photoprism/setup/docker/cloud/docker-compose.yml
Michael Mayer 0cd26f3577 Setup: Update cloud config and docs
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-03-22 02:40:22 +01:00

230 lines
11 KiB
YAML

version: '3.5'
# ========================================================================
# PhotoPrism for Cloud Servers
# Based on Ubuntu 22.04 LTS (Jammy Jellyfish)
# ========================================================================
#
# Run this script as root to install PhotoPrism on a cloud server e.g. at DigitalOcean:
#
# bash <(curl -s https://dl.photoprism.app/docker/cloud/setup.sh)
#
# This may take a while to complete, depending on the performance of your
# server and its internet connection.
#
# When done - and you see no errors - please open
#
# https://<YOUR SERVER IP>/
#
# in a Web browser and log in using the initial admin password shown
# by the script. You may also see the initial password by running
#
# cat /root/.initial-password.txt
#
# as root on your server. To open a terminal:
#
# ssh root@<YOUR SERVER IP>
#
# Data and all config files related to PhotoPrism can be found in
#
# /opt/photoprism
#
# The main docker compose config file for changing config options is
#
# /opt/photoprism/docker-compose.yml
#
# The server is running as "photoprism" (UID 1000) by default. There's no need
# to change defaults unless you experience conflicts with other services running
# on the same server. For example, you may need to disable the Traefik reverse
# proxy as the ports 80 and 443 can only be used by a single web server / proxy.
#
# Configuring multiple apps on the same server is beyond the scope of this base
# config and for advanced users only.
#
# This config includes Ophelia, a docker job scheduler:
#
# https://github.com/mcuadros/ofelia
#
# See jobs.ini for details.
#
# SYSTEM REQUIREMENTS
# ------------------------------------------------------------------------
#
# We recommend hosting PhotoPrism on a server with at least 2 cores and
# 4 GB of memory. Beyond these minimum requirements, the amount of RAM
# should match the number of cores. Indexing large photo and video
# collections significantly benefits from fast, local SSD storage.
#
# RAW image conversion and automatic image classification using TensorFlow
# will be disabled on servers with 1 GB or less memory.
#
# DOCKER COMPOSE COMMAND REFERENCE
# ------------------------------------------------------------------------
# Start | docker compose up -d
# Stop | docker compose stop
# Update | docker compose pull
# Logs | docker compose logs --tail=25 -f
# Terminal | docker compose exec photoprism bash
# Help | docker compose exec photoprism photoprism help
# Config | docker compose exec photoprism photoprism config
# Reset | docker compose exec photoprism photoprism reset
# Backup | docker compose exec photoprism photoprism backup -a -i
# Restore | docker compose exec photoprism photoprism restore -a -i
# Index | docker compose exec photoprism photoprism index
# Reindex | docker compose exec photoprism photoprism index -f
# Import | docker compose exec photoprism photoprism import
#
# To search originals for faces without a complete rescan:
# docker compose exec photoprism photoprism faces index
#
# More examples: https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# USING LET'S ENCRYPT HTTPS
# ------------------------------------------------------------------------
#
# If your server has a public domain name, please disable the self-signed
# certificate and enable domain based routing in docker-compose.yml and
# traefik.yaml (see inline instructions in !! UPPERCASE !!)
#
# ssh root@<YOUR SERVER IP>
# cd /opt/photoprism
# nano docker-compose.yml
# nano traefik.yaml
# docker compose stop
# docker compose up -d
#
# You should now be able to access your instance without security warnings.
services:
photoprism:
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
restart: always
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
container_name: photoprism
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
## Run as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
user: "1000:1000"
## Don't expose port when running behind Traefik reverse proxy!
# ports:
# - "2342:2342" # HTTP port (host:container)
labels:
- "traefik.enable=true"
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
- "traefik.http.routers.photoprism.tls=true"
- "traefik.http.routers.photoprism.entrypoints=websecure"
## !! REMOVE default route if your server has a public domain name !!
- "traefik.http.routers.photoprism.rule=PathPrefix(`/`)"
## !! UNCOMMENT and CHANGE to set the public domain name !!
# - "traefik.http.routers.photoprism.rule=Host(`photos.yourdomain.com`)"
## !! UNCOMMENT to enable Let's Encrypt HTTPS !!
# - "traefik.http.routers.photoprism.tls.certresolver=myresolver"
## !! REMOVE both for Let's Encrypt HTTPS with default HTTP challenge (DNS challenge supports wildcards) !!
- "traefik.http.routers.photoprism.tls.domains[0].main=example.com"
- "traefik.http.routers.photoprism.tls.domains[0].sans=*.example.com"
environment:
## !! CHANGE site url if your server has a public domain name e.g. "https://photos.yourdomain.com/" !!
PHOTOPRISM_SITE_URL: "https://_public_ip_/"
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
PHOTOPRISM_ADMIN_PASSWORD: "_admin_password_" # YOUR INITIAL "admin" PASSWORD
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_TLS: "true" # disables HTTPS even if a certificate is available
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables Settings in Web UI
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
PHOTOPRISM_DATABASE_PASSWORD: "_admin_password_" # MariaDB or MySQL database user password
## Run/install on first startup (options: update, gpu, tensorflow, davfs, clean):
PHOTOPRISM_INIT: "update tensorflow clean"
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # example:
- "./originals:/photoprism/originals" # original media files (photos and videos)
- "./import:/photoprism/import" # *optional* base folder from which files can be imported to originals
- "./storage:/photoprism/storage" # *writable* storage folder for cache, database, and sidecar files (never remove)
## Traefik Reverse Proxy (required)
## see https://docs.photoprism.app/getting-started/proxies/traefik/
traefik:
restart: always
image: traefik:v2.9
container_name: traefik
ports:
- "80:80"
- "443:443"
expose:
- "80"
- "443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik/:/data/"
- "./traefik.yaml:/etc/traefik/traefik.yaml"
- "./certs/:/certs/"
## Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
restart: always
image: mariadb:10.10
container_name: mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- "./database:/var/lib/mysql" # DO NOT REMOVE
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "_admin_password_"
MARIADB_ROOT_PASSWORD: "_admin_password_"
## Ofelia Job Runner (recommended)
## see https://github.com/mcuadros/ofelia
ofelia:
restart: always
image: mcuadros/ofelia:latest
container_name: ofelia
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./jobs.ini:/etc/ofelia/config.ini"
## Watchtower upgrades services automatically (optional)
## see https://docs.photoprism.app/getting-started/updates/#watchtower
watchtower:
restart: always
image: containrrr/watchtower
container_name: watchtower
environment:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_POLL_INTERVAL: 86400 # checks for updates every day
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"