#  USING LET'S ENCRYPT HTTPS
#  -------------------------------------------------------------------------
#
#  If your server has a public domain name, please disable the self-signed
#  certificate and enable domain based routing in docker-compose.yml and
#  traefik.yaml (see inline instructions in !! UPPERCASE !!):
#
#    ssh root@<YOUR SERVER IP>
#    cd /opt/photoprism
#    nano docker-compose.yml
#    nano traefik.yaml
#    docker-compose stop
#    docker-compose up -d
#
#  You should now be able to access your instance without security warnings.
#  -------------------------------------------------------------------------

# Uncomment to enable debug mode:
# log:
#  level: DEBUG

serversTransport:
  # Required to proxy services with self-signed HTTPS certificates:
  insecureSkipVerify: true
  # !! REMOVE when using Let's Encrypt HTTPS !!
  rootCAs:
    - "/certs/ca.crt"

# Open ports ond protocols (HTTP will be redirected to HTTPS):
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

certificatesResolvers:
  myresolver:
    # See https://doc.traefik.io/traefik/https/acme/
    acme:
      # !! REPLACE "info@yourdomain.com" with your actual email address for Let's Encrypt HTTPS !!
      email: info@yourdomain.com
      storage: /data/letsencrypt.json
      httpChallenge:
        entryPoint: web

providers:
  # !! REMOVE file provider when using Let's Encrypt HTTPS !!
  file:
    filename: "/certs/config.yml"
    watch: true
  # Always keep this:
  docker:
    exposedByDefault: false
    watch: true

# Traefik API & dashboard are disabled by default for security reasons:
api:
  insecure: false
  dashboard: false