OIDC: Add Traefik, Keycloak and Rename Development Base Image #782

This commit is contained in:
Michael Mayer 2022-01-06 11:31:37 +01:00
parent 90f7afb1e7
commit 4309e28efd
15 changed files with 2860 additions and 65 deletions

View file

@ -1,7 +1,7 @@
FROM photoprism/development:20211210
FROM photoprism/develop:20211218
# Copy latest entrypoint script
COPY --chown=root:root /docker/development/entrypoint.sh /entrypoint.sh
COPY --chown=root:root /docker/develop/entrypoint.sh /entrypoint.sh
COPY --chown=root:root /docker/scripts/Makefile /root/Makefile
# Set up project directory

View file

@ -202,22 +202,22 @@ clean:
rm -rf storage/backup
rm -rf storage/cache
rm -rf frontend/node_modules
docker-development:
docker-develop:
docker pull --platform=amd64 ubuntu:21.10
docker pull --platform=arm64 ubuntu:21.10
scripts/docker/multiarch.sh development linux/amd64,linux/arm64 $(DOCKER_TAG)
scripts/docker/multiarch.sh develop linux/amd64,linux/arm64 $(DOCKER_TAG)
docker-preview:
scripts/docker/multiarch.sh photoprism linux/amd64,linux/arm64
docker-release:
scripts/docker/multiarch.sh photoprism linux/amd64,linux/arm64 $(DOCKER_TAG)
docker-armv7-development:
docker-armv7-develop:
docker pull --platform=arm ubuntu:21.10
scripts/docker/arch.sh development linux/arm armv7 /armv7
scripts/docker/arch.sh develop linux/arm armv7 /armv7
docker-armv7-preview:
docker pull --platform=arm photoprism/development:armv7
docker pull --platform=arm photoprism/develop:armv7
scripts/docker/arch.sh photoprism linux/arm armv7-preview /armv7
docker-armv7-release:
docker pull --platform=arm photoprism/development:armv7
docker pull --platform=arm photoprism/develop:armv7
scripts/docker/arch.sh photoprism linux/arm armv7 /armv7
docker-local:
scripts/docker/build.sh photoprism

View file

@ -152,7 +152,7 @@ services:
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
@ -167,7 +167,7 @@ services:
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism

View file

@ -1,9 +1,9 @@
version: '3.5'
# Stable Release (for developers only)
## Latest Stable Release for QA
services:
## App Server (required)
## App Server
## Docs: https://docs.photoprism.org/
photoprism-latest:
image: photoprism/photoprism:latest
security_opt:
@ -11,10 +11,20 @@ services:
- apparmor:unconfined
ports:
- "2344:2342" # HTTP port (host:container)
labels:
- "traefik.enable=true"
- "traefik.http.services.photoprism-latest.loadbalancer.server.port=2342"
- "traefik.http.routers.photoprism-latest.entrypoints=websecure"
- "traefik.http.routers.photoprism-latest.rule=Host(`photoprism-latest.traefik.net`)"
- "traefik.http.routers.photoprism-latest.tls.domains[0].main=traefik.net"
- "traefik.http.routers.photoprism-latest.tls.domains[0].sans=*.traefik.net"
- "traefik.http.routers.photoprism-latest.tls=true"
environment:
PHOTOPRISM_UID: ${UID:-1000}
PHOTOPRISM_GID: ${GID:-1000}
PHOTOPRISM_SITE_URL: "http://localhost:2344/"
PHOTOPRISM_UID: ${UID:-1000} # User ID
PHOTOPRISM_GID: ${GID:-1000} # Group ID
PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # Admin password (min 4 characters)
## Public server URL incl http:// or https:// and /path, :port is optional
PHOTOPRISM_SITE_URL: "https://photoprism-latest.traefik.net/"
PHOTOPRISM_SITE_TITLE: "PhotoPrism"
PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
PHOTOPRISM_SITE_DESCRIPTION: "Open-Source Photo Management"
@ -32,7 +42,6 @@ services:
PHOTOPRISM_DATABASE_NAME: "latest"
PHOTOPRISM_DATABASE_USER: "root"
PHOTOPRISM_DATABASE_PASSWORD: "photoprism"
PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # The initial admin password (min 4 characters)
PHOTOPRISM_DISABLE_CHOWN: "false" # Disables storage permission updates on startup
PHOTOPRISM_DISABLE_BACKUPS: "false" # Don't backup photo and album metadata to YAML files
PHOTOPRISM_DISABLE_WEBDAV: "false" # Disables built-in WebDAV server
@ -56,7 +65,8 @@ services:
- "./storage/latest:/photoprism/storage"
- "./storage/originals:/photoprism/originals"
## Join shared "photoprism-develop" network
networks:
default:
external:
name: shared
name: photoprism-develop

View file

@ -1,8 +1,22 @@
version: '3.5'
# Legacy Databases Servers (for developers only)
## MariaDB Server Versions for Development & Testing
services:
## MariaDB 10.7 Database Server
mariadb-10-7:
image: mariadb:10.7
command: mysqld --port=4001 --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: photoprism
MYSQL_DATABASE: photoprism
## MariaDB 10.5.5 Database Server
## Affected by MDEV-25362: Incorrect name resolution for subqueries in ON expressions
## see https://jira.mariadb.org/browse/MDEV-25362
mariadb-10-5-5:
@ -11,53 +25,59 @@ services:
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: photoprism
MYSQL_DATABASE: photoprism
## MariaDB 10.3 Database Server
## Docs: https://mariadb.com/docs/reference/cs10.3/
mariadb-10-3:
image: mariadb:10.3
command: mysqld --port=4001 --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: photoprism
MYSQL_DATABASE: photoprism
## MariaDB 10.2 Database Server
## Docs: https://mariadb.com/docs/reference/cs10.2/
mariadb-10-2:
image: mariadb:10.2
command: mysqld --port=4001 --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: photoprism
MYSQL_DATABASE: photoprism
## MariaDB 10.1 Database Server
mariadb-10-1:
image: mariadb:10.1
command: mysqld --port=4001 --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: photoprism
MYSQL_DATABASE: photoprism
## Join shared "photoprism-develop" network
networks:
default:
external:
name: shared
name: photoprism-develop

View file

@ -7,7 +7,19 @@ version: '3.5'
## - Keycloak OpenID Connect Provider
## - and Dummy Services
services:
## App Server
## Traefik v2.5.5 HTTPS Reverse Proxy
## Includes test certificates for https://*.traefik.net/
## Docs: https://doc.traefik.io/traefik/
traefik:
image: photoprism/traefik:20211218
ports:
# - "80:80" # HTTP (redirects to HTTPS)
- "443:443" # HTTPS (required)
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" # Host names are configured with Docker labels
## App Build Environment
## Docs: https://docs.photoprism.org/developer-guide/
photoprism:
build: .
image: photoprism/photoprism:develop
@ -18,18 +30,33 @@ services:
- seccomp:unconfined
- apparmor:unconfined
ports:
- "2342:2342" # Default HTTP port (host:container)
- "2343:2343" # Acceptance Test HTTP port (host:container)
- "2342:2342" # Default HTTP port (host:container)
- "2343:2343" # Acceptance Test HTTP port (host:container)
- "40000:40000" # Go Debugger (host:container)
shm_size: "2gb"
links:
- "traefik:keycloak.traefik.net"
- "traefik:photoprism.traefik.net"
- "traefik:dummy-webdav.traefik.net"
- "traefik:dummy-oidc.traefik.net"
labels:
- "traefik.enable=true"
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
- "traefik.http.routers.photoprism.entrypoints=websecure"
- "traefik.http.routers.photoprism.rule=Host(`photoprism.traefik.net`)"
- "traefik.http.routers.photoprism.tls.domains[0].main=traefik.net"
- "traefik.http.routers.photoprism.tls.domains[0].sans=*.traefik.net"
- "traefik.http.routers.photoprism.tls=true"
environment:
GOPROXY: "https://proxy.golang.org,direct"
PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # The initial admin password (min 4 characters)
PHOTOPRISM_UID: ${UID:-1000}
PHOTOPRISM_GID: ${GID:-1000}
PHOTOPRISM_SITE_URL: "http://localhost:2342/"
PHOTOPRISM_UID: ${UID:-1000} # User ID
PHOTOPRISM_GID: ${GID:-1000} # Group ID
PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # Admin password (min 4 characters)
## External development server URL incl http:// or https:// and /path, :port is optional
PHOTOPRISM_SITE_URL: "https://photoprism.traefik.net/"
PHOTOPRISM_SITE_TITLE: "PhotoPrism"
PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
PHOTOPRISM_SITE_DESCRIPTION: "AI-powered app for browsing, organizing & sharing your photo collection."
PHOTOPRISM_SITE_DESCRIPTION: "AI-Powered Photos App. Tags and finds pictures without getting in your way!"
PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"
PHOTOPRISM_DEBUG: "true"
PHOTOPRISM_READONLY: "false"
@ -69,6 +96,10 @@ services:
PHOTOPRISM_JPEG_SIZE: 7680 # Size limit for converted image files in pixels (720-30000)
PHOTOPRISM_JPEG_QUALITY: 92 # Set to 95 for high-quality thumbnails (25-100)
TF_CPP_MIN_LOG_LEVEL: 0 # Show TensorFlow log messages for development
## OpenID Connect Provider (pre-configured for local Keycloak test server):
PHOTOPRISM_OIDC_ISSUER_URL: "https://keycloak.traefik.net/auth/realms/master"
PHOTOPRISM_OIDC_CLIENT_ID: "photoprism-develop"
PHOTOPRISM_OIDC_CLIENT_SECRET: "9d8351a0-ca01-4556-9c37-85eb634869b9"
## Enable TensorFlow AVX2 support for modern Intel CPUs (requires starting the container as root):
# PHOTOPRISM_INIT: "tensorflow-amd64-avx2"
## Hardware video transcoding config (optional):
@ -98,7 +129,7 @@ services:
ports:
- "4001:4001" # Database port (host:container)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
@ -113,25 +144,73 @@ services:
expose:
- "4001" # Database port (internal)
volumes:
- "./scripts/sql/init-test-databases.sql:/docker-entrypoint-initdb.d/init-test-databases.sql"
- "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
environment:
MYSQL_ROOT_PASSWORD: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: photoprism
MYSQL_DATABASE: photoprism
## Keycloak OpenID Connect Provider
## Test User: user / photoprism
## Test Admin: admin / photoprism
## Docs: https://www.keycloak.org/getting-started/getting-started-docker
keycloak:
image: quay.io/keycloak/keycloak:16.0.0
links:
- "traefik:photoprism.traefik.net"
labels:
- "traefik.enable=true"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.entrypoints=websecure"
- "traefik.http.routers.keycloak.rule=Host(`keycloak.traefik.net`)"
- "traefik.http.routers.keycloak.tls.domains[0].main=traefik.net"
- "traefik.http.routers.keycloak.tls.domains[0].sans=*.traefik.net"
- "traefik.http.routers.keycloak.tls=true"
environment:
KEYCLOAK_USER: "admin"
KEYCLOAK_PASSWORD: "photoprism"
KEYCLOAK_FRONTEND_URL: "https://keycloak.traefik.net/auth"
DB_VENDOR: "mariadb"
DB_PORT: 4001
DB_DATABASE: "keycloak"
DB_USER: "keycloak"
DB_PASSWORD: "keycloak"
## Dummy WebDAV Server
dummy-webdav:
image: photoprism/dummy-webdav:20211109
image: photoprism/dummy-webdav:20211218
environment:
WEBDAV_USERNAME: admin
WEBDAV_PASSWORD: photoprism
labels:
- "traefik.enable=true"
- "traefik.http.services.dummy-webdav.loadbalancer.server.port=80"
- "traefik.http.routers.dummy-webdav.entrypoints=websecure"
- "traefik.http.routers.dummy-webdav.rule=Host(`dummy-webdav.traefik.net`)"
- "traefik.http.routers.dummy-webdav.tls.domains[0].main=traefik.net"
- "traefik.http.routers.dummy-webdav.tls.domains[0].sans=*.traefik.net"
- "traefik.http.routers.dummy-webdav.tls=true"
## Dummy OpenID Connect Server
dummy-oidc:
image: photoprism/dummy-oidc:20211218
labels:
- "traefik.enable=true"
- "traefik.http.services.dummy-oidc.loadbalancer.server.port=9998"
- "traefik.http.routers.dummy-oidc.entrypoints=websecure"
- "traefik.http.routers.dummy-oidc.rule=Host(`dummy-oidc.traefik.net`)"
- "traefik.http.routers.dummy-oidc.tls.domains[0].main=traefik.net"
- "traefik.http.routers.dummy-oidc.tls.domains[0].sans=*.traefik.net"
- "traefik.http.routers.dummy-oidc.tls=true"
## Create named volume for Go module cache
volumes:
go-mod:
driver: local
## Create shared "photoprism-develop" network for connecting with services in other docker-compose.yml files
networks:
default:
name: shared
name: photoprism-develop
driver: bridge

View file

@ -101,7 +101,7 @@ RUN rm -rf /tmp/* && mkdir -p /tmp/photoprism && \
# Copy additional scripts to image
COPY --chown=root:root /docker/scripts/heif-convert.sh /usr/local/bin/heif-convert
COPY --chown=root:root /docker/scripts/Makefile /root/Makefile
COPY --chown=root:root /docker/development/entrypoint.sh /entrypoint.sh
COPY --chown=root:root /docker/develop/entrypoint.sh /entrypoint.sh
# Install Go tools
RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
@ -123,9 +123,9 @@ RUN useradd -m -U -u 1000 -d /photoprism photoprism && chmod a+rwx /photoprism &
chmod 755 /usr/local/bin/heif-convert /entrypoint.sh && \
find /go -type d -print0 | xargs -0 chmod 777
# Copy mysql client config for development
COPY --chown=root:root /docker/development/.my.cnf /root/.my.cnf
COPY --chown=photoprism:photoprism /docker/development/.my.cnf /photoprism/.my.cnf
# Copy mysql client config for develop
COPY --chown=root:root /docker/develop/.my.cnf /root/.my.cnf
COPY --chown=photoprism:photoprism /docker/develop/.my.cnf /photoprism/.my.cnf
RUN chmod 644 /root/.my.cnf /photoprism/.my.cnf
# Set up project directory

View file

@ -93,7 +93,7 @@ RUN rm -rf /tmp/* && mkdir -p /tmp/photoprism && \
# Copy additional scripts to image
COPY --chown=root:root /docker/scripts/heif-convert.sh /usr/local/bin/heif-convert
COPY --chown=root:root /docker/scripts/Makefile /root/Makefile
COPY --chown=root:root /docker/development/entrypoint.sh /entrypoint.sh
COPY --chown=root:root /docker/develop/entrypoint.sh /entrypoint.sh
# Install Go tools
RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \

View file

@ -1,5 +1,5 @@
##################################################### BUILD STAGE ######################################################
FROM photoprism/development:20211210 as build
FROM photoprism/develop:20211218 as build
ARG TARGETARCH
ARG TARGETPLATFORM

View file

@ -1,5 +1,5 @@
##################################################### BUILD STAGE ######################################################
FROM photoprism/development:armv7 as build
FROM photoprism/develop:armv7 as build
ARG TARGETARCH
ARG TARGETPLATFORM

View file

@ -1,21 +0,0 @@
CREATE DATABASE IF NOT EXISTS alpha;
CREATE DATABASE IF NOT EXISTS beta;
CREATE DATABASE IF NOT EXISTS gamma;
CREATE DATABASE IF NOT EXISTS latest;
CREATE DATABASE IF NOT EXISTS preview;
DROP DATABASE IF EXISTS acceptance;
CREATE DATABASE IF NOT EXISTS acceptance;
DROP DATABASE IF EXISTS api;
CREATE DATABASE IF NOT EXISTS api;
DROP DATABASE IF EXISTS config;
CREATE DATABASE IF NOT EXISTS config;
DROP DATABASE IF EXISTS entity;
CREATE DATABASE IF NOT EXISTS entity;
DROP DATABASE IF EXISTS query;
CREATE DATABASE IF NOT EXISTS query;
DROP DATABASE IF EXISTS remote;
CREATE DATABASE IF NOT EXISTS remote;
DROP DATABASE IF EXISTS service;
CREATE DATABASE IF NOT EXISTS service;
DROP DATABASE IF EXISTS workers;
CREATE DATABASE IF NOT EXISTS workers;

2700
scripts/sql/mariadb-init.sql Normal file

File diff suppressed because one or more lines are too long

View file

@ -1,2 +1,9 @@
DROP DATABASE IF EXISTS photoprism;
CREATE DATABASE IF NOT EXISTS photoprism;
DROP DATABASE IF EXISTS acceptance;
CREATE DATABASE IF NOT EXISTS acceptance;
CREATE USER IF NOT EXISTS acceptance@'%' IDENTIFIED BY 'acceptance';
GRANT ALL PRIVILEGES ON acceptance.* TO acceptance@'%';
FLUSH PRIVILEGES;