version: '3.5' ## Development Environment with ## - HTTPS Reverse Proxy ## - App Dev Container ## - MariaDB Database Server ## - Keycloak OpenID Connect Provider ## - and Dummy Services services: ## Traefik HTTPS Reverse Proxy ## Includes Let's Encrypt certs for local dev domain "localssl.dev" (all records point to 127.0.0.1) ## Docs: https://doc.traefik.io/traefik/ traefik: image: photoprism/traefik:20220221 ports: # - "80:80" # HTTP (redirects to HTTPS) - "443:443" # HTTPS (required) labels: - "traefik.enable=true" - "traefik.http.routers.traefik.rule=Host(`traefik.localssl.dev`)" - "traefik.http.routers.traefik.tls.domains[0].main=localssl.dev" - "traefik.http.routers.traefik.tls.domains[0].sans=*.localssl.dev" - "traefik.http.routers.traefik.tls=true" - "traefik.http.routers.traefik.tls.certresolver=myresolver" - "traefik.http.routers.traefik.service=api@internal" volumes: - "/var/run/docker.sock:/var/run/docker.sock" # enables Traefik to watch services ## App Build Environment ## Docs: https://docs.photoprism.org/developer-guide/ photoprism: build: . image: photoprism/photoprism:develop depends_on: - mariadb - dummy-webdav security_opt: - seccomp:unconfined - apparmor:unconfined ports: - "2342:2342" # default HTTP port (host:container) - "2343:2343" # acceptance Test HTTP port (host:container) - "40000:40000" # Go Debugger (host:container) shm_size: "2gb" links: - "traefik:app.localssl.dev" - "traefik:keycloak.localssl.dev" - "traefik:dummy-webdav.localssl.dev" - "traefik:dummy-oidc.localssl.dev" labels: - "traefik.enable=true" - "traefik.http.services.photoprism.loadbalancer.server.port=2342" - "traefik.http.routers.photoprism.entrypoints=websecure" - "traefik.http.routers.photoprism.rule=Host(`localssl.dev`, `app.localssl.dev`, `photoprism.localssl.dev`)" - "traefik.http.routers.photoprism.tls.domains[0].main=localssl.dev" - "traefik.http.routers.photoprism.tls.domains[0].sans=*.localssl.dev" - "traefik.http.routers.photoprism.tls=true" environment: PHOTOPRISM_UID: ${UID:-1000} # user id, should match your host user id PHOTOPRISM_GID: ${GID:-1000} # group id PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # "admin" password (min 4 characters) ## External development server URL incl http:// or https:// and /path, :port is optional PHOTOPRISM_SITE_URL: "https://app.localssl.dev/" PHOTOPRISM_SITE_TITLE: "PhotoPrism" PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" PHOTOPRISM_SITE_DESCRIPTION: "Tags and finds pictures without getting in your way!" PHOTOPRISM_SITE_AUTHOR: "@photoprism_app" PHOTOPRISM_DEBUG: "true" PHOTOPRISM_READONLY: "false" PHOTOPRISM_PUBLIC: "true" PHOTOPRISM_EXPERIMENTAL: "true" PHOTOPRISM_SERVER_MODE: "debug" PHOTOPRISM_HTTP_HOST: "0.0.0.0" PHOTOPRISM_HTTP_PORT: 2342 PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) PHOTOPRISM_DATABASE_DRIVER: "mysql" PHOTOPRISM_DATABASE_SERVER: "mariadb:4001" PHOTOPRISM_DATABASE_NAME: "photoprism" PHOTOPRISM_DATABASE_USER: "root" PHOTOPRISM_DATABASE_PASSWORD: "photoprism" PHOTOPRISM_TEST_DRIVER: "sqlite" # PHOTOPRISM_TEST_DSN_MYSQL8: "root:photoprism@tcp(mysql:4001)/photoprism?charset=utf8mb4,utf8&collation=utf8mb4_unicode_ci&parseTime=true" PHOTOPRISM_ASSETS_PATH: "/go/src/github.com/photoprism/photoprism/assets" PHOTOPRISM_STORAGE_PATH: "/go/src/github.com/photoprism/photoprism/storage" PHOTOPRISM_ORIGINALS_PATH: "/go/src/github.com/photoprism/photoprism/storage/originals" PHOTOPRISM_IMPORT_PATH: "/go/src/github.com/photoprism/photoprism/storage/import" PHOTOPRISM_DISABLE_CHOWN: "false" # disables storage permission updates on startup PHOTOPRISM_DISABLE_BACKUPS: "false" # disables creating YAML metadata files PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API PHOTOPRISM_DISABLE_PLACES: "false" # disables reverse geocoding and maps PHOTOPRISM_DISABLE_EXIFTOOL: "false" # disables creating JSON metadata sidecar files with ExifTool PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow PHOTOPRISM_DETECT_NSFW: "false" # flag photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW: "false" # allows uploads that may be offensive PHOTOPRISM_RAW_PRESETS: "false" # enables RAW file converter presets (may reduce performance) PHOTOPRISM_THUMB_FILTER: "lanczos" # resample filter, best to worst: blackman, lanczos, cubic, linear PHOTOPRISM_THUMB_UNCACHED: "true" # enables on-demand thumbnail rendering (high memory and cpu usage) PHOTOPRISM_THUMB_SIZE: 2048 # pre-rendered thumbnail size limit (default 2048, min 720, max 7680) # PHOTOPRISM_THUMB_SIZE: 4096 # Retina 4K, DCI 4K (requires more storage); 7680 for 8K Ultra HD PHOTOPRISM_THUMB_SIZE_UNCACHED: 7680 # on-demand rendering size limit (default 7680, min 720, max 7680) PHOTOPRISM_JPEG_SIZE: 7680 # size limit for converted image files in pixels (720-30000) PHOTOPRISM_JPEG_QUALITY: 85 # image quality, a higher value reduces compression (25-100) TF_CPP_MIN_LOG_LEVEL: 0 # show TensorFlow log messages for development ## OpenID Connect Provider (pre-configured for local Keycloak test server): PHOTOPRISM_OIDC_ISSUER_URL: "https://keycloak.localssl.dev/auth/realms/master" PHOTOPRISM_OIDC_CLIENT_ID: "photoprism-develop" PHOTOPRISM_OIDC_CLIENT_SECRET: "9d8351a0-ca01-4556-9c37-85eb634869b9" ## Run/install on first startup (options: update, gpu, tensorflow, davfs, clitools, clean): # PHOTOPRISM_INIT: "gpu tensorflow" ## Hardware video transcoding config (optional): # PHOTOPRISM_FFMPEG_ENCODER: "nvidia" # FFmpeg Encoders ("software", "intel", "nvidia", "apple", "v4l2", "vaapi") # PHOTOPRISM_FFMPEG_BUFFERS: "64" # FFmpeg capture buffers (default: 32) # PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50) ## Share hardware devices with FFmpeg and TensorFlow (optional): # devices: # - "/dev/dri:/dev/dri" # Intel (h264_qsv) # - "/dev/nvidia0:/dev/nvidia0" # Nvidia (h264_nvenc) # - "/dev/nvidiactl:/dev/nvidiactl" # - "/dev/nvidia-modeset:/dev/nvidia-modeset" # - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl" # - "/dev/nvidia-uvm:/dev/nvidia-uvm" # - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools" # - "/dev/video11:/dev/video11" # Video4Linux (h264_v4l2m2m) working_dir: "/go/src/github.com/photoprism/photoprism" volumes: - ".:/go/src/github.com/photoprism/photoprism" - "go-mod:/go/pkg/mod" ## MariaDB Database Server ## Docs: https://mariadb.com/docs/reference/ mariadb: image: mariadb:10.7 command: mysqld --port=4001 --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 expose: - "4001" ports: - "4001:4001" # database port (host:container) volumes: - "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql" environment: MARIADB_AUTO_UPGRADE: "1" MARIADB_INITDB_SKIP_TZINFO: "1" MARIADB_DATABASE: "photoprism" MARIADB_USER: "photoprism" MARIADB_PASSWORD: "photoprism" MARIADB_ROOT_PASSWORD: "photoprism" ## Keycloak OpenID Connect Provider ## Admin Account: admin / photoprism ## User Account: user / photoprism keycloak: image: quay.io/keycloak/keycloak:17.0.0 command: "start-dev" # development mode, do not use this in production! links: - "traefik:app.localssl.dev" labels: - "traefik.enable=true" - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - "traefik.http.routers.keycloak.entrypoints=websecure" - "traefik.http.routers.keycloak.rule=Host(`keycloak.localssl.dev`)" - "traefik.http.routers.keycloak.tls.domains[0].main=localssl.dev" - "traefik.http.routers.keycloak.tls.domains[0].sans=*.localssl.dev" - "traefik.http.routers.keycloak.tls=true" environment: # see https://www.keycloak.org/server/all-config KEYCLOAK_ADMIN: "admin" KEYCLOAK_ADMIN_PASSWORD: "photoprism" KC_METRICS_ENABLED: "false" KC_HOSTNAME: "keycloak.localssl.dev" KC_HOSTNAME_STRICT: "false" KC_PROXY: "edge" KC_DB: "mariadb" KC_DB_URL: "jdbc:mariadb://mariadb:4001/keycloak" KC_DB_USERNAME: "keycloak" KC_DB_PASSWORD: "keycloak" ## Dummy WebDAV Server dummy-webdav: image: photoprism/dummy-webdav:20211218 environment: WEBDAV_USERNAME: admin WEBDAV_PASSWORD: photoprism labels: - "traefik.enable=true" - "traefik.http.services.dummy-webdav.loadbalancer.server.port=80" - "traefik.http.routers.dummy-webdav.entrypoints=websecure" - "traefik.http.routers.dummy-webdav.rule=Host(`dummy-webdav.localssl.dev`)" - "traefik.http.routers.dummy-webdav.tls.domains[0].main=localssl.dev" - "traefik.http.routers.dummy-webdav.tls.domains[0].sans=*.localssl.dev" - "traefik.http.routers.dummy-webdav.tls=true" ## Dummy OpenID Connect Server dummy-oidc: image: photoprism/dummy-oidc:20211218 labels: - "traefik.enable=true" - "traefik.http.services.dummy-oidc.loadbalancer.server.port=9998" - "traefik.http.routers.dummy-oidc.entrypoints=websecure" - "traefik.http.routers.dummy-oidc.rule=Host(`dummy-oidc.localssl.dev`)" - "traefik.http.routers.dummy-oidc.tls.domains[0].main=localssl.dev" - "traefik.http.routers.dummy-oidc.tls.domains[0].sans=*.localssl.dev" - "traefik.http.routers.dummy-oidc.tls=true" ## Create named volume for Go module cache volumes: go-mod: driver: local ## Create shared "photoprism-develop" network for connecting with services in other docker-compose.yml files networks: default: name: photoprism-develop driver: bridge