digiKam

digiKam is an advanced open-source digital photo management application that runs on Linux, Windows, and MacOS. The application provides a comprehensive set of tools for importing, managing, editing, and sharing photos and raw files.

This setup will focus on creating a docker-based reverse proxy, enforcing SSL for all connections to docker containers using Let’s Encrypt.

See digiKam Docker and Documentation

Ports

digiKam Ports

Port

Protocol

Type

Purpose

443

TCP

PUBLIC

HTTPS connections

5800

TCP

PRIVATE

websocket webGUI

5900

TCP

PRIVATE

VNC server

Updated: None

Files

digiKam Files

Location

Purpose

/config

All digiKam configuration

/data

Media location

Updated: None

Docker Creation

digiKam runs a web GUI and a VNC server. We will only access the web GUI through the reverse proxy with authentication.

  • Local storage should be locked down to prevent sensitive data from leaking.

Docker Compose
digiKam:
 image: rpufky/digiKam:stable
 restart: unless-stopped
 environment:
   - USER_ID=1000
   - GROUP_ID=1000
   - UMASK=022
   - TZ=America/Los_Angeles
   - KEEP_APP_RUNNING=1
   - DISPLAY_WIDTH=1920
   - DISPLAY_HEIGHT=1080
   - ENABLE_CJK_FONT=1
 volumes:
   - /my/docker/service/config:/config
   - /my/photo/location:/data
   - /etc/localtime:/etc/localtime:ro

  • Docker container should be run in an isolated network given the sensitive nature of the data and to prevent VNC server access.

  • Additional environment settings here.

Reverse Proxy Setup

Allows you to isolate your containers as well as wrap connections in SSL. See NGINX for more details. See Setup Base Proxy Control for basic proxy configuration.

Using Subdomains

0644 root root nginx/conf.d/reverse-proxy.conf
server {
  listen                        443 ssl http2;
  server_name                   digikam.{DOMAIN} digiKam;

  location / {
    proxy_bind                  {PROXY IP ON DIGIKAM NETWORK};
    include                     /etc/nginx/conf.d/site-auth.conf;
    proxy_pass                  http://digiKam:5800/;
    include                     /etc/nginx/conf.d/proxy-control.conf;
  }

  location /websockify {
    proxy_bind                  {PROXY IP ON DIGIKAM NETWORK};
    include                     /etc/nginx/conf.d/site-auth.conf;
    proxy_pass                  http://digikam:5800;
    include                     /etc/nginx/conf.d/proxy-control.conf;
    proxy_set_header Upgrade    $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
}

Initial Setup

Start digiKam and setup the initial configuration location and database. This only needs to be done on initial container creation. Only two sections are required for basic functionality:

Image Location

Image Location

Configure where you keep your images

/data

Updated: None

Database Location

Configure where you will store databases

Option

SQLLite

Type

/config

Updated: None