3e2f215786
Signed-off-by: Michael Mayer <michael@photoprism.app>
238 lines
12 KiB
YAML
238 lines
12 KiB
YAML
version: '3.5'
|
|
|
|
# ========================================================================
|
|
# PhotoPrism for Cloud Servers
|
|
# Based on Ubuntu 22.04 LTS (Jammy Jellyfish)
|
|
# ========================================================================
|
|
#
|
|
# Run this script as root to install PhotoPrism on a cloud server e.g. at DigitalOcean:
|
|
#
|
|
# bash <(curl -s https://dl.photoprism.app/docker/cloud/setup.sh)
|
|
#
|
|
# This may take a while to complete, depending on the performance of your
|
|
# server and its internet connection.
|
|
#
|
|
# When done - and you see no errors - please open
|
|
#
|
|
# https://<YOUR SERVER IP>/
|
|
#
|
|
# in a Web browser and log in using the initial admin password shown
|
|
# by the script. You may also see the initial password by running
|
|
#
|
|
# cat /root/.initial-password.txt
|
|
#
|
|
# as root on your server. To open a terminal:
|
|
#
|
|
# ssh root@<YOUR SERVER IP>
|
|
#
|
|
# Data and all config files related to PhotoPrism can be found in
|
|
#
|
|
# /opt/photoprism
|
|
#
|
|
# The main docker compose config file for changing config options is
|
|
#
|
|
# /opt/photoprism/docker-compose.yml
|
|
#
|
|
# The server is running as "photoprism" (UID 1000) by default. There's no need
|
|
# to change defaults unless you experience conflicts with other services running
|
|
# on the same server. For example, you may need to disable the Traefik reverse
|
|
# proxy as the ports 80 and 443 can only be used by a single web server / proxy.
|
|
#
|
|
# Configuring multiple apps on the same server is beyond the scope of this base
|
|
# config and for advanced users only.
|
|
#
|
|
# This config includes Ofelia, a docker job scheduler:
|
|
#
|
|
# https://github.com/mcuadros/ofelia
|
|
#
|
|
# See jobs.ini for details.
|
|
#
|
|
# SYSTEM REQUIREMENTS
|
|
# ------------------------------------------------------------------------
|
|
#
|
|
# We recommend hosting PhotoPrism on a server with at least 2 cores and
|
|
# 4 GB of memory. Beyond these minimum requirements, the amount of RAM
|
|
# should match the number of cores. Indexing large photo and video
|
|
# collections significantly benefits from fast, local SSD storage.
|
|
#
|
|
# RAW image conversion and automatic image classification using TensorFlow
|
|
# will be disabled on servers with 1 GB or less memory.
|
|
#
|
|
# DOCKER COMPOSE COMMAND REFERENCE
|
|
# ------------------------------------------------------------------------
|
|
# Start | docker compose up -d
|
|
# Stop | docker compose stop
|
|
# Update | docker compose pull
|
|
# Logs | docker compose logs --tail=25 -f
|
|
# Terminal | docker compose exec photoprism bash
|
|
# Help | docker compose exec photoprism photoprism help
|
|
# Config | docker compose exec photoprism photoprism config
|
|
# Reset | docker compose exec photoprism photoprism reset
|
|
# Backup | docker compose exec photoprism photoprism backup -a -i
|
|
# Restore | docker compose exec photoprism photoprism restore -a -i
|
|
# Index | docker compose exec photoprism photoprism index
|
|
# Reindex | docker compose exec photoprism photoprism index -f
|
|
# Import | docker compose exec photoprism photoprism import
|
|
#
|
|
# To search originals for faces without a complete rescan:
|
|
# docker compose exec photoprism photoprism faces index
|
|
#
|
|
# More examples: https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
|
|
#
|
|
# USING LET'S ENCRYPT HTTPS
|
|
# ------------------------------------------------------------------------
|
|
#
|
|
# If your server has a public domain name, please disable the self-signed
|
|
# certificate and enable domain based routing in docker-compose.yml and
|
|
# traefik.yaml (see inline instructions in !! UPPERCASE !!)
|
|
#
|
|
# ssh root@<YOUR SERVER IP>
|
|
# cd /opt/photoprism
|
|
# nano docker-compose.yml
|
|
# nano traefik.yaml
|
|
# docker compose stop
|
|
# docker compose up -d
|
|
#
|
|
# You should now be able to access your instance without security warnings.
|
|
|
|
services:
|
|
photoprism:
|
|
## Use photoprism/photoprism:preview for testing preview builds:
|
|
image: photoprism/photoprism:latest
|
|
container_name: photoprism
|
|
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
|
|
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
|
|
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
|
|
restart: always
|
|
stop_grace_period: 10s
|
|
depends_on:
|
|
- mariadb
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
## Run as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
|
|
user: "1000:1000"
|
|
## Don't expose port when running behind Traefik reverse proxy!
|
|
# ports:
|
|
# - "2342:2342" # HTTP port (host:container)
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
|
|
- "traefik.http.routers.photoprism.tls=true"
|
|
- "traefik.http.routers.photoprism.entrypoints=websecure"
|
|
## !! REMOVE default route if your server has a public domain name !!
|
|
- "traefik.http.routers.photoprism.rule=PathPrefix(`/`)"
|
|
## !! UNCOMMENT and CHANGE to set the public domain name !!
|
|
# - "traefik.http.routers.photoprism.rule=Host(`photos.yourdomain.com`)"
|
|
## !! UNCOMMENT to enable Let's Encrypt HTTPS !!
|
|
# - "traefik.http.routers.photoprism.tls.certresolver=myresolver"
|
|
## !! REMOVE both for Let's Encrypt HTTPS with default HTTP challenge (DNS challenge supports wildcards) !!
|
|
- "traefik.http.routers.photoprism.tls.domains[0].main=example.com"
|
|
- "traefik.http.routers.photoprism.tls.domains[0].sans=*.example.com"
|
|
environment:
|
|
## !! CHANGE site url if your server has a public domain name e.g. "https://photos.yourdomain.com/" !!
|
|
PHOTOPRISM_SITE_URL: "https://_public_ip_/"
|
|
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
|
|
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
|
|
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
|
|
PHOTOPRISM_ADMIN_PASSWORD: "_admin_password_" # YOUR INITIAL "admin" PASSWORD
|
|
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
|
|
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
|
|
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
|
|
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
|
|
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
|
|
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
|
|
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
|
|
PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
|
|
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
|
|
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
|
|
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables Settings in Web UI
|
|
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
|
|
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
|
|
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
|
|
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
|
|
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
|
|
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
|
|
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
|
|
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
|
|
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
|
|
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
|
|
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
|
|
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
|
|
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
|
|
PHOTOPRISM_DATABASE_PASSWORD: "_admin_password_" # MariaDB or MySQL database user password
|
|
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
|
|
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
|
|
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
|
|
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
|
|
## Run/install on first startup (options: update, gpu, tensorflow, davfs, clean):
|
|
PHOTOPRISM_INIT: "update tensorflow clean"
|
|
working_dir: "/photoprism" # do not change or remove
|
|
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
|
|
volumes:
|
|
# "/host/folder:/photoprism/folder" # example:
|
|
- "./originals:/photoprism/originals" # original media files (photos and videos)
|
|
- "./import:/photoprism/import" # *optional* base folder from which files can be imported to originals
|
|
- "./storage:/photoprism/storage" # *writable* storage folder for cache, database, and sidecar files (never remove)
|
|
|
|
## Traefik Reverse Proxy (required)
|
|
## see https://docs.photoprism.app/getting-started/proxies/traefik/
|
|
traefik:
|
|
restart: always
|
|
image: traefik:v2.9
|
|
container_name: traefik
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
expose:
|
|
- "80"
|
|
- "443"
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
- "./traefik/:/data/"
|
|
- "./traefik.yaml:/etc/traefik/traefik.yaml"
|
|
- "./certs/:/certs/"
|
|
|
|
## Database Server (recommended)
|
|
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
|
|
mariadb:
|
|
image: mariadb:10.11
|
|
container_name: mariadb
|
|
restart: always
|
|
stop_grace_period: 5s
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
command: mariadbd --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
|
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
|
|
volumes:
|
|
- "./database:/var/lib/mysql" # DO NOT REMOVE
|
|
environment:
|
|
MARIADB_AUTO_UPGRADE: "1"
|
|
MARIADB_INITDB_SKIP_TZINFO: "1"
|
|
MARIADB_DATABASE: "photoprism"
|
|
MARIADB_USER: "photoprism"
|
|
MARIADB_PASSWORD: "_admin_password_"
|
|
MARIADB_ROOT_PASSWORD: "_admin_password_"
|
|
|
|
## Ofelia Job Runner (recommended)
|
|
## see https://github.com/mcuadros/ofelia
|
|
ofelia:
|
|
restart: always
|
|
image: mcuadros/ofelia:latest
|
|
container_name: ofelia
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./jobs.ini:/etc/ofelia/config.ini"
|
|
|
|
## Watchtower upgrades services automatically (optional)
|
|
## see https://docs.photoprism.app/getting-started/updates/#watchtower
|
|
watchtower:
|
|
restart: always
|
|
image: containrrr/watchtower
|
|
container_name: watchtower
|
|
environment:
|
|
WATCHTOWER_CLEANUP: "true"
|
|
WATCHTOWER_POLL_INTERVAL: 86400 # checks for updates every day
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|