c2baf2ae5a
Creates accounts to run PhotoPrism under a custom user ID. Also adds them to the video and render groups, which might help to access hardware transcoding devices.
229 lines
11 KiB
YAML
229 lines
11 KiB
YAML
version: '3.5'
|
|
|
|
# PhotoPrism for Cloud Servers running Ubuntu 20.04 LTS (Focal Fossa)
|
|
# ===================================================================
|
|
#
|
|
# Run this script as root to install PhotoPrism on a cloud server e.g. at DigitalOcean:
|
|
#
|
|
# bash <(curl -s https://dl.photoprism.app/docker/cloud/setup.sh)
|
|
#
|
|
# This may take a while to complete, depending on the performance of your
|
|
# server and its internet connection.
|
|
#
|
|
# When done - and you see no errors - please open
|
|
#
|
|
# https://<YOUR SERVER IP>/
|
|
#
|
|
# in a Web browser and log in using the initial admin password shown
|
|
# by the script. You may also see the initial password by running
|
|
#
|
|
# cat /root/.initial-password.txt
|
|
#
|
|
# as root on your server. To open a terminal:
|
|
#
|
|
# ssh root@<YOUR SERVER IP>
|
|
#
|
|
# Data and all config files related to PhotoPrism can be found in
|
|
#
|
|
# /opt/photoprism
|
|
#
|
|
# The main docker-compose config file for changing config options is
|
|
#
|
|
# /opt/photoprism/docker-compose.yml
|
|
#
|
|
# The server is running as "photoprism" (UID 1000) by default. There's no need
|
|
# to change defaults unless you experience conflicts with other services running
|
|
# on the same server. For example, you may need to disable the Traefik reverse
|
|
# proxy as the ports 80 and 443 can only be used by a single web server / proxy.
|
|
#
|
|
# Configuring multiple apps on the same server is beyond the scope of this base
|
|
# config and for advanced users only.
|
|
#
|
|
# This config includes Ophelia, a docker job scheduler:
|
|
#
|
|
# https://github.com/mcuadros/ofelia
|
|
#
|
|
# See jobs.ini for details.
|
|
#
|
|
# SYSTEM REQUIREMENTS
|
|
# --------------------------------------------------------------------------
|
|
#
|
|
# We recommend hosting PhotoPrism on a server with at least 2 cores and
|
|
# 4 GB of memory. Beyond these minimum requirements, the amount of RAM
|
|
# should match the number of cores. Indexing large photo and video
|
|
# collections significantly benefits from fast, local SSD storage.
|
|
#
|
|
# RAW image conversion and automatic image classification using TensorFlow
|
|
# will be disabled on servers with 1 GB or less memory.
|
|
#
|
|
# DOCKER COMPOSE COMMAND REFERENCE
|
|
# --------------------------------------------------------------------------
|
|
# Start | docker-compose up -d
|
|
# Stop | docker-compose stop
|
|
# Update | docker-compose pull
|
|
# Logs | docker-compose logs --tail=25 -f
|
|
# Terminal | docker-compose exec photoprism bash
|
|
# Help | docker-compose exec photoprism photoprism help
|
|
# Config | docker-compose exec photoprism photoprism config
|
|
# Reset | docker-compose exec photoprism photoprism reset
|
|
# Backup | docker-compose exec photoprism photoprism backup -a -i
|
|
# Restore | docker-compose exec photoprism photoprism restore -a -i
|
|
# Index | docker-compose exec photoprism photoprism index
|
|
# Reindex | docker-compose exec photoprism photoprism index -f
|
|
# Import | docker-compose exec photoprism photoprism import
|
|
#
|
|
# To search originals for faces without a complete rescan:
|
|
# docker-compose exec photoprism photoprism faces index
|
|
#
|
|
# More examples: https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
|
|
#
|
|
# USING LET'S ENCRYPT HTTPS
|
|
# --------------------------------------------------------------------------
|
|
#
|
|
# If your server has a public domain name, please disable the self-signed
|
|
# certificate and enable domain based routing in docker-compose.yml and
|
|
# traefik.yaml (see inline instructions in !! UPPERCASE !!)
|
|
#
|
|
# ssh root@<YOUR SERVER IP>
|
|
# cd /opt/photoprism
|
|
# nano docker-compose.yml
|
|
# nano traefik.yaml
|
|
# docker-compose stop
|
|
# docker-compose up -d
|
|
#
|
|
# You should now be able to access your instance without security warnings.
|
|
|
|
services:
|
|
photoprism:
|
|
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
|
|
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
|
|
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
|
|
restart: always
|
|
## Use photoprism/photoprism:preview for testing preview builds:
|
|
image: photoprism/photoprism:latest
|
|
container_name: photoprism
|
|
depends_on:
|
|
- mariadb
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
## Run as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
|
|
user: "1000:1000"
|
|
## Don't expose port when running behind Traefik reverse proxy!
|
|
# ports:
|
|
# - "2342:2342" # HTTP port (host:container)
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
|
|
- "traefik.http.routers.photoprism.tls=true"
|
|
- "traefik.http.routers.photoprism.entrypoints=websecure"
|
|
## !! REMOVE default route if your server has a public domain name !!
|
|
- "traefik.http.routers.photoprism.rule=PathPrefix(`/`)"
|
|
## !! UNCOMMENT and CHANGE to set the public domain name !!
|
|
# - "traefik.http.routers.photoprism.rule=Host(`photos.yourdomain.com`)"
|
|
## !! UNCOMMENT to enable Let's Encrypt HTTPS !!
|
|
# - "traefik.http.routers.photoprism.tls.certresolver=myresolver"
|
|
## !! REMOVE both for Let's Encrypt HTTPS with default HTTP challenge (DNS challenge supports wildcards) !!
|
|
- "traefik.http.routers.photoprism.tls.domains[0].main=example.com"
|
|
- "traefik.http.routers.photoprism.tls.domains[0].sans=*.example.com"
|
|
environment:
|
|
## !! CHANGE site url if your server has a public domain name e.g. "https://photos.yourdomain.com/" !!
|
|
PHOTOPRISM_SITE_URL: "https://_public_ip_/"
|
|
PHOTOPRISM_SITE_TITLE: "PhotoPrism"
|
|
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
|
|
PHOTOPRISM_SITE_DESCRIPTION: ""
|
|
PHOTOPRISM_SITE_AUTHOR: ""
|
|
PHOTOPRISM_ADMIN_PASSWORD: "_admin_password_" # YOUR INITIAL "admin" PASSWORD
|
|
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
|
|
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
|
|
PHOTOPRISM_DEBUG: "false" # run in debug mode (shows additional log messages)
|
|
PHOTOPRISM_PUBLIC: "false" # no authentication required (disables password protection)
|
|
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
|
|
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
|
|
PHOTOPRISM_DISABLE_CHOWN: "false" # disables storage permission updates on startup
|
|
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
|
|
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables Settings in Web UI
|
|
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
|
|
PHOTOPRISM_DISABLE_FACES: "false" # disables facial recognition
|
|
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification
|
|
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files
|
|
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance)
|
|
PHOTOPRISM_JPEG_QUALITY: 85 # image quality, a higher value reduces compression (25-100)
|
|
PHOTOPRISM_DETECT_NSFW: "false" # flag photos as private that MAY be offensive (requires TensorFlow)
|
|
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive
|
|
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
|
|
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
|
|
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
|
|
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
|
|
PHOTOPRISM_DATABASE_PASSWORD: "_admin_password_" # MariaDB or MySQL database user password
|
|
## Run/install on first startup (options: update, gpu, tensorflow, davfs, clean):
|
|
PHOTOPRISM_INIT: "update tensorflow clean"
|
|
working_dir: "/photoprism" # do not change or remove
|
|
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
|
|
volumes:
|
|
# "/host/folder:/photoprism/folder" # example:
|
|
- "./originals:/photoprism/originals" # original media files (photos and videos)
|
|
- "./import:/photoprism/import" # *optional* base folder from which files can be imported to originals
|
|
- "./storage:/photoprism/storage" # *writable* storage folder for cache, database, and sidecar files (never remove)
|
|
- "./backup:/var/lib/photoprism" # *optional* storage folder for database backups
|
|
|
|
## Traefik Reverse Proxy (required)
|
|
## see https://docs.photoprism.app/getting-started/proxies/traefik/
|
|
traefik:
|
|
restart: always
|
|
image: traefik:v2.6
|
|
container_name: traefik
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
expose:
|
|
- "80"
|
|
- "443"
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
- "./traefik/:/data/"
|
|
- "./traefik.yaml:/etc/traefik/traefik.yaml"
|
|
- "./certs/:/certs/"
|
|
|
|
## Database Server (recommended)
|
|
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
|
|
mariadb:
|
|
restart: always
|
|
image: mariadb:10.7
|
|
container_name: mariadb
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
command: mysqld --innodb-buffer-pool-size=128M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
|
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
|
|
volumes:
|
|
- "./database:/var/lib/mysql" # important, do not remove
|
|
environment:
|
|
MARIADB_AUTO_UPGRADE: "1"
|
|
MARIADB_INITDB_SKIP_TZINFO: "1"
|
|
MARIADB_DATABASE: "photoprism"
|
|
MARIADB_USER: "photoprism"
|
|
MARIADB_PASSWORD: "_admin_password_"
|
|
MARIADB_ROOT_PASSWORD: "_admin_password_"
|
|
|
|
## Ofelia Job Runner (recommended)
|
|
## see https://github.com/mcuadros/ofelia
|
|
ofelia:
|
|
restart: always
|
|
image: mcuadros/ofelia:latest
|
|
container_name: ofelia
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./jobs.ini:/etc/ofelia/config.ini"
|
|
|
|
## Watchtower upgrades services automatically (optional)
|
|
## see https://docs.photoprism.app/getting-started/updates/#watchtower
|
|
watchtower:
|
|
restart: always
|
|
image: containrrr/watchtower
|
|
container_name: watchtower
|
|
environment:
|
|
WATCHTOWER_CLEANUP: "true"
|
|
WATCHTOWER_POLL_INTERVAL: 86400 # checks for updates every day
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|