Initial commit: homelab configuration and documentation

services/standalone/Paperless/docker-compose.yaml

@@ -0,0 +1,87 @@
+version: "3.9"
+
+services:
+  broker:
+    image: docker.io/library/redis:7
+    restart: unless-stopped
+    volumes:
+      - redisdata:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+    networks:
+      - web
+
+  db:
+    image: docker.io/library/postgres:15
+    restart: unless-stopped
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: paperless
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB} || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - web
+
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+      - broker
+    ports:
+      - "8000:8000"
+    volumes:
+      - data:/usr/src/paperless/data
+      - media:/usr/src/paperless/media
+      - ./export:/usr/src/paperless/export
+      - ./consume:/usr/src/paperless/consume
+    environment:
+      PAPERLESS_DBHOST: db
+      PAPERLESS_DBNAME: paperless
+      PAPERLESS_DBUSER: paperless
+      PAPERLESS_DBPASS: paperless
+      PAPERLESS_REDIS: redis://broker:6379/0
+      PAPERLESS_TIME_ZONE: "America/Chicago"
+      PAPERLESS_SECRET_KEY: "replace-with-a-64-char-random-string"
+      PAPERLESS_ADMIN_USER: admin@example.local
+      PAPERLESS_ADMIN_PASSWORD: changeme
+      PAPERLESS_ALLOWED_HOSTS: '["paperless.sj98.duckdns.org"]'
+      PAPERLESS_CSRF_TRUSTED_ORIGINS: '["https://paperless.sj98.duckdns.org"]'
+
+       # Add / adjust these for running behind Traefik:
+      PAPERLESS_URL: "https://paperless.sj98.duckdns.org"          # required/preferred
+      PAPERLESS_PROXY_SSL_HEADER: '["HTTP_X_FORWARDED_PROTO","https"]'  # tells Django to treat X-Forwarded-Proto=https as TLS
+      PAPERLESS_USE_X_FORWARD_HOST: "true"                         # optional, can help URL generation
+      PAPERLESS_USE_X_FORWARD_PORT: "true"                         # optional
+      # Optional: restrict trusted proxies to your docker network or Traefik IP
+      # PAPERLESS_TRUSTED_PROXIES: "172.18.0.0/16"   # <-- replace with your web network subnet or Traefik IP if you want to lock down
+    networks:
+      - web
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.paperless.rule=Host(`paperless.sj98.duckdns.org`)"
+      - "traefik.http.routers.paperless.entrypoints=websecure"
+      - "traefik.http.routers.paperless.tls=true"
+      - "traefik.http.routers.paperless.tls.certresolver=duckdns"
+      - "traefik.http.services.paperless.loadbalancer.server.port=8000"
+      - "tsdproxy.enable=true"
+      - "tsdproxy.name=paperless"
+
+volumes:
+  data:
+  media:
+  pgdata:
+  redisdata:
+
+networks:
+  web:
+    external: true