Skip to content

Using NGINX as Reverse Proxy

If you are experiencing problems with NGINX, such as failed uploads, connection errors, broken thumbnails, and video playback problems, please consider asking the NGINX community for advice, as we do not specialize in supporting their product, which is notoriously difficult to configure. Instead, we recommend using Traefik as a reverse proxy as this is easier and more convenient.

This tutorial explains, how to configure NGINX WebSocket connections between your client and backend services.


http {
  server {
    listen 80 ssl;
    listen [::]:80 ssl;
    client_max_body_size 500M;

    # With SSL via Let's Encrypt
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;

      proxy_pass http://photoprism:2342;

      proxy_buffering off;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      client_max_body_size 500M;

At the very least you will need to adapt server_name and the ssl_certificate/ssl_certificate_key paths to match your setup. Please refer to their official documentation for further details.

View "Pitfalls and Common Mistakes" ›

Why Use a Proxy?

If you install PhotoPrism on a public server outside your home network, always run it behind a secure HTTPS reverse proxy. Your files and passwords will otherwise be transmitted in clear text and can be intercepted by anyone, including your provider, hackers, and governments. Backup tools and file sync apps may refuse to connect as well.

Help improve these docs! You can contribute by clicking to send a pull request with your changes.