digiKam is an advanced open-source digital photo management application that runs on Linux, Windows, and MacOS. The application provides a comprehensive set of tools for importing, managing, editing, and sharing photos and raw files.

This setup will focus on creating a docker-based reverse proxy, enforcing SSL for all connections to docker containers using Let’s Encrypt.

See digiKam Docker and Documentation



Docker Creation

digiKam runs a web GUI and a VNC server. We will only access the web GUI through the reverse proxy with authentication.

  • Local storage should be locked down to prevent sensitive data from leaking.

Docker Compose
 image: rpufky/digiKam:stable
 restart: unless-stopped
   - USER_ID=1000
   - GROUP_ID=1000
   - UMASK=022
   - TZ=America/Los_Angeles
   - /my/docker/service/config:/config
   - /my/photo/location:/data
   - /etc/localtime:/etc/localtime:ro
  • Docker container should be run in an isolated network given the sensitive nature of the data and to prevent VNC server access.

  • Additional environment settings here.

Reverse Proxy Setup

Allows you to isolate your containers as well as wrap connections in SSL. See NGINX for more details. See Setup Base Proxy Control for basic proxy configuration.

Using Subdomains

0644 root root nginx/conf.d/reverse-proxy.conf
server {
  listen                        443 ssl http2;
  server_name                   digikam.{DOMAIN} digiKam;

  location / {
    proxy_bind                  {PROXY IP ON DIGIKAM NETWORK};
    include                     /etc/nginx/conf.d/site-auth.conf;
    proxy_pass                  http://digiKam:5800/;
    include                     /etc/nginx/conf.d/proxy-control.conf;

  location /websockify {
    proxy_bind                  {PROXY IP ON DIGIKAM NETWORK};
    include                     /etc/nginx/conf.d/site-auth.conf;
    proxy_pass                  http://digikam:5800;
    include                     /etc/nginx/conf.d/proxy-control.conf;
    proxy_set_header Upgrade    $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

Initial Setup

Start digiKam and setup the initial configuration location and database. This only needs to be done on initial container creation. Only two sections are required for basic functionality: