This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/paperless-ng/index.md
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421)
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00

2.7 KiB

title
Paperless-ng

Support level: Community

What is Paperless-ng

Modified from https://github.com/jonaswinkler/paperless-ng

:::note Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained. :::

:::caution This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources.

The author of Paperless-ng recommends you do not expose Paperless outside your network, as it was not designed for that. Instead, they "recommend that if you do want to use it, run it locally on a server in your own home." :::

Preparation

The following placeholders will be used:

  • paperless.company is the FQDN of the Paperless-ng install.

Also set up your proxy server to use forward auth with paperless.company: https://goauthentik.io/docs/providers/proxy/forward_auth

Paperless

Start by adding the following environment variables to your Paperless-ng setup. If you are using docker-compose, then add the following to your docker-compose.env file:

PAPERLESS_ENABLE_HTTP_REMOTE_USER=TRUE
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=HTTP_X_AUTHENTIK_USERNAME

Authentik automatically sets this header when we use a proxy outpost.

Now restart your container: docker-compose down && docker-compose up -d

authentik

Provider In authentik, go to the Admin Interface and click Applications/Providers.

Create a Proxy Provider. Give it a name (e.g. Paperless Proxy), then choose explicit or implicit consent (whether you want authentic to show a button to proceed to Paperless after login, or to just go there).

Choose Forward Auth (single application), then add the External host: https://paperless.company

Click Create to finish creating the provider.

Application

Now go to Applications/Applications and create a new application.

Give it a name, this one is displayed to users. E.g. Paperless.

Set the slug, let's use paperless.

Now select the provider we created earlier, e.g. Paperless Proxy.

Click Create to create the application.

Outpost

Now go to Applications/Outposts and click the edit button for "authentik Embedded Outpost".

Under Applications, click Paperless to select it (use ctrl+click to select multiple), then click Update at the bottom.

Finished

Now you can access Paperless-ng by logging in with authentik. Note that your authentik username and your Paperless username MUST match.