Updated Using a Reverse Proxy with Paperless ngx (markdown)

2025-05-24 02:02:23 -04:00 · 2025-04-26 21:39:03 +09:30 · 2025-04-26 21:39:03 +09:30 · 6074f7e128
commit 6074f7e128
parent b47ed4560b
1 changed files with 53 additions and 1 deletions
--- a/Using-a-Reverse-Proxy-with-Paperless-ngx.md
+++ b/Using-a-Reverse-Proxy-with-Paperless-ngx.md
@ -151,7 +151,7 @@ Below is an example of an apache2 conf file that you may customize to fit your e
 # Caddy
-Below is an example Caddy configuration
+Below is a simple example Caddy configuration running on same host
 ```
 :80 {
@ -161,6 +161,58 @@ Below is an example Caddy configuration
 }
 ```
 Below is a more in-depth, although not comprehensive, Caddy configuration running on different host
 ```
 # Global Options Block
 {
 }
 #### Reusable Snippets
 (common) {
        tls youremailaddress@host.com {
                dns cloudflare {env.CLOUDFLARE_API_TOKEN}
        }
        header {
        # Enable HSTS
                Strict-Transport-Security "max-age=31536000; includeSubdomains"
                X-XSS-Protection 0
        # Prevent browsers from incorrectly detecting non-scripts as scripts and MIME type sniffing
                X-Content-Type-Options nosniff
                -Server
        # Enable cross-site filter (XSS) and tell browser to block detected attacks
                X-Frame-Options "ALLOW-FROM *.example.domain"
                Permissions-Policy "geolocation=(self  *.example.domain), microphone=(), interest-cohort=()"
                        import content-security-general
        }
 }
 #### Content Security Snippets
 (content-security-general) { # Default setup
        # Disable unsafe inline/eval and plugins, only load scripts and stylesheets from same origin, fonts from google,
        #   and images from same origin and imgur. Sites should aim for policies like this.
        Content-Security-Policy "frame-ancestors  *.example.domain"
        #"default-src 'self'; style-src 'self'; script-src 'self'; font-src 'self'; img-src 'self'; form-action 'self'; connect-src 'self'; frame-ancestors 'none';"
        #default-src 'none'; font-src https://fonts.gstatic.com; img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self'
 }
 (content-security-basic) { # Most basic setup
        # Disable unsafe inline/eval, only load resources from same origin except also allow images from imgur
        # Also disables the execution of plugins
        Content-Security-Policy default-src 'self'; img-src 'self' https://i.imgur.com; object-src 'none'
 }
 (content-security-api) { # API
        # Disable the loading of any resources and disable framing, recommended for APIs to use
        Content-Security-Policy default-src 'none'; frame-ancestors 'none'
 }
 #### Sites
 paperless.ProxiedExample.domain {
        import common
        reverse_proxy https://paperless.HostExample.domain {
                header_up Host {http.reverse_proxy.upstream.hostport}
        }
 }
 ```
 # Traefik
 Below is an example Traefik configuration you would add to the webserver container.