Differences

This shows you the differences between two versions of the page.

--- public:paperless [2025/08/27 14:16] – appended loopback-only instructions daniel
+++ public:paperless [2025/09/02 02:49] (current) – Inserted missing index.html specification daniel
@@ Line 13: / Line 13: @@
 Log out and back in
-Referencing [[https://docs.paperless-ngx.com/setup/#docker_script|docs.paperless-ngx.com]], as a non-privileged user, fetch the Paperless-NGX Docker image and spawn a container from it:
+Referencing [[https://docs.paperless-ngx.com/setup/#docker_script|docs.paperless-ngx.com]], as a non-privileged user, provision Paperless using the //installation script//:
   * **Database:** //sqlite//
-  * **URL:** //[blank] (default)//
   * Accept all other defaults
@@ Line 34: / Line 33: @@
   sudo systemctl start docker
-Bind Paperless-NGX exclusively to loopback interface:
+===Place Paperless-NGX Behind Apache Reverse Proxy===
-  In /home/jdoe/paperless-ngx/docker-compose.yml, upsert:
+In /home/jdoe/paperless-ngx/docker-compose.yml, upsert...
-    - "127.0.0.1:8000:8000"
-    - "[::1]:8000:8000"
+Under //webserver// > //ports//
+  "127.0.0.1:8000:8000"
+  "[::1]:8000:8000"
+Under //webserver// > //environment//
+  PAPERLESS_URL: https://mysite.example.com
+Install, start Apache and certbot
+  sudo apt install apache2
+  sudo apt install certbot python3-certbot-apache
+  sudo systemctl start apache2
+In /etc/apache2/apache2.conf, below the //<Direcotry /var/www/html>// block, add:
+  Alias /.well-known/acme-challenge/ "/var/www/letsencrypt/.well-known/acme-challenge/"
+Install Apache modules
+  sudo a2enmod proxy proxy_http ssl
+  sudo systemctl restart apache2
+Create vhost directories
+  sudo mkdir -p /var/www/mysite/
+  sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge/
+Into /var/www/mysite/index.html, write
+  <html>
+  <head>
+    <meta http-equiv="Refresh" content="0; url='https://mysite.example.com/'" />
+  </head>
+  <body>
+    HTTP disabled. Try <a href="https://mysite.example.com/">https://mysite.example.com/</a>
+  </body>
+  </html>
+Discard or comment all lines in /etc/apache2/sites-enabled/000-default.conf
+Into /etc/apache2/sites-enabled/mysite.conf, upsert
+  <VirtualHost *:80 [::]:80>
+    ServerAdmin root@example.de
+    DocumentRoot /var/www/mysite
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    ServerName mysite.example.com
+  </VirtualHost>
+Restart Apache
+  sudo /usr/sbin/apachectl restart
+Fetch test, production certificate
+  sudo certbot certonly --test-cert --webroot -w /var/www/letsencrypt/ --agree-tos -d mysite.example.com
+  sudo certbot certonly --webroot -w /var/www/letsencrypt/ --agree-tos -d mysite.example.com
+To /etc/apache2/sites-enabled/mysite.conf, append
+  <VirtualHost *:443 [::]:443>
+    ServerAdmin root@example.com
+    DocumentRoot /var/www/mysite
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    ServerName mysite.example.com
+    SSLEngine On
+    SSLProxyEngine On
+    ProxyPreserveHost On
+    ProxyRequests Off
+    ProxyPass / http://localhost:8000/
+    ProxyPassReverse / http://localhost:8000/
+    SSLCertificateFile /etc/letsencrypt/live/mysite.example.com/cert.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/mysite.example.com/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/mysite.example.com/chain.pem
+  </VirtualHost>
+Restart Apache
+  sudo /usr/sbin/apachectl restart