Config Options

PhotoPrism® Plus includes the following additional config options, as well as more secure default settings to protect your instance by blocking vulnerability scanners and preventing the exploitation of newly discovered issues.

Environment CLI Flag Default Description
PHOTOPRISM_STS_SECONDS --sts-seconds 31536000 TIME for the browser to remember that the site is to be accessed only via HTTPS (0 to disable) plus
PHOTOPRISM_STS_SUBDOMAINS --sts-subdomains rule applies to all subdomains as well plus
PHOTOPRISM_STS_PRELOAD --sts-preload submit to Google's HSTS preload service plus
PHOTOPRISM_LOGIN_LIMIT --login-limit 10 maximum number of consecutive failed LOGIN ATTEMPTS from a single IP plus
PHOTOPRISM_LOGIN_INTERVAL --login-interval 1m0s average DURATION between failed LOGIN attempts from a single IP (0-86400s) plus
PHOTOPRISM_IPS_LIMIT --ips-limit 3 maximum number of malicious request ATTEMPTS before a client IP is blocked (-1 to disable) plus
PHOTOPRISM_IPS_INTERVAL --ips-interval 1h0m0s average DURATION between malicious request attempts from a single IP (0-86400s) plus
PHOTOPRISM_HTTP_CSP --http-csp HTTP Content-Security-Policy (CSP) HEADERplus
PHOTOPRISM_HTTP_CTO --http-cto nosniff HTTP X-Content-Type-Options HEADERplus
PHOTOPRISM_HTTP_COOP --http-coop same-origin HTTP Cross-Origin-Opener-Policy (COOP) HEADERplus
PHOTOPRISM_HTTP_REFERRER_POLICY --http-referrer-policy same-origin HTTP Referrer-Policy HEADERplus
PHOTOPRISM_HTTP_FRAME_OPTIONS --http-frame-options DENY HTTP X-Frame-Options HEADERplus
PHOTOPRISM_HTTP_XSS_PROTECTION --http-xss-protection 1; mode=block HTTP X-XSS-Protection HEADERplus
PHOTOPRISM_HTTP_HOSTNAME --http-hostname serve requests for this HOSTNAME only plus

Using a Reverse Proxy

Providing these additional config options is a special service we offer to our members. However, advanced users can set the same web security headers in combination with a reverse proxy running in front of their instances if they did not sign up for a membership or have special requirements.

Should you decide to use alternative solutions, such as deploying a proxy or a web application firewall (WAF) in front of PhotoPrism, please note that our team will not be able to provide you with technical support and we recommend this only if you have the experience required.

PhotoPrism® Documentation

For detailed information on specific product features, services, and related resources, see our Knowledge Base, or read the User Guide for help using the web user interface: