Paperless - Document Management

Paperless-NGX is no longer being hosted on kasad.com because it did not see much use.

Description

Paperless-NGX is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.

Deployment details

Access

Paperless-NGX is published by the Secure Web Application Gateway at swag.kasad.com/paperless-ngx. It is protected by Cloudflare Zero Trust and requires authentication/authorization to access.

Docker Compose stack

Paperless-NGX only requires one Docker container, lscr.io/linuxserver/paperless-ngx:latest (one of the LinuxServer.io images).

Docker Compose file:

version: "2.1"

services:
  paperless-ngx:
    image: lscr.io/linuxserver/paperless-ngx:latest
    container_name: paperless-ngx
    environment:
      - PUID=942 # paperless
      - PGID=941 # servlets
      - TZ=America/Los_Angeles
      - UMASK=002
      - PAPERLESS_FORCE_SCRIPT_NAME=/paperless-ngx
      - PAPERLESS_STATIC_URL=/paperless-ngx/static/
      - PAPERLESS_CORS_ALLOWED_HOSTS=https://swag.kasad.com
      - PAPERLESS_ALLOWED_HOSTS=localhost,swag.kasad.com
      - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://swag.kasad.com
    volumes:
      - ./config:/config
      - ./data:/data
    restart: unless-stopped
    networks:
      - default
      - swag

networks:
  swag:
    name: swag_default
    external: true

Configuration

Paperless-NGX does not require much configuration. The only change I had to make was forcing it to be hosted on a non-root path. This was done by setting the PAPERLESS_FORCE_SCRIPT_NAME and PAPERLESS_STATIC_UTL environment variables for the container.

This change is required because the Paperless-NGX instance is published at the path /paperless-ngx/ through the SWAG.

Problems

User management

Unlike every other web app running on kasad.com, Paperless-NGX does not support separate users. It does require a username and password to log in, but all "users" have access to all documents. This means only one person can use the Paperless instance (or multiple people could, but not for sensitive/private documents).

No SSO support

Because it doesn't support user management, Paperless-NGX also doesn't support SSO implementations like OpenID Connect, meaning it is not possible to sign in using Authelia.

Alternatives

Because of the user management problem, I will switch to Mayan EDMS in the future. However, Mayan EDMS requires a more complicated software stack, so it might be difficult to set up.

Web App Overview

Automatic Start-up with systemd

Sending Emails from Web Apps

Permissions for Persistent Storage Volumes

Secure Web Application Gateway

Authentik - Identity & SSO Provider

Guacamole - Remote Access

BookStack - Personal wiki

Portainer - Container Manager

Bitwarden - Password Manager

Jellyfin - Media Streaming

VPN

Syncthing

SSH

Email

Postfix

Dovecot

DKIM Milter

[Superseded] Authelia - Authentication & SSO

Heimdall - App Launcher

Vikunja - Task Manager & To-Do List

Paperless - Document Management

Send - Temporary File Sharing

Paperless - Document Management

Description

Deployment details

Access

Docker Compose stack

Configuration

Problems

User management

No SSO support

Alternatives

No Comments