# USING LET'S ENCRYPT HTTPS CERTIFICATES # ------------------------------------------------------------------------- # # If your server has a public domain name, please disable the self-signed # certificate and enable domain based routing in docker-compose.yml and # traefik.yaml (see inline instructions in !! UPPERCASE !!): # # ssh root@ # cd /opt/photoprism # nano docker-compose.yml # nano traefik.yaml # docker-compose stop # docker-compose up -d # # You should now be able to access your instance without security warnings. # ------------------------------------------------------------------------- # Uncomment to enable debug mode: # log: # level: DEBUG serversTransport: # Don't verify internal HTTPS certs: insecureSkipVerify: true # !! REMOVE when using Let's Encrypt as HTTPS cert resolver !! rootCAs: - "/certs/ca.crt" # Open ports ond protocols (HTTP will be redirected to HTTPS): entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure scheme: https websecure: address: ":443" certificatesResolvers: myresolver: # See https://doc.traefik.io/traefik/https/acme/ acme: # !! REPLACE example email with your actual email address !! email: info@example.com storage: /data/letsencrypt.json httpChallenge: entryPoint: web providers: # !! REMOVE file provider when using Let's Encrypt as HTTPS cert resolver !! file: filename: "/certs/config.yml" watch: true # Always keep this: docker: exposedByDefault: false watch: true # Traefik API & dashboard are disabled by default for security reasons: api: insecure: false dashboard: false