When using the built-in webserver in debug mode, the static files are
handled automatically. From the Django docs:
During development, if you use django.contrib.staticfiles, this will
be done automatically by runserver when DEBUG is set to True (see
django.contrib.staticfiles.views.serve()).
This method is grossly inefficient and probably insecure, so it is
unsuitable for production.
This means, when using a real webserver, it also has to serve the static
files, i.e. CSS and JavaScript. For that, one needs to run `./manage.py
collectstatic` first.
Originally we used SHARED secret both for email and for the API. That
was a bad idea, and now that we're only using this value for one case,
I've renamed it to reflect its actual use.
After tinkering with this for about 2 hours, I'm reasonably sure this
ever worked. This feature was added by me in haste and poked by by the
occasional contributor, and it suffered from neglect.
* Removed the requirement for signature generation in favour of simply
requiring BasicAuth or a valid session id.
* Fixed a number of bugs in the form itself that would have ensured that
the form never accepted anything.
* Documented it all properly so now (hopefully) people will have less
trouble figuring it out in the future.
The problem with the original instruction is that systemd creates a
symlink pointing to the service file in the paperless directory. A user
is unlikely to leave the changes in the service files committed
(especially not on a master branch checkout) and they are easily lost and
the services fail to start without obvious reason.
To avoid this we simply copy the service files to the systemd directory
directly and use the files in the repository only as an example.