Support SSL for web interface

Thanks to @MasterofJOKers, here is basic support for SSL: You need to create your key and certificate and copy them to the `data` directory, named `ssl.cert` and `ssl.key`. Then, set `PAPERLESS_USE_SSL` in `docker-compose.env` to `true`. Solves #576.
2025-04-02 13:45:10 -05:00 · 2019-11-03 18:24:03 +01:00 · 2019-11-03 18:24:03 +01:00 · 9b2b435c5b
commit 9b2b435c5b
parent a690b1cf24
3 changed files with 15 additions and 2 deletions
--- a/docker-compose.env.example
+++ b/docker-compose.env.example
@ -16,6 +16,7 @@
 # different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
 # default language used when guessing the language from the OCR output.
 # PAPERLESS_OCR_LANGUAGES=deu ita
+# PAPERLESS_USE_SSL=false

 # You can change the default user and group id to a custom one
 # USERMAP_UID=1000
--- a/docs/setup.rst
+++ b/docs/setup.rst
@ -193,6 +193,11 @@ Docker Method
     container and thus the one of the consumption directory. Furthermore, you
     can change the id of the default user as well using ``USERMAP_UID``.

+  ``USE_SSL``
+    If you want Paperless to use SSL for the user interface, set this variable
+    to ``true``. You also need to copy your certificate and key to the ``data``
+    directory, named ``ssl.cert`` and ``ssl.key``.
+
 6. Run ``docker-compose up -d``. This will create and start the necessary
   containers.
 7. To be able to login, you will need a super user. To create it, execute the
@ -206,7 +211,8 @@ Docker Method
   e-mail address and finally a password.
 8. The default ``docker-compose.yml`` exports the webserver on your local port
   8000. If you haven't adapted this, you should now be able to visit your
-   `Paperless webserver`_ at ``http://127.0.0.1:8000``. You can login with the
+   `Paperless webserver`_ at ``http://127.0.0.1:8000`` (or 
+   ``https://127.0.0.1:8000`` if you enabled SSL). You can login with the
   user and password you just created.
 9. Add files to consumption directory the way you prefer to. Following are two
   possible options:
--- a/scripts/docker-entrypoint.sh
+++ b/scripts/docker-entrypoint.sh
@ -101,8 +101,14 @@ if [[ "$1" != "/"* ]]; then

    if [[ "$1" = "gunicorn" ]]; then
        shift
+        EXTRA_PARAMS=""
+        SSL_KEY_PATH="/usr/src/paperless/data/ssl.key"
+        SSL_CERT_PATH="/usr/src/paperless/data/ssl.cert"
+        if [ "${PAPERLESS_USE_SSL}" = "true" ] && [ -f "${SSL_KEY_PATH}" ] && [ -f "${SSL_CERT_PATH}" ]; then
+            EXTRA_PARAMS="--certfile=${SSL_CERT_PATH} --keyfile=${SSL_KEY_PATH}"
+        fi
        cd /usr/src/paperless/src/ && \
-            exec sudo -HEu paperless /usr/bin/gunicorn -c /usr/src/paperless/gunicorn.conf "$@" paperless.wsgi
+            exec sudo -HEu paperless /usr/bin/gunicorn -c /usr/src/paperless/gunicorn.conf ${EXTRA_PARAMS} "$@" paperless.wsgi
    else
        exec sudo -HEu paperless "/usr/src/paperless/src/manage.py" "$@"
    fi