Skip to content

Using NGINX as Reverse Proxy

Getting Support

Since NGINX is notoriously difficult to configure, we are unable to provide technical support for NGINX-related issues such as failed uploads, connection errors, broken thumbnails, and video playback problems. If you cannot resolve these on your own, we recommend that you ask their community for advice or use Traefik instead, which is easier to configure and more convenient to handle overall.

This tutorial explains, how to configure NGINX WebSocket connections between your client and backend services.


http {
  server {
    listen 80 ssl;
    listen [::]:80 ssl;
    client_max_body_size 500M;

    # With SSL via Let's Encrypt
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;

      proxy_pass http://photoprism:2342;

      proxy_buffering off;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      client_max_body_size 500M;

At the very least you will need to adapt server_name and the ssl_certificate/ssl_certificate_key paths to match your setup. Please refer to their official documentation for further details.

View "Pitfalls and Common Mistakes" ›

Why Use a Proxy?

If you install PhotoPrism on a public server outside your home network, always run it behind a secure HTTPS reverse proxy. Your files and passwords will otherwise be transmitted in clear text and can be intercepted by anyone, including your provider, hackers, and governments. Backup tools and file sync apps may refuse to connect as well.

Help improve these docs! You can contribute by clicking to send a pull request with your changes.