From 9c1fcbcc9890dbf453bd469984cb0eb5a0f7eccd Mon Sep 17 00:00:00 2001
From: Fabian Winter <5821180+fdw@users.noreply.github.com>
Date: Sun, 3 Nov 2019 20:14:17 +0100
Subject: [PATCH] Address comments

---
 docker-compose.env.example   | 3 +++
 docs/setup.rst               | 4 +++-
 scripts/docker-entrypoint.sh | 8 ++++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/docker-compose.env.example b/docker-compose.env.example
index d939a327a..50c1690be 100644
--- a/docker-compose.env.example
+++ b/docker-compose.env.example
@@ -16,6 +16,9 @@
 # different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
 # default language used when guessing the language from the OCR output.
 # PAPERLESS_OCR_LANGUAGES=deu ita
+
+# Set Paperless to use SSL for the web interface.
+# Enabling this will require ssl.key and ssl.cert files in paperless' data directory.
 # PAPERLESS_USE_SSL=false
 
 # You can change the default user and group id to a custom one
diff --git a/docs/setup.rst b/docs/setup.rst
index 288ca7405..9a371f889 100644
--- a/docs/setup.rst
+++ b/docs/setup.rst
@@ -193,10 +193,12 @@ Docker Method
      container and thus the one of the consumption directory. Furthermore, you
      can change the id of the default user as well using ``USERMAP_UID``.
 
-  ``USE_SSL``
+  ``PAPERLESS_USE_SSL``
     If you want Paperless to use SSL for the user interface, set this variable
     to ``true``. You also need to copy your certificate and key to the ``data``
     directory, named ``ssl.cert`` and ``ssl.key``.
+    This is not an ideal solution and, if possible, a reverse proxy with nginx
+    is preferred.
 
 6. Run ``docker-compose up -d``. This will create and start the necessary
    containers.
diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh
index df629554a..d2451720e 100644
--- a/scripts/docker-entrypoint.sh
+++ b/scripts/docker-entrypoint.sh
@@ -104,8 +104,12 @@ if [[ "$1" != "/"* ]]; then
         EXTRA_PARAMS=""
         SSL_KEY_PATH="/usr/src/paperless/data/ssl.key"
         SSL_CERT_PATH="/usr/src/paperless/data/ssl.cert"
-        if [ "${PAPERLESS_USE_SSL}" = "true" ] && [ -f "${SSL_KEY_PATH}" ] && [ -f "${SSL_CERT_PATH}" ]; then
-            EXTRA_PARAMS="--certfile=${SSL_CERT_PATH} --keyfile=${SSL_KEY_PATH}"
+        if [ "${PAPERLESS_USE_SSL}" = "true" ]; then
+            if [ -f "${SSL_KEY_PATH}" ] && [ -f "${SSL_CERT_PATH}" ]; then
+                EXTRA_PARAMS="--certfile=${SSL_CERT_PATH} --keyfile=${SSL_KEY_PATH}"
+            else
+                echo "Error: Could not find certfile in ${SSL_CERT_PATH} or keyfile in ${SSL_KEY_PATH}, but \$PAPERLESS_USE_SSL is true. Starting without SSL enabled."
+            fi
         fi
         cd /usr/src/paperless/src/ && \
             exec sudo -HEu paperless /usr/bin/gunicorn -c /usr/src/paperless/gunicorn.conf ${EXTRA_PARAMS} "$@" paperless.wsgi