227 lines
10 KiB
YAML
227 lines
10 KiB
YAML
version: '3.5'
|
|
|
|
# PhotoPrism for Cloud Servers running Ubuntu 20.04 LTS (Focal Fossa)
|
|
# ===================================================================
|
|
#
|
|
# Run this script as root to install PhotoPrism on a cloud server e.g. at DigitalOcean:
|
|
#
|
|
# bash <(curl -s https://dl.photoprism.org/docker/cloud/setup.sh)
|
|
#
|
|
# This may take a while to complete, depending on the performance of your
|
|
# server and its internet connection.
|
|
#
|
|
# When done - and you see no errors - please open
|
|
#
|
|
# https://<YOUR SERVER IP>/
|
|
#
|
|
# in a Web browser and log in using the initial admin password shown
|
|
# by the script. You may also see the initial password by running
|
|
#
|
|
# cat /root/.initial-password.txt
|
|
#
|
|
# as root on your server. To open a terminal:
|
|
#
|
|
# ssh root@<YOUR SERVER IP>
|
|
#
|
|
# Data and all config files related to PhotoPrism can be found in
|
|
#
|
|
# /opt/photoprism
|
|
#
|
|
# The main docker-compose config file for changing config options is
|
|
#
|
|
# /opt/photoprism/docker-compose.yml
|
|
#
|
|
# The server is running as "photoprism" (UID 1000) by default. There's no need
|
|
# to change defaults unless you experience conflicts with other services running
|
|
# on the same server. For example, you may need to disable the Traefik reverse
|
|
# proxy as the ports 80 and 443 can only be used by a single web server / proxy.
|
|
#
|
|
# Configuring multiple apps on the same server is beyond the scope of this base
|
|
# config and for advanced users only.
|
|
#
|
|
# This config includes Ophelia, a docker job scheduler:
|
|
#
|
|
# https://github.com/mcuadros/ofelia
|
|
#
|
|
# See jobs.ini for details.
|
|
#
|
|
# SYSTEM REQUIREMENTS
|
|
# --------------------------------------------------------------------------
|
|
#
|
|
# We recommend hosting PhotoPrism on a server with at least 2 cores and
|
|
# 4 GB of memory. Beyond these minimum requirements, the amount of RAM
|
|
# should match the number of cores. Indexing large photo and video
|
|
# collections significantly benefits from fast, local SSD storage.
|
|
#
|
|
# RAW file conversion and automatic image classification using TensorFlow
|
|
# will be disabled on servers with less than 2 GB of physical memory.
|
|
#
|
|
# DOCKER COMPOSE COMMAND REFERENCE
|
|
# --------------------------------------------------------------------------
|
|
# Start | docker-compose up -d
|
|
# Stop | docker-compose stop
|
|
# Update | docker-compose pull
|
|
# Logs | docker-compose logs --tail=25 -f
|
|
# Terminal | docker-compose exec photoprism bash
|
|
# Help | docker-compose exec photoprism photoprism help
|
|
# Config | docker-compose exec photoprism photoprism config
|
|
# Reset | docker-compose exec photoprism photoprism reset
|
|
# Backup | docker-compose exec photoprism photoprism backup -a -i
|
|
# Restore | docker-compose exec photoprism photoprism restore -a -i
|
|
# Index | docker-compose exec photoprism photoprism index
|
|
# Reindex | docker-compose exec photoprism photoprism index -f
|
|
# Import | docker-compose exec photoprism photoprism import
|
|
#
|
|
# To search originals for faces without a complete rescan:
|
|
# docker-compose exec photoprism photoprism faces index
|
|
#
|
|
# More examples: https://docs.photoprism.org/getting-started/docker-compose/#command-line-interface
|
|
#
|
|
# USING LET'S ENCRYPT HTTPS
|
|
# --------------------------------------------------------------------------
|
|
#
|
|
# If your server has a public domain name, please disable the self-signed
|
|
# certificate and enable domain based routing in docker-compose.yml and
|
|
# traefik.yaml (see inline instructions in !! UPPERCASE !!):
|
|
#
|
|
# ssh root@<YOUR SERVER IP>
|
|
# cd /opt/photoprism
|
|
# nano docker-compose.yml
|
|
# nano traefik.yaml
|
|
# docker-compose stop
|
|
# docker-compose up -d
|
|
#
|
|
# You should now be able to access your instance without security warnings.
|
|
|
|
services:
|
|
## App Server (required)
|
|
photoprism:
|
|
## Only enable automatic restarts once your installation is properly
|
|
## configured as it otherwise may get stuck in a restart loop,
|
|
## see https://docs.photoprism.org/getting-started/faq/#why-is-photoprism-getting-stuck-in-a-restart-loop
|
|
restart: always
|
|
## Use photoprism/photoprism:preview for testing preview builds:
|
|
image: photoprism/photoprism:latest
|
|
container_name: photoprism
|
|
depends_on:
|
|
- mariadb
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
## Run as a specific, non-root user (see https://docs.docker.com/engine/reference/run/#user):
|
|
user: "1000:1000"
|
|
## Don't expose port when running behind Traefik reverse proxy!
|
|
# ports:
|
|
# - "2342:2342" # HTTP port (host:container)
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
|
|
- "traefik.http.routers.photoprism.tls=true"
|
|
- "traefik.http.routers.photoprism.entrypoints=websecure"
|
|
## !! REMOVE default route if your server has a public domain name !!
|
|
- "traefik.http.routers.photoprism.rule=PathPrefix(`/`)"
|
|
## !! UNCOMMENT and CHANGE to set the public domain name !!
|
|
# - "traefik.http.routers.photoprism.rule=Host(`photos.yourdomain.com`)"
|
|
## !! UNCOMMENT to enable Let's Encrypt HTTPS !!
|
|
# - "traefik.http.routers.photoprism.tls.certresolver=myresolver"
|
|
## !! REMOVE both for Let's Encrypt HTTPS with default HTTP challenge (DNS challenge supports wildcards) !!
|
|
- "traefik.http.routers.photoprism.tls.domains[0].main=example.com"
|
|
- "traefik.http.routers.photoprism.tls.domains[0].sans=*.example.com"
|
|
environment:
|
|
## !! CHANGE site url if your server has a public domain name e.g. "https://photos.yourdomain.com/" !!
|
|
PHOTOPRISM_SITE_URL: "https://_public_ip_/"
|
|
PHOTOPRISM_SITE_TITLE: "PhotoPrism"
|
|
PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
|
|
PHOTOPRISM_SITE_DESCRIPTION: ""
|
|
PHOTOPRISM_SITE_AUTHOR: ""
|
|
PHOTOPRISM_ADMIN_PASSWORD: "_admin_password_" # PLEASE CHANGE: Your initial admin password (min 4 characters)
|
|
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # File size limit for originals in MB (increase for high-res video)
|
|
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # Improves transfer speed and bandwidth utilization (none or gzip)
|
|
PHOTOPRISM_DEBUG: "false" # Run in debug mode (shows additional log messages)
|
|
PHOTOPRISM_PUBLIC: "false" # No authentication required (disables password protection)
|
|
PHOTOPRISM_READONLY: "false" # Don't modify originals directory (reduced functionality)
|
|
PHOTOPRISM_EXPERIMENTAL: "false" # Enables experimental features
|
|
PHOTOPRISM_DISABLE_CHOWN: "false" # Disables storage permission updates on startup
|
|
PHOTOPRISM_DISABLE_WEBDAV: "false" # Disables built-in WebDAV server
|
|
PHOTOPRISM_DISABLE_SETTINGS: "false" # Disables Settings in Web UI
|
|
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # Disables all features depending on TensorFlow
|
|
PHOTOPRISM_DISABLE_FACES: "false" # Disables facial recognition
|
|
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # Disables image classification
|
|
PHOTOPRISM_DARKTABLE_PRESETS: "false" # Enables Darktable presets and disables concurrent RAW conversion
|
|
PHOTOPRISM_DETECT_NSFW: "false" # Flag photos as private that MAY be offensive (requires TensorFlow)
|
|
PHOTOPRISM_UPLOAD_NSFW: "true" # Allow uploads that MAY be offensive
|
|
PHOTOPRISM_DATABASE_DRIVER: "mysql" # Use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
|
|
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
|
|
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
|
|
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
|
|
PHOTOPRISM_DATABASE_PASSWORD: "_admin_password_" # MariaDB or MySQL database user password
|
|
PHOTOPRISM_INIT: "tensorflow-amd64-avx2"
|
|
HOME: "/photoprism"
|
|
working_dir: "/photoprism"
|
|
volumes:
|
|
## The *originals* folder contains your original photo and video files (- "[host folder]:/photoprism/originals"):
|
|
- "./originals:/photoprism/originals"
|
|
## You may mount an *import* folder from which files can be transferred to *originals* (optional):
|
|
- "./import:/photoprism/import"
|
|
## Cache, session, thumbnail, and sidecar files will be created in the *storage* folder (never remove):
|
|
- "./storage:/photoprism/storage"
|
|
- "./backup:/var/lib/photoprism"
|
|
|
|
## Traefik Reverse Proxy (required)
|
|
## see https://docs.photoprism.org/getting-started/proxies/traefik/
|
|
traefik:
|
|
restart: always
|
|
image: traefik:v2.4
|
|
container_name: traefik
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
expose:
|
|
- "80"
|
|
- "443"
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
- "./traefik/:/data/"
|
|
- "./traefik.yaml:/etc/traefik/traefik.yaml"
|
|
- "./certs/:/certs/"
|
|
|
|
## Database Server (recommended)
|
|
## see https://docs.photoprism.org/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
|
|
mariadb:
|
|
restart: always
|
|
image: mariadb:10.6
|
|
container_name: mariadb
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
command: mysqld --innodb-buffer-pool-size=128M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
|
## Never store database files on an unreliable device such as a USB flash drive or a shared network folder:
|
|
volumes:
|
|
- "./database:/var/lib/mysql" # Important, don't remove
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: "_admin_password_"
|
|
MYSQL_DATABASE: "photoprism"
|
|
MYSQL_USER: "photoprism"
|
|
MYSQL_PASSWORD: "_admin_password_"
|
|
|
|
## Ofelia Job Runner (recommended)
|
|
## see https://github.com/mcuadros/ofelia
|
|
ofelia:
|
|
restart: always
|
|
image: mcuadros/ofelia:latest
|
|
container_name: ofelia
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./jobs.ini:/etc/ofelia/config.ini"
|
|
|
|
## Watchtower upgrades services automatically (optional)
|
|
## see https://docs.photoprism.org/getting-started/updates/#watchtower
|
|
watchtower:
|
|
restart: always
|
|
image: containrrr/watchtower
|
|
container_name: watchtower
|
|
environment:
|
|
WATCHTOWER_CLEANUP: "true"
|
|
WATCHTOWER_POLL_INTERVAL: 86400 # checks for updates every day
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|