This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/paperless-ng/index.md

2.7 KiB

title
Paperless-ng

What is Paperless-ng

Modified from https://github.com/jonaswinkler/paperless-ng

:::note Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained. :::

:::warning This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources.

The author of Paperless-ng recommends you do not expose Paperless outside your network, as it was not designed for that. Instead, they "recommend that if you do want to use it, run it locally on a server in your own home." :::

Preparation

The following placeholders will be used:

  • paperless.company is the FQDN of the Paperless-ng install.

Also set up your proxy server to use forward auth with paperless.company: https://goauthentik.io/docs/providers/proxy/forward_auth

Paperless

Start by adding the following environment variables to your Paperless-ng setup. If you are using docker-compose, then add the following to your docker-compose.env file:

PAPERLESS_ENABLE_HTTP_REMOTE_USER=TRUE
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=HTTP_X_AUTHENTIK_USERNAME

Authentik automatically sets this header when we use a proxy outpost.

Now restart your container: docker-compose down && docker-compose up -d

authentik

Provider In authentik, go to the Admin Interface and click Applications/Providers.

Create a Proxy Provider. Give it a name (e.g. Paperless Proxy), then choose explicit or implicit consent (whether you want authentic to show a button to proceed to Paperless after login, or to just go there).

Choose Forward Auth (single application), then add the External host: https://paperless.company

Click Create to finish creating the provider.

Application

Now go to Applications/Applications and create a new application.

Give it a name, this one is displayed to users. E.g. Paperless.

Set the slug, let's use paperless.

Now select the provider we created earlier, e.g. Paperless Proxy.

Click Create to create the application.

Outpost

Now go to Applications/Outposts and click the edit button for "authentik Embedded Outpost".

Under Applications, click Paperless to select it (use ctrl+click to select multiple), then click Update at the bottom.

Finished

Now you can access Paperless-ng by logging in with authentik. Note that your authentik username and your Paperless username MUST match.