Develop: Change default Site URL to use HTTPS as required for OIDC #782

Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-01-23 02:24:24 +00:00 · 2024-06-28 00:21:19 +02:00 · 2024-06-28 00:21:19 +02:00 · e70702162f
commit e70702162f
parent 4bf08ad6de
3 changed files with 26 additions and 19 deletions
--- a/compose.yaml
+++ b/compose.yaml
@ -39,7 +39,7 @@ services:
      ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
      PHOTOPRISM_UID: ${UID:-1000}                         # user id, should match your host user id
      PHOTOPRISM_GID: ${GID:-1000}                         # group id
-      ## Access Management
+      ## Access Management:
      PHOTOPRISM_ADMIN_USER: "admin"                       # admin login username
      PHOTOPRISM_ADMIN_PASSWORD: "photoprism"              # initial admin password (8-72 characters)
      PHOTOPRISM_AUTH_MODE: "password"                     # authentication mode (public, password)
@ -61,8 +61,12 @@ services:
      PHOTOPRISM_LDAP_ROLE: ""
      PHOTOPRISM_LDAP_ROLE_DN: "ou=photoprism-*,ou=groups,dc=localssl,dc=dev"
      PHOTOPRISM_LDAP_WEBDAV_DN: "ou=photoprism-webdav,ou=groups,dc=localssl,dc=dev"
-      ## Site Information
-      PHOTOPRISM_SITE_URL: "http://localhost:2342/"    # server URL in the format "http(s)://domain.name(:port)/(path)"
+      ## HTTPS/TLS Options:
+      ## see https://docs.photoprism.app/getting-started/using-https/
+      PHOTOPRISM_DISABLE_TLS: "true"
+      PHOTOPRISM_DEFAULT_TLS: "true"
+      ## Site Information:
+      PHOTOPRISM_SITE_URL: "https://app.localssl.dev/"    # server URL in the format "http(s)://domain.name(:port)/(path)"
      PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
      PHOTOPRISM_SITE_DESCRIPTION: "Tags and finds pictures without getting in your way!"
      PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"
--- a/internal/config/config_tls_test.go
+++ b/internal/config/config_tls_test.go
@ -31,23 +31,29 @@ func TestConfig_TLSEmail(t *testing.T) {
 func TestConfig_TLSCert(t *testing.T) {
 	c := NewConfig(CliTestContext())

-	c.options.DefaultTLS = false
-	assert.Equal(t, "", c.TLSCert())
-	c.options.DefaultTLS = true
-	assert.True(t, strings.HasSuffix(c.TLSCert(), "photoprism.crt"))
-	c.options.DefaultTLS = false
-	assert.Equal(t, "", c.TLSCert())
-}
-
-func TestConfig_TLSKey(t *testing.T) {
-	c := NewConfig(CliTestContext())
+	// Remember original values.
+	defaultTls := c.options.DefaultTLS
+	disableTls := c.options.DisableTLS

 	c.options.DefaultTLS = false
+	c.options.DisableTLS = true
+	assert.Equal(t, "", c.TLSCert())
+	assert.Equal(t, "", c.TLSKey())
+	c.options.DisableTLS = false
+	assert.Equal(t, "", c.TLSCert())
 	assert.Equal(t, "", c.TLSKey())
 	c.options.DefaultTLS = true
+	assert.NotEmpty(t, c.TLSCert())
+	assert.NotEmpty(t, c.TLSKey())
+	assert.True(t, strings.HasSuffix(c.TLSCert(), "photoprism.crt"))
 	assert.True(t, strings.HasSuffix(c.TLSKey(), "photoprism.key"))
 	c.options.DefaultTLS = false
+	assert.Equal(t, "", c.TLSCert())
 	assert.Equal(t, "", c.TLSKey())
+
+	// Restore original values.
+	c.options.DefaultTLS = defaultTls
+	c.options.DisableTLS = disableTls
 }

 func TestConfig_TLS(t *testing.T) {
--- a/scripts/dist/install-https.sh
+++ b/scripts/dist/install-https.sh
@ -11,13 +11,10 @@ if [[ $(id -u) != "0" ]]; then
  exit 1
 fi

-# Abort if PHOTOPRISM_DEFAULT_TLS is "false" or PHOTOPRISM_DISABLE_TLS is "true".
+# Do not proceed if PHOTOPRISM_DEFAULT_TLS is "false".
 if [[ ${PHOTOPRISM_DEFAULT_TLS} = "false" ]]; then
   echo "Creation of a default HTTPS/TLS certificate is skipped because PHOTOPRISM_DEFAULT_TLS is \"false\"."
   exit 0
-elif [[ ${PHOTOPRISM_DISABLE_TLS} = "true" ]]; then
-   echo "Creation of a default HTTPS/TLS certificate is skipped because PHOTOPRISM_DISABLE_TLS is \"true\"."
-   exit 0
 fi

 # shellcheck disable=SC2164
@ -25,13 +22,13 @@ CONF_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/openssl"
 CERTS_PATH="/etc/ssl/certs"
 KEY_PATH="/etc/ssl/private"

-# Abort if certificate files already exist.
+# Do not create self-signed certificate if it already exists.
 if [ -f "$CERTS_PATH/photoprism.issuer.crt" ] && [ -f "$KEY_PATH/photoprism.key" ]; then
    echo "Default HTTPS/TLS certificate already exists."
    exit 0
 fi

-# Start creating a self-signed certificate.
+# Create self-signed certificate.
 echo "Creating a default HTTPS/TLS certificate."

 mkdir -p "${CERTS_PATH}" "${KEY_PATH}"