name: digikam secrets: digikam_mariadb_database_name: file: ${SECRETSDIR}/digikam_mariadb_database_name digikam_mariadb_username: file: ${SECRETSDIR}/digikam_mariadb_username digikam_mariadb_password: file: ${SECRETSDIR}/digikam_mariadb_password digikam_mariadb_root_password: file: ${SECRETSDIR}/digikam_mariadb_root_password networks: traefik-net: external: true digikam-net: external: true services: digikam: image: lscr.io/linuxserver/digikam:latest hostname: ${APPLICATION_NAME} env_file: .digikam.env restart: unless-stopped depends_on: - mariadb # https://github.com/linuxserver/docker-baseimage-kasmvnc # deploy: # resources: # reservations: # devices: # - driver: nvidia # count: 1 # #device_ids: # # - "GPU-b9bf37c1-f8c9-201c-3456-0aa35381be42" # capabilities: [compute,video,graphics,utility] volumes: - /etc/localtime:/etc/localtime:ro - "${DATADIR}/config:/config" - "${MEDIADIR}/Pictures:/config/Pictures" networks: - traefik-net - digikam-net # https://github.com/linuxserver/docker-baseimage-kasmvnc#lossless # nginx config # add_header 'Cross-Origin-Embedder-Policy' 'require-corp'; # add_header 'Cross-Origin-Opener-Policy' 'same-origin'; # add_header 'Cross-Origin-Resource-Policy' 'same-site'; # # trying out following to see if they are working traefik equivalents with inspiration from https://community.traefik.io/t/setting-cross-origin-headers/22239/2 # https://doc.traefik.io/traefik/middlewares/http/headers/ # labels: # - "traefik.http.middlewares.middleware-cross-origin.headers.customResponseHeaders.Cross-Origin-Embedder-Policy=require-corp" # - "traefik.http.middlewares.middleware-cross-origin.headers.customResponseHeaders.Cross-Origin-Opener-Policy=same-origin" # - "traefik.http.middlewares.middleware-cross-origin.headers.customResponseHeaders.Cross-Origin-Resource-Policy=same-site" labels: - traefik.enable=true - traefik.docker.network=traefik-net # - "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true" - "traefik.http.middlewares.${APPLICATION_NAME}-cross-origin.headers.customResponseHeaders.Cross-Origin-Embedder-Policy=require-corp" - "traefik.http.middlewares.${APPLICATION_NAME}-cross-origin.headers.customResponseHeaders.Cross-Origin-Opener-Policy=same-origin" - "traefik.http.middlewares.${APPLICATION_NAME}-cross-origin.headers.customResponseHeaders.Cross-Origin-Resource-Policy=same-site" # - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}" # - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web" - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect" # - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc" # - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver" # - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-cross-origin" # - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc" mariadb: image: mariadb:latest restart: unless-stopped env_file: .mariadb.env hostname: mariadb volumes: - "${DATADIR}/mariadb:/config" secrets: - digikam_mariadb_database_name - digikam_mariadb_username - digikam_mariadb_password - digikam_mariadb_root_password networks: - digikam-net