Tim's blah blah blah

Self Hosted Photo Albums with pigallery2

(Updated: )

After setting up my nextcloud instance (vanwerkhoven.org), I set out to organize my photo albums online. I tried piwigo before (vanwerkhoven.org), but pigallery2 (github.com) is easier to use and is more slick.

Update 20240103: Added instructions on how to upload from iOS

Requirements

I was looking to have a similar experience as commercial/cloud albums, meanning:

Alternatives

New alternatives not investigated:

Setting up pigallery2

  1. Read documentation (github.com)
  2. Get Docker image
    1. Tweak docker-compose.yml settings, prefer to use container without nginx so we can run our reverse proxy ourselves::
    version: '3'
services:
  pigallery2:
    image: bpatrik/pigallery2:latest-debian-buster
    container_name: pigallery2
    environment:
      - NODE_ENV=production
    volumes:
      - "/var/lib/pigallery/config:/app/data/config" # CHANGE ME
      - "/var/lib/pigallery/db-data:/app/data/db" # CHANGE ME
      - "/media/pigalleryphotos:/app/data/images:ro" # CHANGE ME
      - "/var/lib/pigallery/tmp:/app/data/tmp" # CHANGE ME
    ports:
      - 3010:80
    restart: always

volumes:
  db-data:
  3. Run pigallery2 container, tweak settings
    1. Add new user, delete default admin user (for security/ease of use)
    2. Set page title, fix images path (github.com)
    3. Reduce ffmpeg quality: 2mbit/crf28 (good enough)
  4. Add reverse proxy settings in nginx

Configure nextcloud

The actual media files are hosted on Nextcloud, in a folder shared with all users that need write access. This way I can use the nextcloud app to upload new pictures & videos. To use this, I need to enable two things:

  1. Ensure pigallery2 can read the files uploaded to nextcloud
  2. Tweak nextcloud such that it doesn’t overwrite files by default

Share nextcloud folder

However, since Nextcloud runs as a snap, the pigallery2 docker image cannot access the files easily. To solve this, there are three options, I used the mount -o bind version first (option 3), but then changed to the direct reading (option 1) because it creates less clutter in my filesystem.

  1. Option a: use snap data folder. Risk: permissions might be reset on update
    1. Find photo folder: /var/snap/nextcloud/common/nextcloud/data/<user>/files/<folder>
    2. Make http-user accessible (www-data in my case)
    sudo chown root:www-data /var/snap/nextcloud/common/nextcloud
sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data
sudo chmod g-rw /var/snap/nextcloud/common/nextcloud/data
sudo chmod o-rx /var/snap/nextcloud/common/nextcloud/data/${USER}
sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data/${USER}
sudo chmod g-rw /var/snap/nextcloud/common/nextcloud/data/${USER}
sudo chmod o-rx /var/snap/nextcloud/common/nextcloud/data/${USER}/*
sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data/${USER}/files
sudo chmod g-rw /var/snap/nextcloud/common/nextcloud/data/${USER}/files
sudo chmod o-rx /var/snap/nextcloud/common/nextcloud/data/${USER}/files/*
sudo chown root:www-data /var/snap/nextcloud/common/nextcloud/data/${USER}/files/${FOLDER}
  2. Option b: use removable-media folder (/media) to mount. Risk: might expose too many files
    1. See details here (techrepublic.com) and here (masonbee.nz)
  3. Option c: use mount -o bind to make snap folder accessible outside snap without changing access rights: 
    sudo mount -o bind /var/snap/nextcloud/common/nextcloud/data/${USER}/files/${FOLDER}/ /media/${FOLDER}

Prevent nextcloud overwriting files

Update 20240103: Overwriting check has been fixed in the Nextcloud client (a while ago at the time of writing), so this is not required anymore

On the iOS client, if I upload a file photo.jpg, and somebody else uploads a different photo with the same filename, the first file will be overwritten (github.com). This is undesirable (github.com) and cannot be configured out of the box (github.com). To solve, I’m using the Workflow addon to do this manually.

  1. As admin, click on your user icon > Apps > Files category > install ‘Workflow external scripts’ (github.com)
  2. As admin, click on your user icon > Settings > Administration - Flow > Add new flow
    1. Make new flow on file creation
    2. Run script that tests if this happens in the right directory, then rename with date appended.
    3. ???
    4. Profit

While figuring out how to make this workaround, I found a workaround: regularly script on the media file directory. I do this on a macOS client, using macports gfind.

  1. For each file without ‘orig’ in it 1. Get basename without extension 2. Make target filename: add suffix ‘orig’, using mktemp to ensure uniqueness 3. Rename file
gfind * -type f -not -iname "*orig*" | while read -r fname; do
    tgtfile=$(mktemp -u "${fname%.*}-orig-XXX").${fname##*.}
    echo mv -n "${fname}" "${tgtfile}"
    mv -n "${fname}" "${tgtfile}"
done

Configure iOS client

There’s two options to write files to Nextcloud

  1. Via WebDAV (using the built-in iOS Files app)
  2. Via Nextcloud app

Sometimes when sharing images/videos, iOS converts this to ‘compatible’ formats, thereby destroying the metadat (esp the creation time)

Findings:

Format: automatic Format: automatic w/loc Format: current w/loc
Image Video
Nextcloud Original?
WebDAV

#Security #Server #Ubuntu #Unix