diff --git a/docs/configuration.md b/docs/configuration.md index 2770bc84d..deb39aa8b 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -453,6 +453,33 @@ redirect the user back to the SSO application's logout page. Defaults to None, which disables this feature. +`PAPERLESS_USE_X_FORWARD_HOST=` + +: Configures the Django setting [USE_X_FORWARDED_HOST](https://docs.djangoproject.com/en/4.2/ref/settings/#use-x-forwarded-host) +which may be needed for hosting behind a proxy. + + Defaults to False + +`PAPERLESS_USE_X_FORWARD_PORT=` + +: Configures the Django setting [USE_X_FORWARDED_PORT](https://docs.djangoproject.com/en/4.2/ref/settings/#use-x-forwarded-port) +which may be needed for hosting behind a proxy. + + Defaults to False + +`PAPERLESS_PROXY_SSL_HEADER=` + +: Configures the Django setting [SECURE_PROXY_SSL_HEADER](https://docs.djangoproject.com/en/4.2/ref/settings/#secure-proxy-ssl-header) +which may be needed for hosting behind a proxy. The two values in the list will form the tuple of +HTTP header/value expected by Django, eg `'["HTTP_X_FORWARDED_PROTO", "https"]'`. + + Defaults to None + +!!! warning + + Settings this value has security implications. Read the Django documentation + and be sure you understand its usage before setting it. + ## OCR settings {#ocr} Paperless uses [OCRmyPDF](https://ocrmypdf.readthedocs.io/en/latest/) diff --git a/src/paperless/settings.py b/src/paperless/settings.py index b8abea5ff..bcf616ef3 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -431,6 +431,14 @@ if _paperless_url: # For use with trusted proxies TRUSTED_PROXIES = __get_list("PAPERLESS_TRUSTED_PROXIES") +USE_X_FORWARDED_HOST = __get_boolean("PAPERLESS_USE_X_FORWARD_HOST", "false") +USE_X_FORWARDED_PORT = __get_boolean("PAPERLESS_USE_X_FORWARD_PORT", "false") +SECURE_PROXY_SSL_HEADER = ( + tuple(json.loads(os.environ["PAPERLESS_PROXY_SSL_HEADER"])) + if "PAPERLESS_PROXY_SSL_HEADER" in os.environ + else None +) + # The secret key has a default that should be fine so long as you're hosting # Paperless on a closed network. However, if you're putting this anywhere # public, you should change the key to something unique and verbose.