Paperless - Document Management
Paperless-NGX is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
Paperless-NGX is published by the Secure Web Application Gateway at swag.kasad.com/paperless-ngx. It is protected by Cloudflare Zero Trust and requires authentication/authorization to access.
Docker Compose stack
Paperless-NGX only requires one Docker container,
lscr.io/linuxserver/paperless-ngx:latest (one of the LinuxServer.io images).
Docker Compose file:
version: "2.1" services: paperless-ngx: image: lscr.io/linuxserver/paperless-ngx:latest container_name: paperless-ngx environment: - PUID=942 # paperless - PGID=941 # servlets - TZ=America/Los_Angeles - UMASK=002 - PAPERLESS_FORCE_SCRIPT_NAME=/paperless-ngx - PAPERLESS_STATIC_URL=/paperless-ngx/static/ - PAPERLESS_CORS_ALLOWED_HOSTS=https://swag.kasad.com - PAPERLESS_ALLOWED_HOSTS=localhost,swag.kasad.com - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://swag.kasad.com volumes: - ./config:/config - ./data:/data restart: unless-stopped networks: - default - swag networks: swag: name: swag_default external: true
Paperless-NGX does not require much configuration.
The only change I had to make was forcing it to be hosted on a non-root path. This was done by setting the
PAPERLESS_STATIC_UTL environment variables for the container.
This change is required because the Paperless-NGX instance is published at the path
/paperless-ngx/ through the SWAG.
Unlike every other web app running on kasad.com, Paperless-NGX does not support separate users. It does require a username and password to log in, but all "users" have access to all documents. This means only one person can use the Paperless instance (or multiple people could, but not for sensitive/private documents).
No SSO support
Because it doesn't support user management, Paperless-NGX also doesn't support SSO implementations like OpenID Connect, meaning it is not possible to sign in using Authelia.