are they just proxying request to their “partner”?
I’m pretty sure they are actually hosting it. The tech is quite different (cofractal uses urls ending with
{z}/{x}/{y}, while their tile sever uses this stuff that works quite differently)Oh nice, that’s a clever solution and indeed easy to host.