paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

nginx with tls via letsencrypt as entry in sites-available

Robert Schadek 2024-02-05 10:30:01 +01:00
parent b75aa3ca34
commit 10639ec052
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
Using-a-Reverse-Proxy-with-Paperless-ngx-nginx---letsencrypt-fix.md → Using-a-Reverse-Proxy-with-Paperless-ngx-nginx-letsencrypt-fix.md

@ -30,6 +30,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header Referrer-Policy "strict-origin-when-cross-origin";
}
}
}
@ -44,6 +45,59 @@ towards the end of the section.
Some have found adding the P3P header (`add_header P3P 'CP=""';` see [#817](https://github.com/paperless-ngx/paperless-ngx/issues/817)) works; only [IE and Edge](https://en.wikipedia.org/wiki/P3P) support it.
## nginx with tls via letsencrypt as entry in sites-available
File /etc/nginx/sites-available/SUBDOMAIN.DOMAIN.conf looks like this. Replace SUBDOMAIN.DOMAIN with your domain.
```nginx
server {
server_name SUBDOMAIN.DOMAIN;
listen 443 ssl http2;
listen [::]:443 ssl http2; # Listen on IPv6
ssl_certificate /etc/letsencrypt/live/SUBDOMAIN.DOMAIN/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/SUBDOMAIN.DOMAIN/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
client_max_body_size 10M;
add_header Referrer-Policy "no-referrer" always;
location / {
# Adjust host and port as required.
proxy_pass http://127.0.0.1:8000/;
# These configuration options are required for WebSockets to work.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header Referrer-Policy "strict-origin-when-cross-origin";
}
}
server {
listen 80;
server_name SUBDOMAIN.DOMAIN;
return 301 https://$server_name$request_uri;
}
```
in /etc/nginx.conf
```nginx
http {
include sites-enabled/*;
}
```
```sh
ln -s /etc/nginx/sites-available/SUBDOMAIN.DOMAIN.conf /etc/nginx/sites-enabled/SUBDOMAIN.DOMAIN.conf
systemctl restart nginx
```
# Apache
Below is an example of an apache2 conf file that you may customize to fit your environment and needs.