johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

update compose and init for postgresql

Browse Source
This commit is contained in:
Keith Martin
2025-02-25 21:18:50 +10:00
parent 3d352f2314
commit 61036c49d7
3 changed files with 316 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
compose.postgres.yaml
View File

@@ -12,25 +12,70 @@ services:
depends_on: depends_on:
- postgres - postgres
- dummy-webdav - dummy-webdav
- dummy-oidc
stop_grace_period: 10s
security_opt: security_opt:
- seccomp:unconfined - seccomp:unconfined
- apparmor:unconfined - apparmor:unconfined
ports: ports:
- "2342:2342" # default HTTP port (host:container) - "2342:2342" # Default HTTP port (host:container)
- "2343:2343" # acceptance Test HTTP port (host:container) - "2443:2443" # Default TLS port (host:container)
working_dir: "/go/src/github.com/photoprism/photoprism" - "2343:2343" # Acceptance Test HTTP port (host:container)
volumes: - "40000:40000" # Go Debugger (host:container)
- ".:/go/src/github.com/photoprism/photoprism"
- "go-mod:/go/pkg/mod"
shm_size: "2gb" shm_size: "2gb"
links:
- "traefik:localssl.dev"
- "traefik:app.localssl.dev"
- "traefik:keycloak.localssl.dev"
- "traefik:dummy-oidc.localssl.dev"
- "traefik:dummy-webdav.localssl.dev"
labels:
- "traefik.enable=true"
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
- "traefik.http.services.photoprism.loadbalancer.server.scheme=http"
- "traefik.http.routers.photoprism.entrypoints=websecure"
- "traefik.http.routers.photoprism.rule=Host(`localssl.dev`) || HostRegexp(`^.+\\.localssl\\.dev`)"
- "traefik.http.routers.photoprism.priority=2"
- "traefik.http.routers.photoprism.tls.domains[0].main=localssl.dev"
- "traefik.http.routers.photoprism.tls.domains[0].sans=*.localssl.dev"
- "traefik.http.routers.photoprism.tls=true"
environment: environment:
PHOTOPRISM_INIT: "https" ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
PHOTOPRISM_UID: ${UID:-1000} # user id, should match your host user id
PHOTOPRISM_GID: ${GID:-1000} # group id
## Access Management:
PHOTOPRISM_ADMIN_USER: "admin" # admin login username PHOTOPRISM_ADMIN_USER: "admin" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # initial admin password (8-72 characters) PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "http://localhost:2342/" PHOTOPRISM_REGISTER_URI: "https://keycloak.localssl.dev/admin/"
PHOTOPRISM_PASSWORD_RESET_URI: "https://keycloak.localssl.dev/realms/master/login-actions/reset-credentials"
## OpenID Connect (pre-configured for local tests):
## see https://keycloak.localssl.dev/realms/master/.well-known/openid-configuration
PHOTOPRISM_OIDC_URI: "https://keycloak.localssl.dev/realms/master"
PHOTOPRISM_OIDC_CLIENT: "photoprism-develop"
PHOTOPRISM_OIDC_SECRET: "9d8351a0-ca01-4556-9c37-85eb634869b9"
PHOTOPRISM_OIDC_PROVIDER: "Keycloak"
PHOTOPRISM_OIDC_REGISTER: "true"
PHOTOPRISM_OIDC_WEBDAV: "true"
PHOTOPRISM_DISABLE_OIDC: "false"
## LDAP Authentication (pre-configured for local tests):
PHOTOPRISM_LDAP_URI: "ldap://dummy-ldap:389"
PHOTOPRISM_LDAP_INSECURE: "true"
PHOTOPRISM_LDAP_SYNC: "true"
PHOTOPRISM_LDAP_BIND: "simple"
PHOTOPRISM_LDAP_BIND_DN: "cn"
PHOTOPRISM_LDAP_BASE_DN: "dc=localssl,dc=dev"
PHOTOPRISM_LDAP_ROLE: ""
PHOTOPRISM_LDAP_ROLE_DN: "ou=photoprism-*,ou=groups,dc=localssl,dc=dev"
PHOTOPRISM_LDAP_WEBDAV_DN: "ou=photoprism-webdav,ou=groups,dc=localssl,dc=dev"
## HTTPS/TLS Options:
## see https://docs.photoprism.app/getting-started/using-https/
PHOTOPRISM_DISABLE_TLS: "true"
PHOTOPRISM_DEFAULT_TLS: "true"
## Site Information:
PHOTOPRISM_SITE_URL: "https://app.localssl.dev/" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "Open-Source Photo Management" PHOTOPRISM_SITE_DESCRIPTION: "Tags and finds pictures without getting in your way!"
PHOTOPRISM_SITE_AUTHOR: "@photoprism_app" PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"
PHOTOPRISM_DEBUG: "true" PHOTOPRISM_DEBUG: "true"
PHOTOPRISM_READONLY: "false" PHOTOPRISM_READONLY: "false"
@@ -45,6 +90,7 @@ services:
PHOTOPRISM_DATABASE_USER: "photoprism" PHOTOPRISM_DATABASE_USER: "photoprism"
PHOTOPRISM_DATABASE_PASSWORD: "photoprism" PHOTOPRISM_DATABASE_PASSWORD: "photoprism"
PHOTOPRISM_TEST_DRIVER: "sqlite" PHOTOPRISM_TEST_DRIVER: "sqlite"
# PHOTOPRISM_TEST_DSN_MYSQL8: "root:photoprism@tcp(mysql:4001)/photoprism?charset=utf8mb4,utf8&collation=utf8mb4_unicode_ci&parseTime=true&timeout=15s"
PHOTOPRISM_ASSETS_PATH: "/go/src/github.com/photoprism/photoprism/assets" PHOTOPRISM_ASSETS_PATH: "/go/src/github.com/photoprism/photoprism/assets"
PHOTOPRISM_STORAGE_PATH: "/go/src/github.com/photoprism/photoprism/storage" PHOTOPRISM_STORAGE_PATH: "/go/src/github.com/photoprism/photoprism/storage"
PHOTOPRISM_ORIGINALS_PATH: "/go/src/github.com/photoprism/photoprism/storage/originals" PHOTOPRISM_ORIGINALS_PATH: "/go/src/github.com/photoprism/photoprism/storage/originals"
@@ -56,35 +102,172 @@ services:
PHOTOPRISM_DISABLE_PLACES: "false" # disables reverse geocoding and maps PHOTOPRISM_DISABLE_PLACES: "false" # disables reverse geocoding and maps
PHOTOPRISM_DISABLE_EXIFTOOL: "false" # disables creating JSON metadata sidecar files with ExifTool PHOTOPRISM_DISABLE_EXIFTOOL: "false" # disables creating JSON metadata sidecar files with ExifTool
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "false" # allows uploads that MAY be offensive (no effect without TensorFlow) PHOTOPRISM_UPLOAD_NSFW: "false" # allows uploads that MAY be offensive (no effect without TensorFlow)
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance) PHOTOPRISM_THUMB_LIBRARY: "auto" # image processing library to be used for generating thumbnails (auto, imaging, vips)
PHOTOPRISM_THUMB_FILTER: "lanczos" # resample filter, best to worst: blackman, lanczos, cubic, linear PHOTOPRISM_THUMB_FILTER: "auto" # downscaling filter (imaging best to worst: blackman, lanczos, cubic, linear, nearest)
PHOTOPRISM_THUMB_UNCACHED: "true" # enables on-demand thumbnail rendering (high memory and cpu usage) PHOTOPRISM_THUMB_UNCACHED: "true" # enables on-demand thumbnail rendering (high memory and cpu usage)
PHOTOPRISM_THUMB_SIZE: 1920 # pre-rendered thumbnail size limit (default 1920, min 720, max 7680)
# PHOTOPRISM_THUMB_SIZE: 4096 # Retina 4K, DCI 4K (requires more storage); 7680 for 8K Ultra HD
PHOTOPRISM_THUMB_SIZE_UNCACHED: 7680 # on-demand rendering size limit (default 7680, min 720, max 7680)
PHOTOPRISM_JPEG_SIZE: 7680 # size limit for converted image files in pixels (720-30000)
TF_CPP_MIN_LOG_LEVEL: 0 # show TensorFlow log messages for development TF_CPP_MIN_LOG_LEVEL: 0 # show TensorFlow log messages for development
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
# LIBVA_DRIVER_NAME: "i965" # For Intel architectures Haswell and older which do not support QSV yet but use VAAPI instead
## Run/install on first startup (options: update https gpu ffmpeg tensorflow davfs clitools clean):
PHOTOPRISM_INIT: "https tensorflow"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV (Broadwell and later) or VAAPI (Haswell and earlier)
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/go/src/github.com/photoprism/photoprism"
volumes:
- ".:/go/src/github.com/photoprism/photoprism"
- "go-mod:/go/pkg/mod"
## PostgreSQL Database Server ## PostgreSQL Database Server
## Docs: https://www.postgresql.org/docs/ ## Docs: https://www.postgresql.org/docs/
postgres: postgres:
image: postgres:12-alpine image: postgres:17-alpine
expose:
- "5432"
ports: ports:
- "5432:5432" # database port (host:container) - "5432:5432" # database port (host:container)
volumes:
- "postgresql:/var/lib/postgresql"
- "./scripts/sql/postgresql-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment: environment:
POSTGRES_DB: photoprism POSTGRES_DB: photoprism
POSTGRES_USER: photoprism POSTGRES_USER: photoprism
POSTGRES_PASSWORD: photoprism POSTGRES_PASSWORD: photoprism
## Traefik v3 (Reverse Proxy)
## includes "*.localssl.dev" SSL certificate for test environments
## Docs: https://doc.traefik.io/traefik/
traefik:
image: photoprism/traefik:latest
security_opt:
- no-new-privileges:true
ports:
- "80:80" # HTTP (redirects to HTTPS)
- "443:443" # HTTPS (required)
labels:
- "traefik.enable=true"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" # enables Traefik to watch services
## Dummy WebDAV Server ## Dummy WebDAV Server
dummy-webdav: dummy-webdav:
image: photoprism/dummy-webdav:231015 image: photoprism/dummy-webdav:240627
environment: environment:
WEBDAV_USERNAME: admin WEBDAV_USERNAME: admin
WEBDAV_PASSWORD: photoprism WEBDAV_PASSWORD: photoprism
labels:
- "traefik.enable=true"
- "traefik.http.services.dummy-webdav.loadbalancer.server.port=80"
- "traefik.http.routers.dummy-webdav.entrypoints=websecure"
- "traefik.http.routers.dummy-webdav.rule=Host(`dummy-webdav.localssl.dev`)"
- "traefik.http.routers.dummy-webdav.priority=3"
- "traefik.http.routers.dummy-webdav.tls.domains[0].main=localssl.dev"
- "traefik.http.routers.dummy-webdav.tls.domains[0].sans=*.localssl.dev"
- "traefik.http.routers.dummy-webdav.tls=true"
## Dummy OIDC Identity Provider
dummy-oidc:
image: photoprism/dummy-oidc:240627
labels:
- "traefik.enable=true"
- "traefik.http.services.dummy-oidc.loadbalancer.server.port=9998"
- "traefik.http.routers.dummy-oidc.entrypoints=websecure"
- "traefik.http.routers.dummy-oidc.rule=Host(`dummy-oidc.localssl.dev`)"
- "traefik.http.routers.dummy-oidc.priority=3"
- "traefik.http.routers.dummy-oidc.tls.domains[0].main=localssl.dev"
- "traefik.http.routers.dummy-oidc.tls.domains[0].sans=*.localssl.dev"
- "traefik.http.routers.dummy-oidc.tls=true"
## Dummy LDAP Directory Server
## Docs: https://glauth.github.io/docs/
dummy-ldap:
image: glauth/glauth-plugins:latest
ports:
- "127.0.0.1:389:389"
labels:
- "traefik.enable=true"
- "traefik.http.services.ldap.loadbalancer.server.port=5555"
- "traefik.http.routers.dummy-ldap.entrypoints=websecure"
- "traefik.http.routers.dummy-ldap.rule=Host(`dummy-ldap.localssl.dev`)"
- "traefik.http.routers.dummy-ldap.priority=3"
- "traefik.http.routers.dummy-ldap.tls.domains[0].main=localssl.dev"
- "traefik.http.routers.dummy-ldap.tls.domains[0].sans=*.localssl.dev"
- "traefik.http.routers.dummy-ldap.tls=true"
volumes:
- "./.ldap.cfg:/app/config/config.cfg"
## Keycloak (OIDC Identity Provider)
## Docs: https://www.keycloak.org/docs/latest/server_admin/
## Login with "user / photoprism" and "admin / photoprism".
keycloak:
image: quay.io/keycloak/keycloak:25.0
command: "start-dev" # development mode, do not use this in production!
links:
- "traefik:localssl.dev"
- "traefik:app.localssl.dev"
labels:
- "traefik.enable=true"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.entrypoints=websecure"
- "traefik.http.routers.keycloak.rule=Host(`keycloak.localssl.dev`)"
- "traefik.http.routers.keycloak.priority=3"
- "traefik.http.routers.keycloak.tls.domains[0].main=localssl.dev"
- "traefik.http.routers.keycloak.tls.domains[0].sans=*.localssl.dev"
- "traefik.http.routers.keycloak.tls=true"
environment: # see https://www.keycloak.org/server/all-config
KEYCLOAK_ADMIN: "admin"
KEYCLOAK_ADMIN_PASSWORD: "photoprism"
KC_METRICS_ENABLED: "false"
KC_HOSTNAME: "keycloak.localssl.dev"
KC_HOSTNAME_STRICT: "false"
KC_PROXY: "edge"
KC_DB: "postgres"
KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
KC_DB_USERNAME: "keycloak"
KC_DB_PASSWORD: "keycloak"
## Run "docker compose --profile prometheus up" to start your development environment with Prometheus.
## Docs: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2
## The following grants API access to Prometheus with the preconfigured client credentials (adjust flags as needed):
## ./photoprism client add --id=cs5cpu17n6gj2qo5 --secret=xcCbOrw6I0vcoXzhnOmXhjpVSyFq0l0e -s metrics -n Prometheus -e 60 -t 1
prometheus:
image: prom/prometheus:latest
profiles: ["all", "auth", "prometheus"]
labels:
- "traefik.enable=true"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
- "traefik.http.routers.prometheus.entrypoints=websecure"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.localssl.dev`)"
- "traefik.http.routers.prometheus.priority=3"
- "traefik.http.routers.prometheus.tls.domains[0].main=localssl.dev"
- "traefik.http.routers.prometheus.tls.domains[0].sans=*.localssl.dev"
- "traefik.http.routers.prometheus.tls=true"
volumes:
- "./prometheus.yml:/etc/prometheus/prometheus.yml"
## Create named volume for Go module cache
volumes: volumes:
go-mod: go-mod:
driver: local driver: local
postgresql:
driver: local
## Create shared "photoprism-develop" network for connecting with services in other compose.yaml files
networks:
default:
name: photoprism
driver: bridge

32
scripts/dist/install-postgresql.sh vendored Normal file
View File

@@ -0,0 +1,32 @@
#!/usr/bin/env bash
# Installs PostgreSQL on Linux.
# bash <(curl -s https://raw.githubusercontent.com/photoprism/photoprism/develop/scripts/dist/install-postgresql.sh)
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/scripts:$PATH"
if [[ -z $1 ]]; then
PACKAGES="postgresql-client"
else
PACKAGES=$1
fi
set -e
. /etc/os-release
# Determine target architecture.
if [[ $PHOTOPRISM_ARCH ]]; then
SYSTEM_ARCH=$PHOTOPRISM_ARCH
else
SYSTEM_ARCH=$(uname -m)
fi
DESTARCH=${BUILD_ARCH:-$SYSTEM_ARCH}
echo "Installing \"$PACKAGES\" distribution packages for ${DESTARCH^^}..."
sudo apt-get update
sudo apt-get -qq install $PACKAGES
echo "Done."

72
scripts/sql/postgresql-init.sql Normal file
View File

@@ -0,0 +1,72 @@
SELECT 'CREATE DATABASE keycloak'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'keycloak')\gexec
SELECT 'CREATE USER keycloak PASSWORD ''keycloak'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'keycloak')\gexec
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
SELECT 'CREATE DATABASE local'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'local')\gexec
SELECT 'CREATE USER local PASSWORD ''local'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'local')\gexec
GRANT ALL PRIVILEGES ON DATABASE local TO local;
SELECT 'CREATE DATABASE latest'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'latest')\gexec
SELECT 'CREATE USER latest PASSWORD ''latest'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'latest')\gexec
GRANT ALL PRIVILEGES ON DATABASE latest TO latest;
SELECT 'CREATE DATABASE preview'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'preview')\gexec
SELECT 'CREATE USER preview PASSWORD ''preview'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'preview')\gexec
GRANT ALL PRIVILEGES ON DATABASE preview TO preview;
SELECT 'CREATE DATABASE testdb'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'testdb')\gexec
SELECT 'CREATE USER testdb PASSWORD ''testdb'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'testdb')\gexec
GRANT ALL PRIVILEGES ON DATABASE testdb TO testdb;
SELECT 'CREATE DATABASE migrate'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'migrate')\gexec
SELECT 'CREATE USER migrate PASSWORD ''migrate'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'migrate')\gexec
GRANT ALL PRIVILEGES ON DATABASE migrate TO migrate;
SELECT 'CREATE DATABASE acceptance'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'acceptance')\gexec
SELECT 'CREATE USER acceptance PASSWORD ''acceptance'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'acceptance')\gexec
GRANT ALL PRIVILEGES ON DATABASE acceptance TO acceptance;
SELECT 'CREATE DATABASE photoprism_01'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'photoprism_01')\gexec
SELECT 'CREATE USER photoprism_01 PASSWORD ''photoprism_01'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'photoprism_01')\gexec
GRANT ALL PRIVILEGES ON DATABASE photoprism_01 TO photoprism_01;
SELECT 'CREATE DATABASE photoprism_02'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'photoprism_02')\gexec
SELECT 'CREATE USER photoprism_02 PASSWORD ''photoprism_02'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'photoprism_02')\gexec
GRANT ALL PRIVILEGES ON DATABASE photoprism_02 TO photoprism_02;
SELECT 'CREATE DATABASE photoprism_03'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'photoprism_03')\gexec
SELECT 'CREATE USER photoprism_03 PASSWORD ''photoprism_03'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'photoprism_03')\gexec
GRANT ALL PRIVILEGES ON DATABASE photoprism_03 TO photoprism_03;
SELECT 'CREATE DATABASE photoprism_04'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'photoprism_04')\gexec
SELECT 'CREATE USER photoprism_04 PASSWORD ''photoprism_04'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'photoprism_04')\gexec
GRANT ALL PRIVILEGES ON DATABASE photoprism_04 TO photoprism_04;
SELECT 'CREATE DATABASE photoprism_05'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'photoprism_05')\gexec
SELECT 'CREATE USER photoprism_05 PASSWORD ''photoprism_05'''
WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'photoprism_05')\gexec
GRANT ALL PRIVILEGES ON DATABASE photoprism_05 TO photoprism_05;