Skip to main content

Paperless - Document Management

Description

Paperless-NGX is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.

Deployment details

Access

Paperless-NGX is published by the Secure Web Application Gateway at swag.kasad.com/paperless-ngx. It is protected by Cloudflare Zero Trust and requires authentication/authorization to access.

Docker Compose stack

Paperless-NGX only requires one Docker container, lscr.io/linuxserver/paperless-ngx:latest (one of the LinuxServer.io images).

Docker Compose file:

version: "2.1"

services:
  paperless-ngx:
    image: lscr.io/linuxserver/paperless-ngx:latest
    container_name: paperless-ngx
    environment:
      - PUID=942 # paperless
      - PGID=941 # servlets
      - TZ=America/Los_Angeles
      - UMASK=002
      - PAPERLESS_FORCE_SCRIPT_NAME=/paperless-ngx
      - PAPERLESS_STATIC_URL=/paperless-ngx/static/
      - PAPERLESS_CORS_ALLOWED_HOSTS=https://swag.kasad.com
      - PAPERLESS_ALLOWED_HOSTS=localhost,swag.kasad.com
      - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://swag.kasad.com
    volumes:
      - ./config:/config
      - ./data:/data
    restart: unless-stopped
    networks:
      - default
      - swag

networks:
  swag:
    name: swag_default
    external: true

Configuration

Paperless-NGX does not require much configuration. The only change I had to make was forcing it to be hosted on a non-root path. This was done by setting the PAPERLESS_FORCE_SCRIPT_NAME and PAPERLESS_STATIC_UTL environment variables for the container.

This change is required because the Paperless-NGX instance is published at the path /paperless-ngx/ through the SWAG.

Problems

User management

Unlike every other web app running on kasad.com, Paperless-NGX does not support separate users. It does require a username and password to log in, but all "users" have access to all documents. This means only one person can use the Paperless instance (or multiple people could, but not for sensitive/private documents).

No SSO support

Because it doesn't support user management, Paperless-NGX also doesn't support SSO implementations like OpenID Connect, meaning it is not possible to sign in using Authelia.

Alternatives

Because of the user management problem, I will switch to Mayan EDMS in the future. However, Mayan EDMS requires a more complicated software stack, so it might be difficult to set up.