Immich Docker Image Pull Failure
summary of the steps i've taken to try and diagnose why i can't Immich Docker images from ghcr.io, receiving a "denied" error, despite my network configuration and PC's capabilities:
Verified Mini PC Hardware
Checked Firewall on Mini PC (UFW/iptables): Examined the Uncomplicated Firewall (UFW) status and underlying iptables rules on the mini PC. No rules were found that explicitly block outbound connections on port 443, which is required for HTTPS communication with container registries like ghcr.io.
Tested Outbound Connectivity (curl): Used curl to test outbound HTTPS connections from the mini PC to a known external site (github.com). This test was successful, confirming that basic outbound port 443 connectivity is working from the mini PC itself.
Reviewed AdGuard Home logs to see if it was blocking DNS resolution for ghcr.io. No blocked queries for ghcr.io or related domains were found. DNS resolution appeared to be functioning correctly.
Confirmed Immich Registry Location: Verified that ghcr.io is the correct and official location for Immich Docker images, including immich-web.
Reviewed Router Logs: Examined system logs from your ASUS RT-AX86U router. While these logs provided general network activity (WiFi, system events, kernel messages), they did not contain specific entries showing outbound connection attempts from the mini PC to ghcr.io or detailed firewall logging indicating a block of these specific connections.
Isolated the Problem: Based on the troubleshooting, the issue appears to be external to the mini PC itself. The most probable cause is a firewall or network configuration issue on the router (or another device on the network path) that is specifically blocking or interfering with Docker image pull connections to ghcr.io on port 443, potentially due to restrictive outbound rules.
Despite extensive investigation, I haven't been able to pinpoint the exact rule or cause of the "denied" error within your network environment remotely.
27 Replies
:wave: Hey @Atomizer,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.Issue: Failed to pull images of the stack: compose pull operation failed: Error response from daemon: Head "https://ghcr.io/v2/immich-app/immich-microservices/manifests/release": denied when deploying Immich stack via Portainer.
Your compose is positively ancient @Atomizer
lol, well atleast someone can identify issues because i cant
Check out the latest one https://github.com/immich-app/immich/releases/download/v1.132.3/docker-compose.yml
i was using AI to adjust a few things and i believe it got out of control
UPLOAD_LOCATION=/usr/src/app/upload/ # This should be the internal container path What
Using any AI bot to help with Immich has proven to make things a lot worseso say we all, thank you for your help
Are you having trouble updating or trouble installing?
installing, setting up
What are you planning to host on
i had just wanted to use an external drive to host the files while my machine m.2 hosts the main files to run it.
i'm using docker via portainer on ubuntu
How big is your library? The easiest setup will be to host all files on the external drive, but if you have some room to spare you'll want to have thumbs on the SSD for speed's sake
i have 130GB
some room = 15% of your library size
my m.2 is only 250GB and my external is a SSD 2TB
ah both ssds 👀
what method is better? or ... those eyes make me think i'm getting shade
in that case just follow https://immich.app/docs/install/portainer
thanks, i did that. it ran, but then i tossed some thigns at AI and it turned into something else
If you have questions about the guide, just ask them here
shall i just delete my post in the help?
No make sure it works first
thanks
i got it
Anything you want to change now that it's set up @Atomizer ? Otherwise you can use /close to end this topic
nope, i got it from here. i made this far too difficult. i appreciate your help
This thread has been closed. To re-open, use the button below.