Config: Generate default HTTPS/TLS certificate on first startup #3509

Signed-off-by: Michael Mayer <michael@photoprism.app>

docker-compose.ci.yml

@@ -22,7 +22,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                       # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "photoprism"              # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "public"                       # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"
       PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
       PHOTOPRISM_SITE_DESCRIPTION: "Open-Source Photo Management"
       PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"

docker-compose.postgres.yml

@@ -30,7 +30,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                       # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "photoprism"              # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"                     # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"
       PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
       PHOTOPRISM_SITE_DESCRIPTION: "Open-Source Photo Management"
       PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"

docker-compose.yml

@@ -62,7 +62,7 @@ services:
       PHOTOPRISM_OIDC_CLIENT: "photoprism-develop"
       PHOTOPRISM_OIDC_SECRET: "9d8351a0-ca01-4556-9c37-85eb634869b9"
       ## Site Information
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"    # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"    # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
       PHOTOPRISM_SITE_DESCRIPTION: "Tags and finds pictures without getting in your way!"
       PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"

docker/photoprism/armv7/Dockerfile

@@ -59,7 +59,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -89,7 +89,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy dist files, scripts, and debian backports sources list.
 COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism

docker/photoprism/bookworm/Dockerfile

@@ -56,7 +56,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -86,7 +86,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy scripts.
 COPY --chown=root:root --chmod=755 /scripts/dist/ /scripts/

docker/photoprism/bullseye/Dockerfile

@@ -56,7 +56,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -86,7 +86,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy scripts.
 COPY --chown=root:root --chmod=755 /scripts/dist/ /scripts/

docker/photoprism/buster/Dockerfile

@@ -59,7 +59,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -89,7 +89,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy dist files, scripts, and debian backports sources list.
 COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism

docker/photoprism/impish/Dockerfile

@@ -59,7 +59,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -89,7 +89,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy dist files and scripts.
 COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism

docker/photoprism/jammy/Dockerfile

@@ -57,7 +57,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -87,7 +87,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy scripts.
 COPY --chown=root:root --chmod=755 /scripts/dist/ /scripts/

docker/photoprism/lunar/Dockerfile

@@ -57,7 +57,7 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_UPLOAD_NSFW="true" \
     PHOTOPRISM_DETECT_NSFW="false" \
     PHOTOPRISM_EXPERIMENTAL="false" \
-    PHOTOPRISM_SITE_URL="http://photoprism.me:2342/" \
+    PHOTOPRISM_SITE_URL="http://localhost:2342/" \
     PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App" \
     PHOTOPRISM_SITE_DESCRIPTION="" \
     PHOTOPRISM_SITE_AUTHOR="" \
@@ -87,7 +87,8 @@ ENV PHOTOPRISM_ARCH=$TARGETARCH \
     PHOTOPRISM_WORKERS=0 \
     PHOTOPRISM_WAKEUP_INTERVAL=900 \
     PHOTOPRISM_AUTO_INDEX=300 \
-    PHOTOPRISM_AUTO_IMPORT=300
+    PHOTOPRISM_AUTO_IMPORT=300 \
+    PHOTOPRISM_INIT="https"
 
 # Copy scripts.
 COPY --chown=root:root --chmod=755 /scripts/dist/ /scripts/

frontend/package-lock.json

@@ -109,6 +109,14 @@
         "yarn": "please use npm"
       }
     },
+    "node_modules/@aashutoshrathi/word-wrap": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz",
+      "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/@ampproject/remapping": {
       "version": "2.2.1",
       "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz",
@@ -3763,9 +3771,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001508",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001508.tgz",
-      "integrity": "sha512-sdQZOJdmt3GJs1UMNpCCCyeuS2IEGLXnHyAo9yIO5JJDjbjoVRij4M1qep6P6gFpptD1PqIYgzM+gwJbOi92mw==",
+      "version": "1.0.30001509",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001509.tgz",
+      "integrity": "sha512-2uDDk+TRiTX5hMcUYT/7CSyzMZxjfGu0vAUjS2g0LSD8UoXOv0LtpH4LxGMemsiPq6LCVIUjNwVM0erkOkGCDA==",
       "funding": [
         {
           "type": "opencollective",
@@ -4943,9 +4951,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.4.441",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.441.tgz",
-      "integrity": "sha512-LlCgQ8zgYZPymf5H4aE9itwiIWH4YlCiv1HFLmmcBeFYi5E+3eaIFnjHzYtcFQbaKfAW+CqZ9pgxo33DZuoqPg=="
+      "version": "1.4.442",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.442.tgz",
+      "integrity": "sha512-RkrZF//Ya+0aJq2NM3OdisNh5ZodZq1rdXOS96G8DdDgpDKqKE81yTbbQ3F/4CKm1JBPsGu1Lp/akkna2xO06Q=="
     },
     "node_modules/emoji-regex": {
       "version": "8.0.0",
@@ -7164,9 +7172,9 @@
       }
     },
     "node_modules/hls.js": {
-      "version": "1.4.6",
-      "resolved": "https://registry.npmjs.org/hls.js/-/hls.js-1.4.6.tgz",
-      "integrity": "sha512-lGv9QfjfjfuGQfLa/28vDFlYWb9Myq5QuvM9qWp5DyElp8jTGMNodTdeAjOLzaA/fN4XHeG+HhTkRGzntwuDZw=="
+      "version": "1.4.7",
+      "resolved": "https://registry.npmjs.org/hls.js/-/hls.js-1.4.7.tgz",
+      "integrity": "sha512-dvwJXLlYES6wb7DR42uuTrio5sUTsIoWbuNeQS4xHMqfVBZ0KAlJlBmjFAo4s20/0XRhsMjWf5bx0kq5Lgvv1w=="
     },
     "node_modules/html-entities": {
       "version": "2.4.0",
@@ -9259,16 +9267,16 @@
       }
     },
     "node_modules/optionator": {
-      "version": "0.9.1",
-      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz",
-      "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==",
+      "version": "0.9.3",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz",
+      "integrity": "sha512-JjCoypp+jKn1ttEFExxhetCKeJt9zhAgAve5FXHixTvFDW/5aEktX9bufBKLRRMdU7bNtpLfcGu94B3cdEJgjg==",
       "dependencies": {
+        "@aashutoshrathi/word-wrap": "^1.2.3",
         "deep-is": "^0.1.3",
         "fast-levenshtein": "^2.0.6",
         "levn": "^0.4.1",
         "prelude-ls": "^1.2.1",
-        "type-check": "^0.4.0",
-        "word-wrap": "^1.2.3"
+        "type-check": "^0.4.0"
       },
       "engines": {
         "node": ">= 0.8.0"
@@ -11747,9 +11755,9 @@
       }
     },
     "node_modules/socket.io": {
-      "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.7.0.tgz",
-      "integrity": "sha512-eOpu7oCNiPGBHn9Falg0cAGivp6TpDI3Yt596fbsf+vln8kRLFWxXKrecFrybn/xNYVn9HcdJNAkYToCmTjsyg==",
+      "version": "4.7.1",
+      "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.7.1.tgz",
+      "integrity": "sha512-W+utHys2w//dhFjy7iQQu9sGd3eokCjGbl2r59tyLqNiJJBdIebn3GAKEXBr3osqHTObJi2die/25bCx2zsaaw==",
       "dependencies": {
         "accepts": "~1.3.4",
         "base64id": "~2.0.0",
@@ -13440,14 +13448,6 @@
         "node": ">= 10.0.0"
       }
     },
-    "node_modules/word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
     "node_modules/wordwrap": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",

frontend/tests/unit/config.js

@@ -10,8 +10,8 @@ const clientConfig = {
   staticUri: "/static",
   apiUri: "/api/v1",
   contentUri: "/api/v1",
-  siteUrl: "http://photoprism.me:2342/",
-  sitePreview: "http://photoprism.me:2342/static/img/preview.jpg",
+  siteUrl: "http://localhost:2342/",
+  sitePreview: "http://localhost:2342/static/img/preview.jpg",
   siteTitle: "PhotoPrism",
   siteCaption: "AI-Powered Photos App",
   siteDescription: "Open-Source Photo Management",

frontend/tests/unit/model/link_test.js

@@ -19,11 +19,11 @@ describe("model/link", () => {
     const values = { UID: 5, Token: "1234hhtbbt", Slug: "friends", ShareUID: "family" };
     const link = new Link(values);
     const result = link.url();
-    assert.equal(result, "http://photoprism.me:2342/s/1234hhtbbt/friends");
+    assert.equal(result, "http://localhost:2342/s/1234hhtbbt/friends");
     const values2 = { UID: 5, Token: "", ShareUID: "family" };
     const link2 = new Link(values2);
     const result2 = link2.url();
-    assert.equal(result2, "http://photoprism.me:2342/s/…/family");
+    assert.equal(result2, "http://localhost:2342/s/…/family");
   });
 
   it("should get link caption", () => {

internal/config/config.go

@@ -480,10 +480,10 @@ func (c *Config) StaticAssetUri(res string) string {
 	return c.StaticUri() + "/" + res
 }
 
-// SiteUrl returns the public server URL (default is "http://photoprism.me:2342/").
+// SiteUrl returns the public server URL (default is "http://localhost:2342/").
 func (c *Config) SiteUrl() string {
 	if c.options.SiteUrl == "" {
-		return "http://photoprism.me:2342/"
+		return "http://localhost:2342/"
 	}
 
 	return strings.TrimRight(c.options.SiteUrl, "/") + "/"

internal/config/config_test.go

@@ -496,7 +496,7 @@ func TestConfig_VideoUri(t *testing.T) {
 func TestConfig_SiteUrl(t *testing.T) {
 	c := NewConfig(CliTestContext())
 
-	assert.Equal(t, "http://photoprism.me:2342/", c.SiteUrl())
+	assert.Equal(t, "http://localhost:2342/", c.SiteUrl())
 	c.options.SiteUrl = "http://superhost:2342/"
 	assert.Equal(t, "http://superhost:2342/", c.SiteUrl())
 	c.options.SiteUrl = "http://superhost"
@@ -506,11 +506,11 @@ func TestConfig_SiteUrl(t *testing.T) {
 func TestConfig_SiteDomain(t *testing.T) {
 	c := NewConfig(CliTestContext())
 
-	assert.Equal(t, "photoprism.me", c.SiteDomain())
+	assert.Equal(t, "localhost", c.SiteDomain())
 	c.options.SiteUrl = "https://foo.bar.com:2342/"
 	assert.Equal(t, "foo.bar.com", c.SiteDomain())
 	c.options.SiteUrl = ""
-	assert.Equal(t, "photoprism.me", c.SiteDomain())
+	assert.Equal(t, "localhost", c.SiteDomain())
 }
 
 func TestConfig_SitePreview(t *testing.T) {
@@ -519,11 +519,11 @@ func TestConfig_SitePreview(t *testing.T) {
 	c.options.SitePreview = "http://preview.jpg"
 	assert.Equal(t, "http://preview.jpg", c.SitePreview())
 	c.options.SitePreview = "preview123.jpg"
-	assert.Equal(t, "http://photoprism.me:2342/preview123.jpg", c.SitePreview())
+	assert.Equal(t, "http://localhost:2342/preview123.jpg", c.SitePreview())
 	c.options.SitePreview = "foo/preview123.jpg"
-	assert.Equal(t, "http://photoprism.me:2342/foo/preview123.jpg", c.SitePreview())
+	assert.Equal(t, "http://localhost:2342/foo/preview123.jpg", c.SitePreview())
 	c.options.SitePreview = "/foo/preview123.jpg"
-	assert.Equal(t, "http://photoprism.me:2342/foo/preview123.jpg", c.SitePreview())
+	assert.Equal(t, "http://localhost:2342/foo/preview123.jpg", c.SitePreview())
 }
 
 func TestConfig_SiteTitle(t *testing.T) {

internal/config/config_tls.go

@@ -31,14 +31,24 @@ func (c *Config) TLSCert() string {
 		return certName
 	}
 
-	// Try to find server certificate.
-	if fileName := filepath.Join(c.CertificatesPath(), certName); fs.FileExistsNotEmpty(fileName) {
-		return fileName
-	} else if fileName = filepath.Join("/etc/ssl/certs", certName); fs.FileExistsNotEmpty(fileName) {
+	// find looks for an existing certificate file.
+	find := func(certName string) string {
+		if fileName := filepath.Join(c.CertificatesPath(), certName); fs.FileExistsNotEmpty(fileName) {
+			return fileName
+		} else if fileName = filepath.Join("/etc/ssl/certs", certName); fs.FileExistsNotEmpty(fileName) {
+			return fileName
+		} else {
+			return ""
+		}
+	}
+
+	// Find matching TLS certificate file.
+	if fileName := find(certName); fileName != "" {
 		return fileName
 	}
 
-	return ""
+	// Find default TLS certificate.
+	return find("photoprism" + PublicCertExt)
 }
 
 // TLSKey returns the private key required to enable TLS.
@@ -51,14 +61,24 @@ func (c *Config) TLSKey() string {
 		return keyName
 	}
 
-	// Try to find private key.
-	if fileName := filepath.Join(c.CertificatesPath(), keyName); fs.FileExistsNotEmpty(fileName) {
-		return fileName
-	} else if fileName = filepath.Join("/etc/ssl/private", keyName); fs.FileExistsNotEmpty(fileName) {
+	// find looks for an existing private key file.
+	find := func(keyName string) string {
+		if fileName := filepath.Join(c.CertificatesPath(), keyName); fs.FileExistsNotEmpty(fileName) {
+			return fileName
+		} else if fileName = filepath.Join("/etc/ssl/private", keyName); fs.FileExistsNotEmpty(fileName) {
+			return fileName
+		} else {
+			return ""
+		}
+	}
+
+	// Find matching private key.
+	if fileName := find(keyName); fileName != "" {
 		return fileName
 	}
 
-	return ""
+	// Find default key file.
+	return find("photoprism" + PrivateKeyExt)
 }
 
 // TLS returns the HTTPS certificate and private key file name.

internal/config/config_tls_test.go

@@ -31,13 +31,13 @@ func TestConfig_TLSEmail(t *testing.T) {
 func TestConfig_TLSCert(t *testing.T) {
 	c := NewConfig(CliTestContext())
 
-	assert.True(t, strings.HasSuffix(c.TLSCert(), "photoprism.me.crt"))
+	assert.True(t, strings.HasSuffix(c.TLSCert(), "photoprism.crt"))
 }
 
 func TestConfig_TLSKey(t *testing.T) {
 	c := NewConfig(CliTestContext())
 
-	assert.True(t, strings.HasSuffix(c.TLSKey(), "photoprism.me.key"))
+	assert.True(t, strings.HasSuffix(c.TLSKey(), "photoprism.key"))
 }
 
 func TestConfig_TLS(t *testing.T) {

internal/config/flags.go

@@ -396,7 +396,7 @@ var Flags = CliFlags{
 		Flag: cli.StringFlag{
 			Name:   "site-url, url",
 			Usage:  "public site `URL`",
-			Value:  "http://photoprism.me:2342/",
+			Value:  "http://localhost:2342/",
 			EnvVar: EnvVar("SITE_URL"),
 		}}, {
 		Flag: cli.StringFlag{

scripts/dist/install-https.sh

@@ -5,7 +5,7 @@
 
 PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/scripts:$PATH"
 
-# Abort if not executed as root..
+# Abort if not executed as root.
 if [[ $(id -u) != "0" ]]; then
   echo "Usage: run ${0##*/} as root" 1>&2
   exit 1
@@ -16,50 +16,40 @@ CONF_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/openssl"
 CERTS_PATH="/etc/ssl/certs"
 KEY_PATH="/etc/ssl/private"
 
-# Check if keys and certificates already exist.
-if [ -f "$CERTS_PATH/photoprism.local.issuer.crt" ] && [ -f "$KEY_PATH/photoprism.local.pfx" ] && [ -f "$KEY_PATH/photoprism.me.pfx" ]; then
-    echo "Keys and certificates for photoprism.local already exist in ${KEY_PATH} and ${CERTS_PATH}."
+# Abort if files already exist.
+
+if [ -f "$CERTS_PATH/photoprism.issuer.crt" ] && [ -f "$KEY_PATH/photoprism.pfx" ]; then
+    echo "Certificate already exists in ${KEY_PATH} and ${CERTS_PATH}."
     exit 0
 fi
 
-echo "Creating local HTTPS keys and certificates in ${KEY_PATH} and ${CERTS_PATH}."
+echo "Creating keys and certificates in ${KEY_PATH} and ${CERTS_PATH}."
 
 mkdir -p "${CERTS_PATH}" "${KEY_PATH}"
 groupadd -f -r -g 116 ssl-cert 1>&2
 
 # Generate issuer (CA) certificate.
 
-echo "Generating issuer (CA) certificate..."
+echo "Generating self-signed issuer (CA) certificate..."
 
-openssl genrsa -out "$KEY_PATH/photoprism.local.issuer.key" 4096
+openssl genrsa -out "$KEY_PATH/photoprism.issuer.key" 4096
 
-openssl req -x509 -new -nodes -key "$KEY_PATH/photoprism.local.issuer.key" -sha256 -days 365 -out "$CERTS_PATH/photoprism.local.issuer.pem" -passin pass: -passout pass: -config "$CONF_PATH/ca.conf"
+openssl req -x509 -new -nodes -key "$KEY_PATH/photoprism.issuer.key" -sha256 -days 3650 -out "$CERTS_PATH/photoprism.issuer.pem" -passin pass: -passout pass: -config "$CONF_PATH/ca.conf"
 
-openssl x509 -outform der -in "$CERTS_PATH/photoprism.local.issuer.pem" -out "$CERTS_PATH/photoprism.local.issuer.crt"
+openssl x509 -outform der -in "$CERTS_PATH/photoprism.issuer.pem" -out "$CERTS_PATH/photoprism.issuer.crt"
 
 # Generate server certificates.
 
-echo "Generating certificate for photoprism.local..."
+echo "Generating self-signed tls certificate..."
 
-openssl genrsa -out "$KEY_PATH/photoprism.local.key" 4096
+openssl genrsa -out "$KEY_PATH/photoprism.key" 4096
 
-openssl req -new -config "$CONF_PATH/local-csr.conf" -key "$KEY_PATH/photoprism.local.key" -out "$CERTS_PATH/photoprism.local.csr"
+openssl req -new -config "$CONF_PATH/csr.conf" -key "$KEY_PATH/photoprism.key" -out "$CERTS_PATH/photoprism.csr"
 
-openssl x509 -req -in "$CERTS_PATH/photoprism.local.csr" -CA "$CERTS_PATH/photoprism.local.issuer.pem" -CAkey "$KEY_PATH/photoprism.local.issuer.key" -CAcreateserial \
--out "$CERTS_PATH/photoprism.local.crt" -days 365 -sha256 -extfile "$CONF_PATH/local.conf"
+openssl x509 -req -in "$CERTS_PATH/photoprism.csr" -CA "$CERTS_PATH/photoprism.issuer.pem" -CAkey "$KEY_PATH/photoprism.issuer.key" -CAcreateserial \
+-out "$CERTS_PATH/photoprism.crt" -days 3650 -sha256 -extfile "$CONF_PATH/ext.conf"
 
-openssl pkcs12 -export -in "$CERTS_PATH/photoprism.local.crt" -inkey "$KEY_PATH/photoprism.local.key" -out "$KEY_PATH/photoprism.local.pfx" -passin pass: -passout pass:
-
-echo "Generating certificate for photoprism.me..."
-
-openssl genrsa -out "$KEY_PATH/photoprism.me.key" 4096
-
-openssl req -new -config "$CONF_PATH/me-csr.conf" -key "$KEY_PATH/photoprism.me.key" -out "$CERTS_PATH/photoprism.me.csr"
-
-openssl x509 -req -in "$CERTS_PATH/photoprism.me.csr" -CA "$CERTS_PATH/photoprism.local.issuer.pem" -CAkey "$KEY_PATH/photoprism.local.issuer.key" -CAcreateserial \
--out "$CERTS_PATH/photoprism.me.crt" -days 365 -sha256 -extfile "$CONF_PATH/me.conf"
-
-openssl pkcs12 -export -in "$CERTS_PATH/photoprism.me.crt" -inkey "$KEY_PATH/photoprism.me.key" -out "$KEY_PATH/photoprism.me.pfx" -passin pass: -passout pass:
+openssl pkcs12 -export -in "$CERTS_PATH/photoprism.crt" -inkey "$KEY_PATH/photoprism.key" -out "$KEY_PATH/photoprism.pfx" -passin pass: -passout pass:
 
 # Change key permissions.
 
@@ -73,4 +63,4 @@ chmod -R u=rwX,g=rX,o-rwx "$KEY_PATH"
 echo "Running 'update-ca-certificates'..."
 update-ca-certificates
 
-echo "Done."
+echo "Enjoy!"

scripts/dist/openssl/ca.conf

@@ -8,7 +8,7 @@ prompt = no
 C = DE
 ST = Berlin
 L = Berlin
-O = Local HTTPS
+O = PhotoPrism
 OU = Self-Hosted
-emailAddress = hello@photoprism.local
-CN = photoprism.local
+emailAddress = hello@photoprism.app
+CN = PhotoPrism

scripts/dist/openssl/csr.conf

@@ -0,0 +1,17 @@
+[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+x509_extensions = v3_req
+distinguished_name = dn
+
+[dn]
+C = DE
+ST = Berlin
+L = Berlin
+O = PhotoPrism
+OU = Self-Hosted
+emailAddress = hello@photoprism.app
+CN = PhotoPrism
+
+[v3_req]

scripts/dist/openssl/ext.conf

@@ -1,8 +1,3 @@
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = *.photoprism.me
-DNS.2 = photoprism.me
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

scripts/dist/openssl/local-csr.conf

@@ -1,25 +0,0 @@
-[req]
-default_bits = 4096
-prompt = no
-default_md = sha256
-x509_extensions = v3_req
-distinguished_name = dn
-
-[dn]
-C = DE
-ST = Berlin
-L = Berlin
-O = PhotoPrism
-OU = Self-Hosted
-emailAddress = hello@photoprism.local
-CN = photoprism.local
-
-[v3_req]
-subjectAltName = @alt_names
-
-[SAN]
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = *.photoprism.local
-DNS.2 = photoprism.local

scripts/dist/openssl/local.conf

@@ -1,8 +0,0 @@
-authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = *.photoprism.local
-DNS.2 = photoprism.local

scripts/dist/openssl/me-csr.conf

@@ -1,25 +0,0 @@
-[req]
-default_bits = 4096
-prompt = no
-default_md = sha256
-x509_extensions = v3_req
-distinguished_name = dn
-
-[dn]
-C = DE
-ST = Berlin
-L = Berlin
-O = PhotoPrism
-OU = Self-Hosted
-emailAddress = hello@photoprism.local
-CN = photoprism.me
-
-[v3_req]
-subjectAltName = @alt_names
-
-[SAN]
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = *.photoprism.me
-DNS.2 = photoprism.me

setup/docker/arm64/docker-compose.yml

@@ -54,7 +54,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "none"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_WORKERS: 2                          # limits the number of indexing workers to reduce system load

setup/docker/armv7/docker-compose.yml

@@ -49,7 +49,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "none"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_WORKERS: 1                          # Limits the number of indexing workers to reduce system load

setup/docker/docker-compose.yml

@@ -46,7 +46,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic

setup/docker/macos/docker-compose.yml

@@ -42,7 +42,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic

setup/docker/nvidia/docker-compose.yml

@@ -50,7 +50,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic

setup/docker/scheduler/docker-compose.yml

@@ -44,7 +44,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic

setup/docker/sqlite/docker-compose.yml

@@ -42,7 +42,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic

setup/docker/windows/docker-compose.yml

@@ -48,7 +48,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_DEBUG: "false"                      # run in debug mode, shows additional log messages

setup/podman/docker-compose.yml

@@ -50,7 +50,7 @@ services:
       PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
       PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
       PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
       PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
       PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
       PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic