Concerning minimum Server Requirements. There Are none: Read why here
This Documentation is meant to exactly follow steep by step. There might be a yes or no you must provide that we dont mention.
Last tested: 02.05.2024
Pre-Requisites
sudo apt update
sudo apt upgrade
sudo su
apt update
apt install ca-certificates curl gnupg apt-transport-https gpg
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" |tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-compose
systemctl is-active docker
A response should show: „active“
apt install wget
sudo adduser pl
Answer questions:
sudo usermod -aG sudo pl
sudo usermod -aG docker pl
groups pl
should answer with „pl sudo users docker“
type exit enter (2x)
login as user pl
ssh pl@
bash -c "$(curl --location --silent --show-error https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/install-paperless-ngx.sh)"
Europe/Berlin (A List of Timezones)
mariadb
yes
deu (for german)
nano nginx.conf
Copy Following Code into the file:
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name ;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
}
Press: CTRL+s and CTRL+x to save and leave the file.
docker run --name nginx-proxy -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf:ro -v /etc/letsencrypt:/etc/letsencrypt:ro -v /var/www/certbot:/var/www/certbot:rw -p 80:80 -p 443:443 -d nginx
docker network create my-network
docker network connect my-network paperless-webserver-1
docker network connect my-network nginx-proxy
docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/www/certbot:/var/www/certbot" certbot/certbot certonly --webroot --webroot-path=/var/www/certbot -d --agree-tos --email
nano nginx.conf
Now we insert the new Nginx Config with Port 443 (remove old content entrirely with CTRL+k – until all lines are deleted, then paste new Config)
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name ;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name ;
ssl_certificate /etc/letsencrypt/live//fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live//privkey.pem;
location / {
proxy_pass http://paperless-webserver-1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Press: CTRL+s and CTRL+x to save and leave the file.
docker restart nginx-proxy
docker ps
for each container: (should be 5) copy the id’s from the output of the last command
docker update --restart=unless-stopped
for a new certificate.
docker run -it --rm --name certbot \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/www/certbot:/var/www/certbot" \
certbot/certbot renew
docker restart nginx-proxy
cron for auto renew.
crontab -e
(ggf. editor wählen)
Füge diese Zeile hinzu (alle 12 Stunden prüfen):
0 */12 * * * docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/www/certbot:/var/www/certbot" certbot/certbot renew && docker restart nginx-proxy