Tim's blah blah blah

Self Hosted Photo Albums with pigallery2

After setting up my nextcloud instance, I set out to organize my photo albums online. I tried piwigo before, but pigallery2 is easier to use and is more slick.

Requirements

I was looking to have a similar experience as commercial/cloud albums, meanning:

Alternatives

Setting up pigallery2

  1. Read documentation
  2. Get Docker image
    1. Tweak docker-compose.yml settings, prefer to use container without nginx so we can run our reverse proxy ourselves::
    version: '3'
    services:
      pigallery2:
        image: bpatrik/pigallery2:latest-debian-buster
        container_name: pigallery2
        environment:
          - NODE_ENV=production
        volumes:
          - "/var/lib/pigallery/config:/app/data/config" # CHANGE ME
          - "/var/lib/pigallery/db-data:/app/data/db" # CHANGE ME
          - "/media/pigalleryphotos:/app/data/images:ro" # CHANGE ME
          - "/var/lib/pigallery/tmp:/app/data/tmp" # CHANGE ME
        ports:
          - 3010:80
        restart: always
    
    volumes:
      db-data:
    
  3. Run pigallery2 container, tweak settings
    1. Add new user, delete default admin user (for security/ease of use)
    2. Set page title, fix images path
    3. Reduce ffmpeg quality: 2mbit/crf28 (good enough)
  4. Add reverse proxy settings in nginx

Share nextcloud folder

The actual media files are hosted on Nextcloud, in a folder shared which each user that needs write access. This way I can use their app to upload new pictures & videos. However, since Nextcloud runs as a snap, the pigallery2 docker image cannot access the files easily. To solve this, there are three options, I use the mount -o bind version.

  1. Option a: use snap data folder. Risk: permissions might be reset on update
    1. Find photo folder: /var/snap/nextcloud/common/nextcloud/data/<user>/files/<folder>
    2. Make http-user accessible (www-data in my case)
    sudo chown root:www-data /var/snap/nextcloud/common/nextcloud
    sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data
    sudo chmod g-rw /var/snap/nextcloud/common/nextcloud/data
    sudo chmod o-rx /var/snap/nextcloud/common/nextcloud/data/<user>
    sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data/<user>
    sudo chmod g-rw /var/snap/nextcloud/common/nextcloud/data/<user>
    sudo chmod o-rx /var/snap/nextcloud/common/nextcloud/data/<user>/*
    sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data/<user>/files
    sudo chmod g-rw /var/snap/nextcloud/common/nextcloud/data/<user>/files
    sudo chmod o-rx /var/snap/nextcloud/common/nextcloud/data/<user>/files/*
    sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data/<user>/files/<folder>
    
  2. Option b: use removable-media folder (/media) to mount. Risk: might expose too many files
    1. See details here and here
  3. Option c: use mount -o bind to make snap folder accessible outside snap without changing access rights:
    sudo mount -o bind /var/snap/nextcloud/common/nextcloud/data/<user>/files/<folder>/ /media/<folder>
    

#security #server #ubuntu #unix