Logo Gray

paperless ngx on fresh Debian 12 Server in 10 Minutes (domain, SSL, without Port)

Concerning minimum Server Requirements. There Are none: Read why here

This Documentation is meant to exactly follow steep by step. There might be a yes or no you must provide that we dont mention. 

Last tested: 02.05.2024

 Debian 12 is Installed

Pre-Requisites

  • a Domain or Subdomain (if you want to use instead of IP)

Installing Updates and Docker

				
					sudo apt update
				
			
				
					sudo apt upgrade
				
			
				
					sudo su
				
			
				
					apt update
				
			
				
					apt install ca-certificates curl gnupg apt-transport-https gpg
				
			
				
					curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" |tee /etc/apt/sources.list.d/docker.list > /dev/null 
apt update
				
			
				
					apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-compose
				
			
				
					systemctl is-active docker
				
			

A response should show: „active“

Installing WGET

				
					apt install wget
				
			

Add User with and giving him rights

				
					sudo adduser pl
				
			

Answer questions:

  • Password (two times)
  • everythingh following is optional (five times)
				
					sudo usermod -aG sudo pl

				
			
				
					sudo usermod -aG docker pl
				
			
				
					groups pl

				
			

should answer with „pl sudo users docker“

type exit enter (2x)

Login as new User and install paperless-ngx

login as user pl

				
					ssh pl@<YOUR-SERVER-IP>
				
			
				
					bash -c "$(curl --location --silent --show-error https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/install-paperless-ngx.sh)"
				
			

Paperless-Configurations:

  • URL: <WITH Protokoll e.g. https://YOUR.URL>
  • Port: ENTER
  • Time Zone: Europe/Berlin (A List of Timezones)
  • Database Backend: mariadb
  • Enable Apache Tika?: yes
  • OCR language: deu (for german)
  • User-ID: ENTER
  • Group-ID: ENTER
  • Folders: all ENTER (five times)
  • paperless username: <Your self set username> (for the paperless-Login/initial admin)
  • password: (two times)
  • email: (NOT optional)
  • any key to install

Installing NGINX

				
					nano nginx.conf
				
			

Copy Following Code into the file:

				
					events {
    worker_connections 1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 80;
        server_name <DEINE DOMAIN>;

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        location / {
            return 301 https://$host$request_uri;
        }
    }
    
}

				
			

Press: CTRL+s and CTRL+x to save and leave the file.

				
					docker run --name nginx-proxy -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf:ro -v /etc/letsencrypt:/etc/letsencrypt:ro -v /var/www/certbot:/var/www/certbot:rw -p 80:80 -p 443:443 -d nginx
				
			
				
					docker network create my-network
				
			
				
					docker network connect my-network paperless-webserver-1
				
			
				
					docker network connect my-network nginx-proxy
				
			

Certbot

				
					docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/www/certbot:/var/www/certbot" certbot/certbot certonly --webroot --webroot-path=/var/www/certbot -d <YOUR DOMAIN> --agree-tos --email <YOUR-EMAIL@EXAMPLE.com>
				
			

Renewing NGINX Config

				
					nano nginx.conf
				
			

Now we insert the new Nginx Config with Port 443 (remove old content entrirely with CTRL+k  – until all lines are deleted, then paste new Config)

				
					events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 80;
        server_name <YOUR DOMAIN>;

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
            allow all;
        }

        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 443 ssl;
        server_name <YOUR DOMAIN>;

        ssl_certificate /etc/letsencrypt/live/<YOUR DOMAIN>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<YOUR DOMAIN>/privkey.pem;

        location / {
            proxy_pass http://paperless-webserver-1:8000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

				
			

Press: CTRL+s and CTRL+x to save and leave the file.

				
					docker restart nginx-proxy

				
			

Last step: Start Containers again

				
					docker ps
				
			

for each container: (should be 5) copy the id’s from the output of the last command

				
					docker update --restart=unless-stopped <Container-ID>
				
			

Certbot renew:

for a new certificate.

				
					docker run -it --rm --name certbot \
  -v "/etc/letsencrypt:/etc/letsencrypt" \
  -v "/var/www/certbot:/var/www/certbot" \
  certbot/certbot renew
				
			
				
					docker restart nginx-proxy
				
			

cron for auto renew.

				
					crontab -e
				
			

(ggf. editor wählen)

Füge diese Zeile hinzu (alle 12 Stunden prüfen):

				
					0 */12 * * * docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/www/certbot:/var/www/certbot" certbot/certbot renew && docker restart nginx-proxy