search

the-paperless-project / paperless

Scan, index, and archive all of your paper documents
GNU General Public License v3.0
7.84k stars 501 forks source link

Add automatic HTTPS #95

Open brasilikum opened 8 years ago

brasilikum commented 8 years ago

I am not familiar with Django so I do not know of any modules to handle this, I only know it has been done for example by caddy.

danielquinn commented 8 years ago

I'm not keen on the idea of rolling HTTPS support right into Paperless because frankly, it was never meant to be running open to the web. Having it run with HTTPS (and presumably on port 443) would mean running it as root and that should never happen.

However, it's perfectly reasonable to wrap Paperless with something standard like Nginx. Paperless can continue to run via the runserver command or you can set it up to run with gunicorn -- either way root is only ever used for the running of Nginx, which is then downgraded to an unprivileged user, while Paperless can run as its own user. I've been meaning to add something to the documentation for this sort of setup, and I should probably provide a sample gunicorn file as well.

So short answer: I agree, though it wouldn't be through something like Caddy. I'm only interested in providing instructions on how to plug Paperless into something that's more robust like Nginx and don't want to roll HTTPS support directly into this project.

brasilikum commented 8 years ago

Ok, I see the added complexity. However, if you use setcap cap_net_bind_service=+ep, you do not have to grant root, right?

Even though you think Caddy is not robust, would you accept Pull Requests on the doc for adding automatic https with certificate renewal via Caddy? Something like

cat Caddyfile
https://paperless.mydomain.com
proxy /api localhost:8000/api
danielquinn commented 8 years ago

Oh Caddy does do proxy! Sorry, I looked through the documentation and assumed it was just for local static files.

Yes, by all means do send a PR for Caddy support if that will work. However if you do, please update the documentation for how users might make use of the Caddyfile as part of your PR.

stgarf commented 5 years ago

@brasilikum Anything change over the last three years or so? I'm just going through old issues in the repo to see what can potentially be worked on still or cleaned up.

brasilikum commented 5 years ago

@stgarf I am not currently using paperless so feel free to close this if it's not a common request