Skip to content

Using Traefik as Reverse Proxy

Best Choice

Our example shows a working configuration, excluding general PhotoPrism config options documented in Setup Using Docker Compose:

docker-compose.yml

services:
  traefik:
    image: traefik:v2.5
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./traefik.yaml:/etc/traefik/traefik.yaml"
      - "./traefik/data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"

  photoprism:
    image: photoprism/photoprism:latest
    restart: unless-stopped
    labels:
      - "traefik.http.routers.photoprism.rule=Host(`example.com`)"
      - "traefik.http.routers.photoprism.tls=true"
      - "traefik.http.routers.photoprism.tls.certresolver=myresolver"
    volumes:
      - "./originals:/photoprism/originals"
      - "./storage:/photoprism/storage"
    environment:
        PHOTOPRISM_SITE_URL: "https://example.com/"

traefik.yaml

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
  websecure:
    address: ":443"

providers:
  docker: {}

certificatesResolvers:
  myresolver:
    acme:
      email: [email protected]
      storage: /data/letsencrypt.json
      httpChallenge:
        entryPoint: web

Please refer to the official documentation for further details.

Why Use a Proxy?

If you install PhotoPrism on a public server outside your home network, always run it behind a secure HTTPS reverse proxy. Your files and passwords will otherwise be transmitted in clear text and can be intercepted by anyone, including your provider, hackers, and governments. Backup tools and file sync apps may refuse to connect as well.