Configuring Your Firewall

You are welcome to ask for help in our community chat. Sponsors receive direct technical support via email. Before submitting a support request, try to determine the cause of your problem.

Incoming Requests

Unless you have changed the default configuration, PhotoPrism is reachable via port 2342 on all network devices. If you are using a firewall, please ensure that this port can be accessed from other computers on your network, or that your instance can be accessed through a reverse proxy:

Outgoing Connections

As explained in our Privacy Policy, reverse geocoding and interactive world maps depend on retrieving the necessary information from us and MapTiler AG, headquartered in Switzerland. Both services are provided with a very high level of privacy and confidentiality.

View Privacy Policy › View Compliance FAQ ›

In order to successfully set up your installation and view location details in PhotoPrism, you must allow requests to the following hosts if you have a firewall installed, and make sure that your Internet connection is working:

• dl.photoprism.app
• my.photoprism.app
• cdn.photoprism.app
• maps.photoprism.app
• places.photoprism.app
• places.photoprism.xyz

In addition, the following API endpoints should be allowed so that public Docker images can be pulled from Docker Hub:

• auth.docker.io
• registry-1.docker.io
• index.docker.io
• dseasb33srnrn.cloudfront.net
• production.cloudflare.docker.com

IPTables and Docker

On Linux, Docker manipulates the iptables rules to provide network isolation. This does have some implications for what you need to do if you want to have your own policies in addition to the rules Docker manages.

Learn more ›

Docker MTU Size

If you use Docker on your server or on a virtual machine, technical limitations of the local network or your internet provider can also make it impossible to reach external services. In particular, the network cards of virtual machines often do not have the standard Maximum Transmission Unit (MTU) of 1500, but a smaller size like 1492 or 1454.

In this case, you must configure the virtual network cards of your Docker containers so that they have an MTU size that is less than or equal to that of the outgoing network, for example by adding the following to your compose.yaml (or docker-compose.yml) config files:

networks:
  default:
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1450

Learn more ›

All network configuration changes require a restart of the affected services and/or the Docker daemon to take effect.