# Docker setup does not use the configuration file.
# A few commonly adjusted settings are provided below.
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
#PAPERLESS_SECRET_KEY=change-me
echo "1. Application configuration"
echo "============================"
+echo ""
+echo "The URL paperless will be available at. This is required if the"
+echo "installation will be accessible via the web, otherwise can be left blank."
+echo ""
+
+ask "URL" ""
+URL=$ask_result
+
echo ""
echo "The port on which the paperless webserver will listen for incoming"
echo "connections."
fi
fi
echo ""
+echo "URL: $URL"
echo "Port: $PORT"
echo "Database: $DATABASE_BACKEND"
echo "Tika enabled: $TIKA_ENABLED"
DEFAULT_LANGUAGES="deu eng fra ita spa"
{
+ if [[ ! $URL == "" ]] ; then
+ echo "PAPERLESS_URL=$URL"
+ fi
if [[ ! $USERMAP_UID == "1000" ]] ; then
echo "USERMAP_UID=$USERMAP_UID"
fi
# Security and hosting
#PAPERLESS_SECRET_KEY=change-me
-#PAPERLESS_ALLOWED_HOSTS=example.com,www.example.com
-#PAPERLESS_CORS_ALLOWED_HOSTS=http://example.com,http://localhost:8000
+#PAPERLESS_URL=https://example.com
+#PAPERLESS_CSRF_TRUSTED_ORIGINS=https://example.com # can be set using PAPERLESS_URL
+#PAPERLESS_ALLOWED_HOSTS=example.com,www.example.com # can be set using PAPERLESS_URL
+#PAPERLESS_CORS_ALLOWED_HOSTS=https://localhost:8080,https://example.com # can be set using PAPERLESS_URL
#PAPERLESS_FORCE_SCRIPT_NAME=
#PAPERLESS_STATIC_URL=/static/
#PAPERLESS_AUTO_LOGIN_USERNAME=
import os
import re
from typing import Final
+from urllib.parse import urlparse
from concurrent_log_handler.queue import setup_logging_queues
from django.utils.translation import gettext_lazy as _
else:
X_FRAME_OPTIONS = "SAMEORIGIN"
-# We allow CORS from localhost:8080
+
+# The next 3 settings can also be set using just PAPERLESS_URL
+_csrf_origins = os.getenv("PAPERLESS_CSRF_TRUSTED_ORIGINS")
+if _csrf_origins:
+ CSRF_TRUSTED_ORIGINS = _csrf_origins.split(",")
+else:
+ CSRF_TRUSTED_ORIGINS = []
+
+# We allow CORS from localhost:8000
CORS_ALLOWED_ORIGINS = tuple(
os.getenv("PAPERLESS_CORS_ALLOWED_HOSTS", "http://localhost:8000").split(","),
)
# Allow access from the angular development server during debugging
CORS_ALLOWED_ORIGINS += ("http://localhost:4200",)
+_allowed_hosts = os.getenv("PAPERLESS_ALLOWED_HOSTS")
+if _allowed_hosts:
+ ALLOWED_HOSTS = _allowed_hosts.split(",")
+else:
+ ALLOWED_HOSTS = ["*"]
+
+_paperless_url = os.getenv("PAPERLESS_URL")
+if _paperless_url:
+ _paperless_uri = urlparse(_paperless_url)
+ CSRF_TRUSTED_ORIGINS.append(_paperless_url)
+ CORS_ALLOWED_ORIGINS += (_paperless_url,)
+ if _allowed_hosts:
+ ALLOWED_HOSTS.append(_paperless_uri.hostname)
+ else:
+ ALLOWED_HOSTS = [_paperless_uri.hostname]
+
# The secret key has a default that should be fine so long as you're hosting
# Paperless on a closed network. However, if you're putting this anywhere
# public, you should change the key to something unique and verbose.
"e11fl1oa-*ytql8p)(06fbj4ukrlo+n7k&q5+$1md7i+mge=ee",
)
-_allowed_hosts = os.getenv("PAPERLESS_ALLOWED_HOSTS")
-if _allowed_hosts:
- ALLOWED_HOSTS = _allowed_hosts.split(",")
-else:
- ALLOWED_HOSTS = ["*"]
-
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
projects / thirdparty / paperless-ngx.git / commitdiff
