Refactor docker deployment and user setup (#863)
* Fix #862, address #826 and maybe some other tickets: reimplemented the docker-compose user setup to enhance product setup experience and cover much more cases.
* make unique DB container name and use it in communication from Photoview
* Removed unnecessary healthcheck for photoview from docker-compose.example.yml, as it is defined in the Dockerfile; optimized Dockerfile combining all RUN directives of PROD stage into 1, which will produce single layer and save some space; added Dockerfile-dev, docker-compose-dev.yml, and new "dev" and "dev-down" directives into Makefile, which allows to setup development env in Docker. Instructions of how to use it are in comments at the beginning of Dockerfile-dev and docker-compose-dev.yml files
* Set RWX permissions to the application's working folder for any user, so that the image could be later run with non-root permissions and the app still be able to do needed operations in the FS
* Enhanced the "Getting started" section in the readme; added the `help` target and enhanced comments in the Makefile; commented out the `docker system prune -f` with the comment about the command and why it is there; added optional and commented by default `7zz` commands to the `backup` section of the Makefile
* Use `slim` base image for final photoview image
* Implement SQLite support according to the PR #851
* Removed deprecated `version` line from compose files; optimized dockerfile to build with less layers and run as non-root; mapped only Photoview related services to Watchtower by default instead of updating all running images on a host; added template for Postgres to the .env; reverted compose executable definition, so the new compose is called when present; added a tip about `lnav` to help
* fix a typo in the username; add support of PostgreSQL; split and optimize backup target in Makefile
* Fixed some typos and styling in Readme, excluded dev-environment setup from the PR; added a list of tips on how to secure Photoview in the Advanced setup section of Readme
* Implemented many security improvements, suggested by @Omar007, switched to the dedicated Darktable's repo to install the latest released version, as asked in #935; switched Watchtower to labels instead of profiles
* forgot the compose file
* move face models back to /app folder; comment out and document unnecessary vars in compose; fix a typo in a few vars
* Exclude Makefile in the root folder from git; documented multiple mounts case better; fixed incorrect SQLite DB path
* Fixed several bugs after complete testing cycle with all 3 DBs
* removed hardcoded port in Dockerfile
* Pin the major version for the `photoview` image for stability
* Revert back to the port 80 inside the container on product owner's request
* Provide a minimal compose file and update the readme accordingly
* Handle incorrect media file and folder permissions; set correct permissions for storage folder; fix healthcheck command for postgres
---------
Co-authored-by: Konstantin Koval <kkb@ukr.net>
2024-05-15 10:58:02 +02:00
|
|
|
services:
|
|
|
|
photoview:
|
|
|
|
image: viktorstrate/photoview:2
|
|
|
|
hostname: photoview
|
|
|
|
container_name: photoview
|
|
|
|
restart: unless-stopped
|
|
|
|
stop_grace_period: 10s
|
|
|
|
ports:
|
|
|
|
- "8000:80" ## HTTP port (host:container)
|
|
|
|
## This ensures that DB is initialized and ready for connections.
|
|
|
|
## Comment out the entire `depends_on` section if PHOTOVIEW_DATABASE_DRIVER is set to `sqlite` in the .env
|
|
|
|
depends_on:
|
|
|
|
mariadb:
|
|
|
|
condition: service_healthy
|
|
|
|
## Security options for some restricted systems
|
|
|
|
security_opt:
|
|
|
|
- seccomp:unconfined
|
|
|
|
- apparmor:unconfined
|
|
|
|
environment:
|
|
|
|
PHOTOVIEW_DATABASE_DRIVER: ${PHOTOVIEW_DATABASE_DRIVER}
|
|
|
|
## Comment out the next variable in the case PHOTOVIEW_DATABASE_DRIVER is set to `sqlite` or `postgres` in the .env
|
|
|
|
PHOTOVIEW_MYSQL_URL: "${MARIADB_USER}:${MARIADB_PASSWORD}@tcp(photoview-mariadb)/${MARIADB_DATABASE}"
|
|
|
|
## Uncomment the next line if PHOTOVIEW_DATABASE_DRIVER is set to `sqlite` in the .env
|
|
|
|
# PHOTOVIEW_SQLITE_PATH: ${PHOTOVIEW_SQLITE_PATH}
|
|
|
|
PHOTOVIEW_LISTEN_IP: "photoview"
|
|
|
|
## Optional: If you are using Samba/CIFS-Share and experience problems with "directory not found"
|
|
|
|
## Enable the following Godebug
|
|
|
|
# - GODEBUG=asyncpreemptoff=1
|
|
|
|
## Optional: To enable map related features, you need to create a mapbox token.
|
|
|
|
## A token can be generated for free here https://account.mapbox.com/access-tokens/
|
|
|
|
## It's a good idea to limit the scope of the token to your own domain, to prevent others from using it.
|
|
|
|
MAPBOX_TOKEN: ${MAPBOX_TOKEN}
|
|
|
|
volumes:
|
|
|
|
## Example:
|
|
|
|
## - "/host/folder:/container/folder"
|
|
|
|
- "/etc/localtime:/etc/localtime:ro" ## use local time from host
|
|
|
|
- "/etc/timezone:/etc/timezone:ro" ## use timezone from host
|
|
|
|
## Uncomment the next line if PHOTOVIEW_DATABASE_DRIVER is set to `sqlite` in the .env
|
|
|
|
# - "${HOST_PHOTOVIEW_LOCATION}/database:/home/photoview/database"
|
|
|
|
- "${HOST_PHOTOVIEW_LOCATION}/storage:/home/photoview/media-cache"
|
|
|
|
## Change This in the .env file: to the directory where your photos are located on your server.
|
|
|
|
## You can mount multiple paths if your photos are spread across multiple directories.
|
|
|
|
## The same path as the container path set here, you'll need to provide on the Photoview's init page (the one between the ':' chars).
|
|
|
|
## If you mount several folders, provide the path to the parent one on the init page.
|
|
|
|
## If you mount several folders, make sure that there are no direct mappings to the media root folder.
|
|
|
|
## This means that you need to also modify the container path of the HOST_PHOTOVIEW_MEDIA_ROOT
|
|
|
|
## to something like '/photos/main'. Note that this new name ('main' in this example) will become an album in Photoview.
|
|
|
|
- "${HOST_PHOTOVIEW_MEDIA_ROOT}:/photos:ro"
|
|
|
|
## *Additional* media folders can be mounted like this (set the variable in .env file)
|
|
|
|
## Note that a mount cannot be located in a subfolder of another mount.
|
|
|
|
# - "${HOST_PHOTOVIEW_MEDIA_FAMILY}:/photos/Family:ro"
|
|
|
|
|
|
|
|
## Comment out the `mariadb` service if PHOTOVIEW_DATABASE_DRIVER is set to `sqlite` or `postgres` in the .env
|
|
|
|
mariadb:
|
|
|
|
image: mariadb:lts
|
|
|
|
hostname: photoview-mariadb
|
|
|
|
container_name: photoview-mariadb
|
|
|
|
restart: unless-stopped
|
|
|
|
stop_grace_period: 5s
|
|
|
|
## Optimized MariaDB startup command for better performance and compatibility
|
|
|
|
command: mariadbd --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
|
|
|
security_opt: ## see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
|
|
|
|
- seccomp:unconfined
|
|
|
|
- apparmor:unconfined
|
|
|
|
environment:
|
|
|
|
MARIADB_AUTO_UPGRADE: "1"
|
|
|
|
MARIADB_DATABASE: ${MARIADB_DATABASE}
|
|
|
|
MARIADB_USER: ${MARIADB_USER}
|
|
|
|
MARIADB_PASSWORD: ${MARIADB_PASSWORD}
|
|
|
|
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
|
|
|
|
volumes:
|
|
|
|
## Example:
|
|
|
|
## - "/host/folder:/container/folder"
|
|
|
|
- "/etc/localtime:/etc/localtime:ro" ## use local time from host
|
|
|
|
- "/etc/timezone:/etc/timezone:ro" ## use timezone from host
|
|
|
|
- "${HOST_PHOTOVIEW_LOCATION}/database/mariadb:/var/lib/mysql" ## DO NOT REMOVE
|
|
|
|
healthcheck:
|
2024-06-02 20:02:14 +02:00
|
|
|
test: healthcheck.sh --connect --innodb_initialized
|
Refactor docker deployment and user setup (#863)
* Fix #862, address #826 and maybe some other tickets: reimplemented the docker-compose user setup to enhance product setup experience and cover much more cases.
* make unique DB container name and use it in communication from Photoview
* Removed unnecessary healthcheck for photoview from docker-compose.example.yml, as it is defined in the Dockerfile; optimized Dockerfile combining all RUN directives of PROD stage into 1, which will produce single layer and save some space; added Dockerfile-dev, docker-compose-dev.yml, and new "dev" and "dev-down" directives into Makefile, which allows to setup development env in Docker. Instructions of how to use it are in comments at the beginning of Dockerfile-dev and docker-compose-dev.yml files
* Set RWX permissions to the application's working folder for any user, so that the image could be later run with non-root permissions and the app still be able to do needed operations in the FS
* Enhanced the "Getting started" section in the readme; added the `help` target and enhanced comments in the Makefile; commented out the `docker system prune -f` with the comment about the command and why it is there; added optional and commented by default `7zz` commands to the `backup` section of the Makefile
* Use `slim` base image for final photoview image
* Implement SQLite support according to the PR #851
* Removed deprecated `version` line from compose files; optimized dockerfile to build with less layers and run as non-root; mapped only Photoview related services to Watchtower by default instead of updating all running images on a host; added template for Postgres to the .env; reverted compose executable definition, so the new compose is called when present; added a tip about `lnav` to help
* fix a typo in the username; add support of PostgreSQL; split and optimize backup target in Makefile
* Fixed some typos and styling in Readme, excluded dev-environment setup from the PR; added a list of tips on how to secure Photoview in the Advanced setup section of Readme
* Implemented many security improvements, suggested by @Omar007, switched to the dedicated Darktable's repo to install the latest released version, as asked in #935; switched Watchtower to labels instead of profiles
* forgot the compose file
* move face models back to /app folder; comment out and document unnecessary vars in compose; fix a typo in a few vars
* Exclude Makefile in the root folder from git; documented multiple mounts case better; fixed incorrect SQLite DB path
* Fixed several bugs after complete testing cycle with all 3 DBs
* removed hardcoded port in Dockerfile
* Pin the major version for the `photoview` image for stability
* Revert back to the port 80 inside the container on product owner's request
* Provide a minimal compose file and update the readme accordingly
* Handle incorrect media file and folder permissions; set correct permissions for storage folder; fix healthcheck command for postgres
---------
Co-authored-by: Konstantin Koval <kkb@ukr.net>
2024-05-15 10:58:02 +02:00
|
|
|
interval: 1m
|
|
|
|
timeout: 5s
|
|
|
|
retries: 5
|
|
|
|
start_period: 3m
|