From 3abe3901ea7c778a733a6354831de95ece473885 Mon Sep 17 00:00:00 2001 From: Carl Pearson Date: Mon, 4 Jan 2021 07:03:28 -0700 Subject: [PATCH] update --- content/post/20210103-photoprism/index.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/content/post/20210103-photoprism/index.md b/content/post/20210103-photoprism/index.md index 6b72ae2..951a645 100644 --- a/content/post/20210103-photoprism/index.md +++ b/content/post/20210103-photoprism/index.md @@ -43,7 +43,7 @@ categories = [] [PhotoPrism](https://photoprism.app/) is a server-based application for browsing, organizing, and sharing your photo collection. Here, I describe how I set it up on a Google Compute Engine virtual machine using docker-compose, an nginx https proxy, and LetsEncrypt. -*I know just enough about networking to be dangerous and next to nothing about HTTPS. This setup worked for me and I believe it to be reasonably secure, but I make not guarantees.* +*Disclaimer: I know next to nothing about securing applications exposed to the internet. Use at your own risk.* In this entire post, I assume your domain will be `photoprism.example.com`. You'll need to change all instances of that throughout. @@ -55,14 +55,14 @@ It simplifies the firewall rules. Depending on whether you want automatic Tensorflow image labeling: -* *no*: e2-micro (2 vCPU, 1GB RAM) +* *no*: e2-micro (2 vCPU, 1GB RAM). Needs swap during indexing. * *yes*: e2-medium (2 vCPU, 4GB RAM). You can get away with e2-small (2 GB RAM) if you're willing to enable swap. As for the other VM settings: * Debian 10 image and 50 GB disk. The OS and photoprism docker images use quite a few GBs, and you need some space left for your pictures. * Allow HTTP and HTTPS traffic. - * the LetsEncrypt certbot will try to connect to this machine over HTTP to validate you own the domain. + * LetsEncrypt `certbot` will try to connect to this machine over HTTP to validate you own the domain. * you can disable HTTP later. * Create/attach a static IPv4 address to your instance. * Add the corresponding custom resource record to your DNS (this allows `photoprism.example.com`. Change `photoprism` to a different subdomain if you like) @@ -104,6 +104,8 @@ echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab > /dev/null ## Get your HTTPS certificate with LetsEncrypt +*remember to change `photoprism.example.com`* + Run `sudo certbot certonly -d photoprism.example.com` Since we installed nginx in the previous step, select the "nginx plugin" option (this is where you need HTTP allowed through the firewall). @@ -140,7 +142,7 @@ I recommend not using special characters, as the wrong combo can cause things to *Note that `PHOTOPRISM_DATABASE_PASSWORD` and `MYSQL_PASSWORD` must be the same.* -If you are using the smaller kind of instance, also set +If you are using a smaller instance, also set ```yaml PHOTOPRISM_WORKERS: 1 PHOTOPRISM_DISABLE_TENSORFLOW: "true" @@ -148,7 +150,7 @@ PHOTOPRISM_DISABLE_TENSORFLOW: "true" To start photoprism, run `sudo docker-compose up -d` -You can look at logs with `docker-compose logs`. you should not see anything like "failed to connect to database" +You can look at logs with `sudo docker-compose logs`. you should not see anything like "failed to connect to database" If you goof this up, you need to do something like (this will delete everything) ``` @@ -159,7 +161,7 @@ sudo rm -r storage database ## Configure and Start NGINX -*remember to change all `photoprism.example.com`* +*remember to change `photoprism.example.com`* I had to follow alternate instructions [here](https://docs.photoprism.org/getting-started/advanced/nginx-proxy-setup/) *(the current instructions [here](https://docs.photoprism.org/getting-started/proxies/nginx/) did not work for me)*.