paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-19 10:19:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

nginx with tls via letsencrypt as entry in sites-available

Robert Schadek 2024-02-05 10:30:01 +01:00
parent b75aa3ca34
commit 10639ec052
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
Using-a-Reverse-Proxy-with-Paperless-ngx-nginx---letsencrypt-fix.md → Using-a-Reverse-Proxy-with-Paperless-ngx-nginx-letsencrypt-fix.md

@ -30,6 +30,7 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Host $server_name;
add_header Referrer-Policy "strict-origin-when-cross-origin";
} }
} }
} }
@ -44,6 +45,59 @@ towards the end of the section.
Some have found adding the P3P header (`add_header P3P 'CP=""';` see [#817](https://github.com/paperless-ngx/paperless-ngx/issues/817)) works; only [IE and Edge](https://en.wikipedia.org/wiki/P3P) support it. Some have found adding the P3P header (`add_header P3P 'CP=""';` see [#817](https://github.com/paperless-ngx/paperless-ngx/issues/817)) works; only [IE and Edge](https://en.wikipedia.org/wiki/P3P) support it.
## nginx with tls via letsencrypt as entry in sites-available
File /etc/nginx/sites-available/SUBDOMAIN.DOMAIN.conf looks like this. Replace SUBDOMAIN.DOMAIN with your domain.
```nginx
server {
server_name SUBDOMAIN.DOMAIN;
listen 443 ssl http2;
listen [::]:443 ssl http2; # Listen on IPv6
ssl_certificate /etc/letsencrypt/live/SUBDOMAIN.DOMAIN/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/SUBDOMAIN.DOMAIN/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
client_max_body_size 10M;
add_header Referrer-Policy "no-referrer" always;
location / {
# Adjust host and port as required.
proxy_pass http://127.0.0.1:8000/;
# These configuration options are required for WebSockets to work.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header Referrer-Policy "strict-origin-when-cross-origin";
}
}
server {
listen 80;
server_name SUBDOMAIN.DOMAIN;
return 301 https://$server_name$request_uri;
}
```
in /etc/nginx.conf
```nginx
http {
include sites-enabled/*;
}
```
```sh
ln -s /etc/nginx/sites-available/SUBDOMAIN.DOMAIN.conf /etc/nginx/sites-enabled/SUBDOMAIN.DOMAIN.conf
systemctl restart nginx
```
# Apache # Apache
Below is an example of an apache2 conf file that you may customize to fit your environment and needs. Below is an example of an apache2 conf file that you may customize to fit your environment and needs.