Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1433 from jbbandos/master

Browse source 
Photoprism example config
This commit is contained in:
Florian Pitance 2024-09-17 12:10:25 +02:00 committed by GitHub
commit 13444ed5d2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 328 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
examples/community/photoprism/README.md Normal file
View file

@ -0,0 +1,23 @@
Photoprism app configuration example for bunkerweb. The app works and synchronization with the android PhotoSync app also works for every funtion that was tested.
# Procedure:
Start with the photoprism [docker compose file][PhotoprismComposeFile]. The basic file (https://dl.photoprism.app/docker/docker-compose.yml) is taken from [photoprism documentation][PhotoprismDockerDocs]
Bunkerweb specific changes are noted with *"#For bunkerweb"* at the end of the line
Check and adapt the bunkerweb configuration. Use the example [docker compose file][BunkerwebComposeFile].
Photoprism specific changes are noted with *"#photoprism specific config"*.
Adapt the rest as needed for your configurations.
Start services with `docker-compose up -d`
Configure the bunkerweb ui (https://docs.bunkerweb.io/latest/web-ui/#setup-wizard).
Use the bunkerweb ui to upload the [modsec override file][AllowmediaConfig] to configs->modsec-crs->photos.example.com app specific folder.
If prefered, copy the file manually to a folder as described in the guide (https://docs.bunkerweb.io/latest/quickstart-guide/#custom-configurations). Place it under configs/modsec-crs/.
If using the provided configuration with autoconf enabled, the photoprism app should now be working without further intervention
[PhotoprismDockerDocs]: https://docs.photoprism.app/getting-started/docker-compose/
[PhotoprismComposeFile]: photoprism-compose.yml
[BunkerwebComposeFile]: docker-compose.yml
[AllowmediaConfig]: bw.data/configs/modsec-crs/allowmedia.conf

7
examples/community/photoprism/bw.data/configs/modsec-crs/allowmedia.conf Normal file
View file

@ -0,0 +1,7 @@
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain|video/mp4|video/quicktime|video/ogg|video/3gpp|video/mpeg|video/webm|video/3gpp2|video/mp2t|video/x-msvideo|image/apng|image/avif|image/bmp|image/gif|image/jpeg|image/png|image/svg+xml|image/tiff|image/webp'"

117
examples/community/photoprism/docker-compose.yml Normal file
View file

@ -0,0 +1,117 @@
#bunkerweb 1.5.9 docker compose file with changes for photoprism app
#Configured for custom ssl cert, autoconf, and BunkerWeb UI
#photoprism specific lines indicated.
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.9
ports:
- 80:8080
- 443:8443
labels:
- "bunkerweb.INSTANCE=yes"
environment:
- SERVER_NAME=photoprism.example.com # replace with your domains
- UI_HOST=http://UiHost.example.com:7000
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
- AUTOCONF_MODE=yes
- MULTISITE=yes
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- AUTO_LETS_ENCRYPT=no # using custom ssl certificate
- USE_CUSTOM_SSL=yes # using custom ssl certificate
- CUSTOM_SSL_CERT=/ssl/fullchain.pem # using custom ssl certificate
- CUSTOM_SSL_KEY=/ssl/privkey.pem # using custom ssl certificate
- ALLOWED_METHODS=GET|POST|HEAD|DELETE|PUT|MKCOL|PROPFIND|PROPPATCH #photoprism specific config - allow methods used by photoprism app and the PhotoSync android client
- MAX_CLIENT_SIZE=1024m #photoprism specific config - Increase as needed, depending on the size of the videos you want to uppload
- LIMIT_REQ_RATE=20r/s #photoprism specific config - possibly overkill, tune as needed. The default of 2r/s makes it impossible to play videos in photoprism
networks:
- bw-universe
- bw-services
volumes:
- /etc/bunkerweb/certs/fullchain.pem:/ssl/fullchain.pem:ro # using custom ssl certificate
- /etc/bunkerweb/certs/privkey.pem:/ssl/privkey.pem:ro # using custom ssl certificate
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.9
depends_on:
- bunkerweb
- bw-docker
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
- AUTOCONF_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
networks:
- bw-universe
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.9
depends_on:
- bunkerweb
- bw-docker
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
- DOCKER_HOST=tcp://bw-docker:2375
- AUTOCONF_MODE=yes
networks:
- bw-universe
- bw-docker
volumes:
- /etc/bunkerweb/certs/fullchain.pem:/ssl/fullchain.pem:ro # using custom ssl certificate
- /etc/bunkerweb/certs/privkey.pem:/ssl/privkey.pem:ro # using custom ssl certificate
bw-docker:
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
networks:
- bw-docker
bw-db:
image: mariadb:10.10
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_DATABASE=db
- MYSQL_USER=bunkerweb
- MYSQL_PASSWORD=DBPassword # Remember to set a stronger password for the database
volumes:
- bw-data:/var/lib/mysql
networks:
- bw-docker
UiHost:
image: bunkerity/bunkerweb-ui:1.5.9
networks:
bw-docker:
bw-universe:
aliases:
- UiHost.example.com
environment:
- USE_CUSTOM_SSL=yes # using custom ssl certificate
- CUSTOM_SSL_CERT=/ssl/fullchain.pem # using custom ssl certificate
- CUSTOM_SSL_KEY=/ssl/privkey.pem # using custom ssl certificate
- AUTOCONF_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
volumes:
bw-data:
certs:
networks:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
name: bw-services
bw-docker:
name: bw-docker

181
examples/community/photoprism/photoprism-compose.yml Normal file
View file

@ -0,0 +1,181 @@
# Adapted Example Docker Compose config file for PhotoPrism (Linux / AMD64)
#
# ----------------------------------------------------------------------------------
# Added labels and network configurationfor bunkerweb integration
# Part of the photoprism app example for bunkerweb
# ----------------------------------------------------------------------------------
#
# Note:
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
# https://docs.photoprism.app/getting-started/proxies/traefik/
#
# Setup Guides:
# - https://docs.photoprism.app/getting-started/docker-compose/
# - https://docs.photoprism.app/getting-started/raspberry-pi/
# - https://www.photoprism.app/kb/activation
#
# Troubleshooting Checklists:
# - https://docs.photoprism.app/getting-started/troubleshooting/
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
#
# CLI Commands:
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# All commands may have to be prefixed with "sudo" when not running as root.
# This will point the home directory shortcut ~ to /root in volume mounts.
services:
photoprism:
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
container_name: photoprism
networks: #For bunkerweb
bw-services: #For bunkerweb
aliases: #For bunkerweb
- photoprism #For bunkerweb
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
stop_grace_period: 10s
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
## Server port mapping in the format "Host:Container". To use a different port, change the host port on
## the left-hand side and keep the container port, e.g. "80:2342" (for HTTP) or "443:2342 (for HTTPS):
ports:
- "2342:2342"
## Before you start the service, please check the following config options (and change them as needed):
## https://docs.photoprism.app/getting-started/config-options/
labels:
- "bunkerweb.SERVER_NAME=photos.example.com" #For bunkerweb
- "bunkerweb.USE_REVERSE_PROXY=yes" #For bunkerweb
- "bunkerweb.REVERSE_PROXY_URL=/" #For bunkerweb
- "bunkerweb.REVERSE_PROXY_HOST=http://photoprism:2342" #For bunkerweb
- "bunkerweb.REVERSE_PROXY_WS=yes" #For bunkerweb
environment:
PHOTOPRISM_ADMIN_USER: "admin" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "http://localhost:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
PHOTOPRISM_DEFAULT_TLS: "false" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
PHOTOPRISM_ORIGINALS_LIMIT: 50000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_SIDECAR_YAML: "true" # creates YAML sidecar files to back up picture metadata
PHOTOPRISM_BACKUP_PATH: "/photoprism/storage/backups"
PHOTOPRISM_BACKUP_ALBUMS: "true" # creates YAML files to back up album metadata
PHOTOPRISM_BACKUP_DATABASE: "true" # creates regular backups based on the configured schedule
PHOTOPRISM_BACKUP_SCHEDULE: "daily" # backup SCHEDULE in cron format (e.g. "0 12 * * *" for daily at noon) or at a random time (daily, weekly)
PHOTOPRISM_INDEX_SCHEDULE: "" # indexing SCHEDULE in cron format (e.g. "@every 3h" for every 3 hours; "" to disable)
PHOTOPRISM_AUTO_INDEX: 300 # delay before automatically indexing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_AUTO_IMPORT: -1 # delay before automatically importing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that does not require a separate database server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # MariaDB 10.5.12+ (MySQL successor) offers significantly better performance compared to SQLite
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB database user name
PHOTOPRISM_DATABASE_PASSWORD: "photoprism" # MariaDB database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "AI-Powered Photos App for the Decentralized Web" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
## Run/install on first startup (options: update https gpu ffmpeg tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
PHOTOPRISM_UID: 995
PHOTOPRISM_GID: 100
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "/host/folder/Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
- "/host/folder/NewPhotos:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "/host/folder/SSDPhotopData/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
## MariaDB Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
image: mariadb:latest
container_name: mariadb
networks:
bw-services:
aliases:
- mariadb
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- "/host/folder/SSDPhotopData/db/:/var/lib/mysql" # DO NOT REMOVE
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "photoprism"
MARIADB_ROOT_PASSWORD: "photoprism"
## Watchtower upgrades services automatically (optional)
## see https://docs.photoprism.app/getting-started/updates/#watchtower
## activate via "COMPOSE_PROFILES=update docker compose up -d"
watchtower:
restart: unless-stopped
image: containrrr/watchtower
profiles: ["update"]
environment:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/root/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account
networks: #For bunkerweb
bw-services: #For bunkerweb
external: true #For bunkerweb
name: bw-services #For bunkerweb