Hardening

docker-compose.yml

@@ -37,9 +37,9 @@ services:
     # https://docs.photoprism.org/getting-started/faq/#why-is-photoprism-getting-stuck-in-a-restart-loop
     restart: unless-stopped
     container_name: photoprism
-    security_opt:
+      #    security_opt:
-      - seccomp:unconfined
+      #      - seccomp:unconfined
-      - apparmor:unconfined
+        #      - apparmor:unconfined
     ports:
       - 2342:2342 # [local port]:[container port]
     environment:
@@ -69,11 +69,11 @@ services:
       PHOTOPRISM_SITE_AUTHOR: ""
       # You may optionally set a user / group id using environment variables if your Docker version or NAS does not
       # support this natively (see next example):
-      # UID: 1000
+      UID: 1000
-      # GID: 1000
+      GID: 1000
       # UMASK: 0000
     # Uncomment and edit the following line to set a specific user / group id (native):
-    # user: "1000:1000"
+    user: "1000:1000"
     volumes:
       # Your photo and video files ([local path]:[container path]):
       - "/Red-Vol/Media/Pictures:/photoprism/originals"
@@ -98,9 +98,9 @@ services:
     container_name: photoprism_db
     image: mariadb:latest #10.6
     restart: unless-stopped
-    security_opt:
+      #    security_opt:
-      - seccomp:unconfined
+      #      - seccomp:unconfined
-      - apparmor:unconfined
+        #      - apparmor:unconfined
     command: mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=50 --innodb-buffer-pool-size=2G
     volumes: # Don't remove permanent storage for index database files!
       - "./database:/var/lib/mysql"