64 lines
1.7 KiB
YAML

# USING LET'S ENCRYPT HTTPS
# -------------------------------------------------------------------------
#
# If your server has a public domain name, please disable the self-signed
# certificate and enable domain based routing in docker-compose.yml and
# traefik.yaml (see inline instructions in !! UPPERCASE !!)
#
# ssh root@<YOUR SERVER IP>
# cd /opt/photoprism
# nano docker-compose.yml
# nano traefik.yaml
# docker-compose stop
# docker-compose up -d
#
# You should now be able to access your instance without security warnings.
# -------------------------------------------------------------------------
# Uncomment to enable debug mode:
# log:
# level: DEBUG
serversTransport:
# Required to proxy services with self-signed HTTPS certificates:
insecureSkipVerify: true
# !! REMOVE when using Let's Encrypt HTTPS !!
rootCAs:
- "/certs/ca.crt"
# Open ports ond protocols (HTTP will be redirected to HTTPS)
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
certificatesResolvers:
myresolver:
# See https://doc.traefik.io/traefik/https/acme/
acme:
# !! REPLACE "info@yourdomain.com" with your actual email address for Let's Encrypt HTTPS !!
email: info@yourdomain.com
storage: /data/letsencrypt.json
httpChallenge:
entryPoint: web
providers:
# !! REMOVE file provider when using Let's Encrypt HTTPS !!
file:
filename: "/certs/config.yml"
watch: true
# Always keep this:
docker:
exposedByDefault: false
watch: true
# Disable API & Dashboard by default, please read Traefik docs before enabling this:
api:
insecure: false
dashboard: false