paperless-ngx: multiple users/setups, script+filebeat to log file consumption, .env file(s), and more #22
|
@ -86,6 +86,7 @@
|
|||
- nginx-conf
|
||||
- authelia-nginx
|
||||
- well-known
|
||||
- nginx-well-known
|
||||
- gitea-nginx
|
||||
notify: reload nginx
|
||||
|
||||
|
|
|
@ -14,20 +14,20 @@ server {
|
|||
server_name {{ inventory_hostname }};
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
|
||||
location = /server_status {
|
||||
stub_status;
|
||||
location = /server_status {
|
||||
stub_status;
|
||||
|
||||
access_log off;
|
||||
access_log off;
|
||||
|
||||
allow 127.0.0.1;
|
||||
{% if 'address' in ansible_default_ipv4 -%}
|
||||
allow {{ ansible_default_ipv4.address }};
|
||||
{% endif -%}
|
||||
{% if ansible_default_ipv6 is defined and 'address' in ansible_default_ipv6 -%}
|
||||
allow {{ ansible_default_ipv6.address }};
|
||||
{% endif -%}
|
||||
allow {{ bridgewithdns_cidr }};
|
||||
deny all;
|
||||
allow 127.0.0.1;
|
||||
{% if 'address' in ansible_default_ipv4 -%}
|
||||
allow {{ ansible_default_ipv4.address }};
|
||||
{% endif -%}
|
||||
{% if ansible_default_ipv6 is defined and 'address' in ansible_default_ipv6 -%}
|
||||
allow {{ ansible_default_ipv6.address }};
|
||||
{% endif -%}
|
||||
allow {{ bridgewithdns_cidr }};
|
||||
deny all;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -18,6 +18,15 @@ http {
|
|||
# nginx hack
|
||||
# if $authelia_user doesnt exist, set it to empty string
|
||||
# if $authelia_user does exist, do nothing
|
||||
# map $host $authelia_user {
|
||||
# "" "";
|
||||
# default $authelia_user;
|
||||
|
||||
# }
|
||||
# map $host $authelia_groups {
|
||||
# "" "";
|
||||
# default $authelia_groups;
|
||||
# }
|
||||
map $host $authelia_user {
|
||||
default "";
|
||||
}
|
||||
|
@ -33,6 +42,9 @@ http {
|
|||
' "request": "$request", '
|
||||
' "request_method": "$request_method", '
|
||||
' "request_uri": "$request_uri", '
|
||||
' "uri": "$uri", '
|
||||
' "http_connection": "$http_connection", '
|
||||
' "http_upgrade": "$http_upgrade", '
|
||||
' "server_name": "$server_name", '
|
||||
' "server_port": "$server_port", '
|
||||
' "status": "$status", '
|
||||
|
|
|
@ -23,3 +23,12 @@ location = /.sudo-known/info.html {
|
|||
default_type text/html;
|
||||
return 200 '<!--\n hostname: {{ inventory_hostname }}\n server_name: $server_name\n-->\n\n ';
|
||||
}
|
||||
|
||||
location = /.sudo-known/header.html {
|
||||
default_type text/html;
|
||||
alias /var/www/shared/header.html;
|
||||
}
|
||||
location = /.sudo-known/footer.html {
|
||||
default_type text/html;
|
||||
alias /var/www/shared/footer.html;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
|
||||
paperless_user_specific_urls: true
|
|
@ -0,0 +1,28 @@
|
|||
#!/usr/bin/env python3
|
||||
ben marked this conversation as resolved
Outdated
|
||||
|
||||
import json
|
||||
from os import environ, path
|
||||
from datetime import datetime
|
||||
|
||||
DATA_DIR = environ.get("PAPERLESS_DATA_DIR", "../data/")
|
||||
LOGGING_DIR = environ.get("PAPERLESS_LOGGING_DIR", path.join(DATA_DIR, "log/"))
|
||||
|
||||
|
||||
def logger(env_vars, consume_stage):
|
||||
# paperless-ngx has a hardcoded log file name anyay
|
||||
log_path = path.join(LOGGING_DIR, "consume.log")
|
||||
|
||||
log_item = {k.lower(): environ.get(k) for k in env_vars}
|
||||
log_item.update({
|
||||
"timestamp": datetime.now().isoformat(),
|
||||
"paperless_user": environ.get("PAPERLESS_USER"),
|
||||
"log_path": log_path,
|
||||
"paperless_consume_stage": consume_stage
|
||||
|
||||
})
|
||||
|
||||
with open(log_path, 'a') as f:
|
||||
#j = json.dumps(log_item, indent=2)
|
||||
j = json.dumps(log_item)
|
||||
f.write(j)
|
||||
f.write("\n")
|
Binary file not shown.
After Width: | Height: | Size: 108 KiB |
|
@ -0,0 +1,26 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from common_consume import logger
|
||||
ben marked this conversation as resolved
Outdated
ben
commented
this file should be named something like
this file should be named something like `post-consome-logger` and do
```python3
from common_consome_logger import logger
```
|
||||
|
||||
|
||||
def main():
|
||||
post_consume_vars = [
|
||||
"DOCUMENT_ID",
|
||||
"DOCUMENT_FILE_NAME",
|
||||
"DOCUMENT_CREATED",
|
||||
"DOCUMENT_MODIFIED",
|
||||
"DOCUMENT_ADDED",
|
||||
"DOCUMENT_SOURCE_PATH",
|
||||
"DOCUMENT_ARCHIVE_PATH",
|
||||
"DOCUMENT_THUMBNAIL_PATH",
|
||||
"DOCUMENT_DOWNLOAD_URL",
|
||||
"DOCUMENT_THUMBNAIL_URL",
|
||||
"DOCUMENT_CORRESPONDENT",
|
||||
"DOCUMENT_TAGS",
|
||||
"DOCUMENT_ORIGINAL_FILENAME"
|
||||
]
|
||||
logger(post_consume_vars, "post")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -0,0 +1,14 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from common_consume import logger
|
||||
|
||||
|
||||
def main():
|
||||
pre_consume_vars = [
|
||||
"DOCUMENT_SOURCE_PATH"
|
||||
]
|
||||
logger(pre_consume_vars, "pre")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -4,3 +4,14 @@
|
|||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: restart filebeat
|
||||
service:
|
||||
name: filebeat
|
||||
state: restarted
|
||||
|
||||
- name: restart paperless-ngx
|
||||
docker_container:
|
||||
name: paperless-ngx-user-{{ paperless_user }}
|
||||
state: started
|
||||
restart: true
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
---
|
||||
- import_tasks: paperless-ngx.yml
|
||||
tags: paperless-ngx
|
||||
tags:
|
||||
- paperless-ngx
|
||||
- paperless
|
||||
|
|
|
@ -39,30 +39,83 @@
|
|||
tags:
|
||||
- mariadb-users
|
||||
|
||||
- name: create dir structure
|
||||
- name: create dir structure for paperless-ngx
|
||||
file:
|
||||
path: "{{ systemuserlist.paperless.home }}/{{ item.name }}"
|
||||
state: directory
|
||||
mode: 0775
|
||||
owner: "{{ item.owner|default('paperless') }}"
|
||||
group: "{{ item.group|default('paperless') }}"
|
||||
tags:
|
||||
- paperless-dirs
|
||||
with_items:
|
||||
# checked dockerfile: https://github.com/docker-library/redis/blob/master/7.0/Dockerfile
|
||||
- name: redis
|
||||
owner: 999
|
||||
group: 999
|
||||
- name: redis/data
|
||||
- name: redis/data-{{ paperless_user }}
|
||||
owner: 999
|
||||
group: 999
|
||||
- name: paperless-ngx
|
||||
- name: paperless-ngx/bin
|
||||
- name: paperless-ngx/data
|
||||
- name: paperless-ngx/media
|
||||
- name: paperless-ngx/export
|
||||
- name: paperless-ngx/consume
|
||||
- name: paperless-ngx/data/{{ paperless_user }}
|
||||
owner: "{{ paperless_user }}"
|
||||
group: "{{ paperless_user }}"
|
||||
|
||||
- name: redis container for paperless-nx
|
||||
- name: ensure {{ paperless_users_path }} exists
|
||||
file:
|
||||
path: "{{ paperless_users_path }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: paperless
|
||||
group: paperless
|
||||
tags:
|
||||
- paperless-dirs
|
||||
|
||||
- name: ensure {{ paperless_users_path }}/{{ paperless_user }} exists
|
||||
file:
|
||||
path: "{{ paperless_users_path }}/{{ paperless_user }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ paperless_user }}"
|
||||
group: "{{ paperless_user }}"
|
||||
tags:
|
||||
- paperless-dirs
|
||||
|
||||
- name: create dir structure for user in {{ paperless_users_path }}/{{ paperless_user }}}
|
||||
file:
|
||||
path: "{{ paperless_users_path }}/{{ paperless_user }}/{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ paperless_user }}"
|
||||
group: "{{ paperless_user }}"
|
||||
tags:
|
||||
- paperless-dirs
|
||||
with_items:
|
||||
- media
|
||||
- media/trash
|
||||
- export
|
||||
- consume
|
||||
|
||||
- name: paperless scripts
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ systemuserlist.paperless.home }}/paperless-ngx/bin/{{ item }}"
|
||||
owner: paperless
|
||||
group: paperless
|
||||
mode: 0775
|
||||
with_items:
|
||||
- common_consume.py
|
||||
- post-consume.py
|
||||
- pre-consume.py
|
||||
tags:
|
||||
- paperless-scripts
|
||||
- paperless-bin
|
||||
|
||||
- name: redis container for paperless-ngx user {{ paperless_user }}
|
||||
docker_container:
|
||||
name: paperless-ngx-redis
|
||||
name: paperless-ngx-redis-{{ paperless_user }}
|
||||
image: "redis:latest"
|
||||
restart_policy: "unless-stopped"
|
||||
auto_remove: false
|
||||
|
@ -71,7 +124,7 @@
|
|||
state: started
|
||||
container_default_behavior: compatibility
|
||||
env:
|
||||
REDIS_HOST: paperless-ngx-redis
|
||||
REDIS_HOST: paperless-ngx-redis-{{ paperless_user }}
|
||||
networks_cli_compatible: false
|
||||
networks:
|
||||
- name: bridgewithdns
|
||||
|
@ -82,7 +135,7 @@
|
|||
test: "redis-cli --raw incr ping"
|
||||
mounts:
|
||||
- type: bind
|
||||
source: "{{ systemuserlist.paperless.home }}/redis/data"
|
||||
source: "{{ systemuserlist.paperless.home }}/redis/data-{{ paperless_user }}"
|
||||
target: /data
|
||||
tags:
|
||||
- paperless-containers
|
||||
|
@ -91,6 +144,62 @@
|
|||
- paperless-ngx-redis
|
||||
- redis
|
||||
|
||||
# https://tika.apache.org/
|
||||
# used to convert office documents
|
||||
- name: tika container for paperless-ngx
|
||||
docker_container:
|
||||
name: paperless-ngx-tika
|
||||
image: "ghcr.io/paperless-ngx/tika:latest"
|
||||
restart_policy: "unless-stopped"
|
||||
auto_remove: false
|
||||
detach: true
|
||||
pull: true
|
||||
state: started
|
||||
container_default_behavior: compatibility
|
||||
networks_cli_compatible: false
|
||||
networks:
|
||||
- name: bridgewithdns
|
||||
tags:
|
||||
- paperless-containers
|
||||
- paperless-ngx-containers
|
||||
- docker-containers
|
||||
- paperless-ngx-tika
|
||||
- tika-container
|
||||
|
||||
# https://gotenberg.dev/
|
||||
# also used for office documents, converting them
|
||||
- name: gotenberg container for paperless-ngx
|
||||
docker_container:
|
||||
name: paperless-ngx-gotenberg
|
||||
image: "docker.io/gotenberg/gotenberg:7"
|
||||
restart_policy: "unless-stopped"
|
||||
auto_remove: false
|
||||
detach: true
|
||||
pull: true
|
||||
state: started
|
||||
container_default_behavior: compatibility
|
||||
networks_cli_compatible: false
|
||||
networks:
|
||||
- name: bridgewithdns
|
||||
env:
|
||||
CHROMIUM_DISABLE_ROUTES: "1"
|
||||
tags:
|
||||
- paperless-containers
|
||||
- paperless-ngx-containers
|
||||
- docker-containers
|
||||
- paperless-ngx-gotenberg
|
||||
- gotenberg-container
|
||||
|
||||
- name: template {{ paperless_user }}.env
|
||||
template:
|
||||
src: paperless-ngx.env.j2
|
||||
dest: "{{ systemuserlist.paperless.home }}/paperless-ngx/{{ paperless_user }}.env"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
||||
tags:
|
||||
- paperless-config
|
||||
|
||||
# https://github.com/paperless-ngx/paperless-ngx/blob/main/Dockerfile
|
||||
# uid stuff docs: https://paperless-ngx.readthedocs.io/en/latest/setup.html?highlight=usermap
|
||||
# uid stuff source: https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/docker-entrypoint.sh#L37
|
||||
|
@ -106,9 +215,10 @@
|
|||
# tika: metadata extracter
|
||||
#
|
||||
# proxy auth for authelia: https://paperless-ngx.readthedocs.io/en/latest/configuration.html?highlight=auth#hosting-security
|
||||
|
||||
- name: start paperless-ngx-webserver container
|
||||
docker_container:
|
||||
name: paperless-ngx-webserver
|
||||
name: paperless-ngx-user-{{ paperless_user }}
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:latest
|
||||
restart_policy: "unless-stopped"
|
||||
auto_remove: false
|
||||
|
@ -124,38 +234,21 @@
|
|||
ipv4_address: "{{ bridgewithdns['paperless-ngx-webserver'] }}"
|
||||
mounts:
|
||||
- type: bind
|
||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/data"
|
||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}"
|
||||
target: /usr/src/paperless/data
|
||||
- type: bind
|
||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/media"
|
||||
source: "{{ paperless_users_path }}/{{ paperless_user }}/media"
|
||||
target: /usr/src/paperless/media
|
||||
- type: bind
|
||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/export"
|
||||
source: "{{ paperless_users_path }}/{{ paperless_user }}/export"
|
||||
target: /usr/src/paperless/export
|
||||
- type: bind
|
||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/consume"
|
||||
source: "{{ paperless_users_path }}/{{ paperless_user }}/consume"
|
||||
target: /usr/src/paperless/consume
|
||||
env:
|
||||
USERMAP_UID: "{{ systemuserlist.paperless.uid }}"
|
||||
USERMAP_GID: "{{ systemuserlist.paperless.gid }}"
|
||||
PAPERLESS_URL: "https://{{ paperless_url }}"
|
||||
PAPERLESS_SECRET_KEY: "{{ paperless_secret_key }}"
|
||||
PAPERLESS_OCR_LANGUAGES: "{{ paperless_ocr_langs }}"
|
||||
PAPERLESS_OCR_LANGUAGE: "{{ paperless_ocr_default_lang }}"
|
||||
PAPERLESS_REDIS: redis://paperless-ngx-redis:6379
|
||||
PAPERLESS_DBENGINE: mariadb
|
||||
PAPERLESS_DBHOST: "{{ mariadb_host }}"
|
||||
PAPERLESS_DBNAME: "{{ mariadb_db }}"
|
||||
PAPERLESS_DBUSER: "{{ systemuserlist.paperless.username }}"
|
||||
PAPERLESS_DBPASS: "{{ systemuserlist.paperless.mariadb_pass }}"
|
||||
PAPERLESS_DBPORT: "3306"
|
||||
PAPERLESS_TIME_ZONE: UTC
|
||||
PAPERLESS_ADMIN_USER: "{{ paperless_admin_user }}"
|
||||
PAPERLESS_ADMIN_MAIL: "{{ paperless_admin_email }}"
|
||||
PAPERLESS_ADMIN_PASSWORD: "{{ paperless_admin_passwd }}"
|
||||
# AUTH
|
||||
PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true"
|
||||
PAPERLESS_LOGOUT_REDIRECT_URL: "https://{{ authelia_login_url }}/logout"
|
||||
- type: bind
|
||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/bin"
|
||||
target: /usr/src/paperless/bin/
|
||||
env_file: "{{ systemuserlist.paperless.home }}/paperless-ngx/{{ paperless_user }}.env"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8000"]
|
||||
interval: 30s
|
||||
|
@ -163,6 +256,8 @@
|
|||
retries: 5
|
||||
tags:
|
||||
- paperless-containers
|
||||
- paperless-container
|
||||
- paperless-config
|
||||
- paperless-ngx-containers
|
||||
- paperless-ngx-container
|
||||
- docker-containers
|
||||
|
@ -182,10 +277,69 @@
|
|||
with_items:
|
||||
- "{{ paperless_url }}"
|
||||
|
||||
- name: make www dirs
|
||||
file:
|
||||
state: directory
|
||||
path: /var/www/{{ item }}
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0755
|
||||
loop_control:
|
||||
label: /var/www/{{ item }}
|
||||
with_items:
|
||||
- "{{ paperless_url }}"
|
||||
# helper dir for try_file
|
||||
- "{{ paperless_url }}/{{ paperless_user }}"
|
||||
tags:
|
||||
- paperless-nginx
|
||||
|
||||
- name: template index file for user if user specific urls
|
||||
template:
|
||||
src: paperless_user.html.j2
|
||||
dest: /var/www/{{ paperless_url }}/{{ paperless_user }}.html
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0755
|
||||
tags:
|
||||
- paperless-nginx
|
||||
when:
|
||||
- paperless_user_specific_urls
|
||||
|
||||
- name: remove index files for user if not user specific urls
|
||||
file:
|
||||
state: absent
|
||||
dest: /var/www/{{ paperless_url }}/{{ paperless_user }}.html
|
||||
tags:
|
||||
- paperless-nginx
|
||||
when:
|
||||
- not paperless_user_specific_urls
|
||||
|
||||
- name: template whoami.json
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: /var/www/{{ paperless_url }}/{{ item }}
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0644
|
||||
with_items:
|
||||
- whoami.json
|
||||
tags:
|
||||
- paperless-nginx
|
||||
|
||||
- name: add favicon
|
||||
copy:
|
||||
src: favicon.ico
|
||||
dest: /var/www/{{ paperless_url }}/favicon.ico
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0755
|
||||
tags:
|
||||
- paperless-nginx
|
||||
|
||||
- name: template nginx vhost for paperless
|
||||
template:
|
||||
src: 01-paperless.j2
|
||||
dest: /etc/nginx/sites-enabled/01-paperless
|
||||
dest: /etc/nginx/sites-enabled/01-{{ paperless_url }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
@ -193,3 +347,15 @@
|
|||
- nginx
|
||||
- paperless-nginx
|
||||
notify: reload nginx
|
||||
|
||||
- name: template filebeat config
|
||||
template:
|
||||
src: filebeat-paperless.yml.j2
|
||||
dest: "/etc/filebeat/inputs.d/paperless-{{ paperless_user }}.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
tags:
|
||||
- filebeat
|
||||
- filebeat-paperless-ngx
|
||||
notify: restart filebeat
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
map $authelia_user $paperless_upstream {
|
||||
ben {{ bridgewithdns['paperless-ngx-webserver'] }}:8000;
|
||||
#default localhost:8000;
|
||||
}
|
||||
|
||||
# cant use variables in the regex of a map
|
||||
map $uri $paperless_uri {
|
||||
'/$authelia_user' '/$authelia_user/';
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
{% endif -%}
|
||||
|
||||
root /var/www/{{ paperless_url }};
|
||||
server_name {{ paperless_url }};
|
||||
|
||||
include listen-proxy-protocol.conf;
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
include /etc/nginx/sudo-known.conf;
|
||||
|
||||
resolver {{ pihole_dns }} ipv6=off;
|
||||
|
||||
# set_real_ip_from 10.0.0.0/8;
|
||||
# set_real_ip_from 172.16.0.0/12;
|
||||
# set_real_ip_from 192.168.0.0/16;
|
||||
# set_real_ip_from fc00::/7;
|
||||
# real_ip_header X-Forwarded-For;
|
||||
# real_ip_recursive on;
|
||||
|
||||
|
||||
include /etc/nginx/require_auth.conf;
|
||||
if ($paperless_uri)
|
||||
{
|
||||
rewrite ^/(\w+)$ $1/ last;
|
||||
}
|
||||
|
||||
location / {
|
||||
include /etc/nginx/require_auth_proxy.conf;
|
||||
|
||||
# both work!
|
||||
set $paperless_user $authelia_user;
|
||||
#set $paperless_user $1;
|
||||
|
||||
# this also works! (but not if you use return)
|
||||
#add_header "paperless-authelia-user" $authelia_user always;
|
||||
|
||||
set $paperless_user $authelia_user;
|
||||
add_header "paperless-user" $authelia_user always;
|
||||
add_header "paperless-uri" $uri always;
|
||||
add_header "paperless-proxy" "true" always;
|
||||
add_header "paperless-location-root" "true" always;
|
||||
add_header "paperless-upstream" $paperless_upstream always;
|
||||
|
||||
# rewrite ^ $request_uri;
|
||||
#rewrite '^/\w*(/ws/.*)$' $1 break;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
|
||||
proxy_pass http://$paperless_upstream;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/access_{{ paperless_url }}.log main;
|
||||
error_log /var/log/nginx/error_{{ paperless_url }}.log warn;
|
||||
|
||||
ssl_session_timeout 5m;
|
||||
ssl_certificate /usr/local/etc/certs/{{ paperless_url }}/fullchain.pem;
|
||||
ssl_certificate_key /usr/local/etc/certs/{{ paperless_url }}/privkey.pem;
|
||||
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
}
|
|
@ -1,16 +1,21 @@
|
|||
map $authelia_user $paperless_upstream {
|
||||
{{ paperless_user }} {{ bridgewithdns['paperless-ngx-webserver'] }}:8000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
{% endif -%}
|
||||
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
|
||||
include listen-proxy-protocol.conf;
|
||||
include /etc/nginx/sudo-known.conf;
|
||||
|
||||
root /var/www/{{ paperless_url }};
|
||||
server_name {{ paperless_url }};
|
||||
|
||||
include listen-proxy-protocol.conf;
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
include /etc/nginx/sudo-known.conf;
|
||||
|
||||
resolver {{ pihole_dns }} ipv6=off;
|
||||
|
||||
# set_real_ip_from 10.0.0.0/8;
|
||||
# set_real_ip_from 172.16.0.0/12;
|
||||
|
@ -19,11 +24,56 @@ server {
|
|||
# real_ip_header X-Forwarded-For;
|
||||
# real_ip_recursive on;
|
||||
|
||||
include /etc/nginx/require_auth.conf;
|
||||
|
||||
location = / {
|
||||
add_before_body /.sudo-known/header.html;
|
||||
add_after_body /.sudo-known/footer.html;
|
||||
|
||||
add_header "paperless-user" $authelia_user always;
|
||||
add_header "paperless-uri" $uri always;
|
||||
add_header "paperless-proxy" "false" always;
|
||||
add_header "paperless-location-root" "true" always;
|
||||
|
||||
# if there is no file '$authelia_user.html', nginx issues
|
||||
# a redirect to /$authelia_user/ instead (via an internal
|
||||
# location)
|
||||
try_files /$authelia_user.html /_redirect?user=$authelia_user;
|
||||
|
||||
}
|
||||
location / {
|
||||
include /etc/nginx/require_auth.conf;
|
||||
# this block serves files from the www root (/whoami, mostly), unless
|
||||
# there is a directory with the same name as $uri is looking for (without
|
||||
# the leading /, then it gets caught by the regexp location), then it will
|
||||
# redirect to $uri/ which should be caught by the regexp block, otherwise
|
||||
# a 404 is returned.
|
||||
# theres no logic in the nginx config for this, it just depends on try_files
|
||||
# finding a dir with the matching name, then nginx will issue a redirect, and
|
||||
# is probably expecting to serve up files from that dir next.
|
||||
|
||||
add_header "paperless-user" $authelia_user always;
|
||||
add_header "paperless-uri" $uri always;
|
||||
add_header "paperless-proxy" "false" always;
|
||||
add_header "paperless-location-root" "false" always;
|
||||
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /_redirect {
|
||||
internal;
|
||||
}
|
||||
|
||||
location ~* ^/(?<paperless_user>\w+)/(.*)$ {
|
||||
include /etc/nginx/require_auth_proxy.conf;
|
||||
|
||||
proxy_pass http://{{ bridgewithdns['paperless-ngx-webserver'] }}:8000;
|
||||
# both work!
|
||||
#set $paperless_user $authelia_user;
|
||||
#set $paperless_user $1;
|
||||
# this also works! (but not if you use return)
|
||||
#add_header "paperless-authelia-user" $authelia_user always;
|
||||
|
||||
# rewrite ^ $request_uri;
|
||||
rewrite '^/\w*(/ws/.*)$' $1 break;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
@ -34,6 +84,13 @@ server {
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
|
||||
add_header "paperless-user" $authelia_user always;
|
||||
add_header "paperless-uri" $uri always;
|
||||
add_header "paperless-proxy" "true" always;
|
||||
add_header "paperless-upstream" $paperless_upstream always;
|
||||
|
||||
proxy_pass http://$paperless_upstream;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/access_{{ paperless_url }}.log main;
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
- type: filestream
|
||||
paths:
|
||||
- "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/consume.log"
|
||||
|
||||
scan_frequency: 10s
|
||||
enabled: true
|
||||
|
||||
parsers:
|
||||
- ndjson:
|
||||
keys_under_root: true
|
||||
add_error_key: true
|
||||
|
||||
fields_under_root: true
|
||||
fields:
|
||||
service.type: paperless
|
||||
consume: true
|
||||
#paperless_user: "{{ paperless_user }}"
|
||||
|
||||
tags:
|
||||
- paperless
|
||||
- consumer
|
||||
|
||||
|
||||
- type: filestream
|
||||
paths:
|
||||
- "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/paperless.log"
|
||||
- "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/mail.log"
|
||||
|
||||
scan_frequency: 10s
|
||||
enabled: true
|
||||
|
||||
fields_under_root: true
|
||||
fields:
|
||||
service.type: paperless
|
||||
paperless_user: "{{ paperless_user }}"
|
||||
|
||||
tags:
|
||||
- paperless
|
|
@ -0,0 +1,52 @@
|
|||
PAPERLESS_URL=https://{{ paperless_url }}
|
||||
PAPERLESS_SECRET_KEY={{ paperless_secret_key }}
|
||||
PAPERLESS_DBENGINE=mariadb
|
||||
PAPERLESS_DBHOST={{ mariadb_host }}
|
||||
PAPERLESS_DBNAME={{ mariadb_db }}
|
||||
PAPERLESS_DBUSER={{ systemuserlist.paperless.username }}
|
||||
PAPERLESS_DBPASS={{ systemuserlist.paperless.mariadb_pass }}
|
||||
PAPERLESS_DBPORT=3306
|
||||
PAPERLESS_TIME_ZONE=UTC
|
||||
# USER
|
||||
USERMAP_UID={{ userlist[paperless_user]['uid'] }}
|
||||
USERMAP_GID={{ userlist[paperless_user]['gid'] }}
|
||||
{% if paperless_user_specific_urls -%}
|
||||
PAPERLESS_FORCE_SCRIPT_NAME=/{{ paperless_user }}
|
||||
PAPERLESS_STATIC_URL=/{{ paperless_user }}/static/
|
||||
{% endif %}
|
||||
# FILES
|
||||
PAPERLESS_FILENAME_FORMAT_REMOVE_NONE=true
|
||||
PAPERLESS_TRASH_DIR=../media/trash
|
||||
#PAPERLESS_FILENAME_FORMAT={{ paperless_filename_format }}
|
||||
# OCR
|
||||
# see=https://ocrmypdf.readthedocs.io/en/latest/api.html#reference
|
||||
# PAPERLESS_OCR_USER_ARGS=<json>
|
||||
PAPERLESS_OCR_CLEAN=clean
|
||||
PAPERLESS_OCR_MODE={{ paperless_ocr_mode }}
|
||||
# lang codes=https://www.loc.gov/standards/iso639-2/php/code_list.php
|
||||
PAPERLESS_OCR_LANGUAGES={{ paperless_ocr_langs|join(' ') }}
|
||||
PAPERLESS_OCR_LANGUAGE={{ paperless_ocr_langs|join('+') }}
|
||||
# INITIAL ADMIN USER
|
||||
PAPERLESS_ADMIN_USER={{ paperless_admin_user }}
|
||||
PAPERLESS_ADMIN_MAIL={{ paperless_admin_email }}
|
||||
PAPERLESS_ADMIN_PASSWORD={{ paperless_admin_passwd }}
|
||||
# DATES
|
||||
PAPERLESS_IGNORE_DATES={{ userlist[paperless_user]['birthday'] }},1970-01-01
|
||||
PAPERLESS_NUMBER_OF_SUGGESTED_DATES=5
|
||||
# AUTH
|
||||
PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
|
||||
PAPERLESS_LOGOUT_REDIRECT_URL=https://{{ authelia_login_url }}/logout
|
||||
# CONSUMER
|
||||
PAPERLESS_POST_CONSUME_SCRIPT=/usr/src/paperless/bin/post-consume.py
|
||||
PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/bin/pre-consume.py
|
||||
PAPERLESS_CONSUMER_RECURSIVE=true
|
||||
PAPERLESS_CONSUMER_SUBDIRS_AS_TAG=true
|
||||
# (default) leave duplicates
|
||||
PAPERLESS_CONSUMER_DELETE_DUPLICATES=false
|
||||
# REDIS, TIKA, GOTENBERG
|
||||
PAPERLESS_REDIS=redis://paperless-ngx-redis-{{ paperless_user }}:6379
|
||||
PAPERLESS_TIKA_ENABLED=true
|
||||
PAPERLESS_TIKA_ENDPOINT=http://paperless-ngx-tika:9998
|
||||
PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-ngx-gotenberg:3000
|
||||
# CUSTOM
|
||||
PAPERLESS_USER={{ paperless_user }}
|
|
@ -0,0 +1,41 @@
|
|||
|
||||
<div class="terminal">
|
||||
<div class="pagetitle">{{ paperless_url }} | {{ paperless_user }}</div>
|
||||
|
||||
<ul>
|
||||
<li class="icon">
|
||||
<a href="/ben">/ben</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="terminal">
|
||||
<div class="subpagetitle">> shared</div>
|
||||
<ul>
|
||||
<li class="icon">
|
||||
<a href="/petstore">/petstore</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
{{ inventory_hostname }}
|
||||
|
||||
<script>
|
||||
window.onload = function() {
|
||||
console.log(document.location);
|
||||
if (document.location == "https://{{ paperless_url }}/") {
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.addEventListener("load", function() {
|
||||
paperless_user = xhr.getResponseHeader("Paperless-User").toLowerCase();
|
||||
redirect = "https://{{ paperless_url }}/" + paperless_user + "/";
|
||||
console.log(redirect)
|
||||
setTimeout(function() {
|
||||
window.location.replace(redirect);
|
||||
}, 10000);
|
||||
}, false);
|
||||
xhr.open('GET', "/whoami.json");
|
||||
xhr.send();
|
||||
}
|
||||
|
||||
}
|
||||
</script>
|
|
@ -0,0 +1 @@
|
|||
{{ {} | to_nice_json() }}
|
Loading…
Reference in New Issue
this file needs a better name, like
common_consume_logger.py
.