Skip to content

Piwigo

Piwigo is a web gallery providing an easy-to-use frontend to share pictures including a user and role management so that pictures can be shared publicly or restricted to certain users / user groups. There are mobile client apps with reponsive design for easy upload and browsing of photos.

Installation

The relevant installation steps comprise setting environment variables in a .env file. Thus, you need to create a hidden file with the name .env (including the '.') containing the following environment variables:

PIWIGO_DB_ROOT_PASSWORD=your_db_root_password
PIWIGO_DB_NAME=your_db_name
PIWIGO_DB_USER=your_db_user
PIWIGO_DB_PASSWORD=your_db_password
PIWIGO_DOMAIN=your_domain

Additionally, the docker-compose file configures a volume for the galleries Piwigo is displaying. This content is kept even when throwing away the Docker image. The path on the host system is

/srv/docker/piwigo/config

Navigating to this directory will show all files, Piwigo uses to display content, thus an existing backup can be restored here (database content needs to be taken care of separately, obviously).

Configuration

The docker-compose file defines two services: the database and the Piwigo application and connects them via the corresponding network configuration.

Database

First, let's start with the database definition: it is a pretty simple and straightforward MariaDB definition that

  • defines the docker image to be downloaded from docker hub
  • provides a name for our service (for easier recognition of the container and navigation e.g. in Portainer)
  • reads all required variables from the .env file mentioned above
  • connects the database to the backend network (no need for the database to be addressed from outside)
  piwigo-db:
    image: jsurf/rpi-mariadb:latest
    container_name: piwigo-db
    restart: unless-stopped
    volumes:
      - /srv/docker/piwigo/mariadb_var:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${PIWIGO_DB_ROOT_PASSWORD}
      - MYSQL_DATABASE=${PIWIGO_DB_NAME}
      - MYSQL_USER=${PIWIGO_DB_USER}
      - MYSQL_PASSWORD=${PIWIGO_DB_PASSWORD}

    networks:
      - backend

Application

For the Piwigo application we need to do a little more. However, the configuration is still pretty straightforward as it:

  • defines the docker image to be downloaded from docker hub
  • provides a name for our service (for easier recognition of the container and navigation e.g. in Portainer)
  • creates a volume to map the Piwigo content into the container keeping its content also when throwing away the Docker image
  • sets a few environment variables like the time zone, we are in and the file system user (PUID) and group (PGID) id's for file system access to the volume mentioned above
  piwigo-app:
    image: linuxserver/piwigo
    container_name: piwigo-app
    restart: unless-stopped
    volumes:
      - /srv/docker/piwigo/config:/config
    links:
      - piwigo-db
    depends_on:
      - piwigo-db
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.piwigo.entrypoints=web-secure"
      - "traefik.http.routers.piwigo.rule=Host(`${PIWIGO_DOMAIN}`)"
      - "traefik.http.routers.piwigo.tls=true"
      - "traefik.http.routers.piwigo.tls.certresolver=default"
      - "traefik.http.services.piwigo.loadbalancer.server.port=80"
    networks:
      - traefik_proxy
      - backend

A little more interesting is the Traefik configuration done via labels. First, we enable Traefik to act as a proxy for this respective service by setting the label traefik.enable to true.

Then we define the web-secure entrypoint for encrypted traffic (there is no need to do that for the unencrypted web entrypoint on port 80, since our Traefik configuration catches and redirects all unencrypted traffic to web-secure on port 443).

Most important is the router configuration which domains Traefik shall route to the container for Piwigo to serve the content: here all requests directed to the domain as configured in the environment variable PIWIGO_DOMAIN (e.g. gallery.example.org).

The encryption via Let's Encrypt is enabled via the corresponding labels with the default resolver. This is being handled via Traefik as defined in the configuration of the Traefik container (via ACME).

Last, but not least, Piwigo is connected both to the traefik_proxy network so that is reachable from the internet and the backend network to ensure database connectivity.

Network

Last, but not least, we refer to the existing external networks... they need to exist as outlined here.

networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  backend:
    external:
      name: backend