Paperless - Document Management
Paperless-NGX is no longer being hosted on kasad.com because it did not see much use.
Description
Paperless-NGX is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
Deployment details
Access
Paperless-NGX is published by the Secure Web Application Gateway at swag.kasad.com/paperless-ngx. It is protected by Cloudflare Zero Trust and requires authentication/authorization to access.
Docker Compose stack
Paperless-NGX only requires one Docker container, lscr.io/linuxserver/paperless-ngx:latest
(one of the LinuxServer.io images).
Docker Compose file:
version: "2.1"
services:
paperless-ngx:
image: lscr.io/linuxserver/paperless-ngx:latest
container_name: paperless-ngx
environment:
- PUID=942 # paperless
- PGID=941 # servlets
- TZ=America/Los_Angeles
- UMASK=002
- PAPERLESS_FORCE_SCRIPT_NAME=/paperless-ngx
- PAPERLESS_STATIC_URL=/paperless-ngx/static/
- PAPERLESS_CORS_ALLOWED_HOSTS=https://swag.kasad.com
- PAPERLESS_ALLOWED_HOSTS=localhost,swag.kasad.com
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://swag.kasad.com
volumes:
- ./config:/config
- ./data:/data
restart: unless-stopped
networks:
- default
- swag
networks:
swag:
name: swag_default
external: true
Configuration
Paperless-NGX does not require much configuration.
The only change I had to make was forcing it to be hosted on a non-root path. This was done by setting the PAPERLESS_FORCE_SCRIPT_NAME
and PAPERLESS_STATIC_UTL
environment variables for the container.
This change is required because the Paperless-NGX instance is published at the path /paperless-ngx/
through the SWAG.
Problems
User management
Unlike every other web app running on kasad.com, Paperless-NGX does not support separate users. It does require a username and password to log in, but all "users" have access to all documents. This means only one person can use the Paperless instance (or multiple people could, but not for sensitive/private documents).
No SSO support
Because it doesn't support user management, Paperless-NGX also doesn't support SSO implementations like OpenID Connect, meaning it is not possible to sign in using Authelia.
Alternatives
Because of the user management problem, I will switch to Mayan EDMS in the future. However, Mayan EDMS requires a more complicated software stack, so it might be difficult to set up.
No Comments