# Paperless-NGX with Office Document Support # URL: https://docs.vish.gg # Port: 8777 # Notifications: ntfy (http://192.168.0.210:8081/paperless) # SSO: Authentik OIDC (sso.vish.gg/application/o/paperless/) services: redis: image: redis:8 command: - /bin/sh - -c - redis-server --requirepass REDACTED_PASSWORD container_name: PaperlessNGX-REDIS hostname: paper-redis security_opt: - no-new-privileges:true read_only: true user: 1026:100 healthcheck: test: ["CMD-SHELL", "redis-cli ping || exit 1"] volumes: - /volume1/docker/paperlessngx/redis:/data:rw environment: TZ: America/Los_Angeles restart: on-failure:5 db: image: postgres:18 container_name: PaperlessNGX-DB hostname: paper-db security_opt: - no-new-privileges:true healthcheck: test: ["CMD", "pg_isready", "-q", "-d", "paperless", "-U", "paperlessuser"] timeout: 45s interval: 10s retries: 10 volumes: - /volume1/docker/paperlessngx/db:/var/lib/postgresql:rw environment: POSTGRES_DB: paperless POSTGRES_USER: paperlessuser POSTGRES_PASSWORD: "REDACTED_PASSWORD" restart: on-failure:5 gotenberg: image: gotenberg/gotenberg:latest container_name: PaperlessNGX-GOTENBERG hostname: gotenberg security_opt: - no-new-privileges:true user: 1026:100 command: - "gotenberg" - "--chromium-disable-javascript=true" - "--chromium-allow-list=file:///tmp/.*" restart: on-failure:5 tika: image: docker.io/apache/tika:latest container_name: PaperlessNGX-TIKA hostname: tika security_opt: - no-new-privileges:true user: 1026:100 restart: on-failure:5 paperless: image: ghcr.io/paperless-ngx/paperless-ngx:latest container_name: PaperlessNGX hostname: paperless-ngx security_opt: - no-new-privileges:true healthcheck: test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] interval: 30s timeout: 10s retries: 5 ports: - 8777:8000 volumes: - /volume1/docker/paperlessngx/data:/usr/src/paperless/data:rw - /volume1/docker/paperlessngx/media:/usr/src/paperless/media:rw - /volume1/docker/paperlessngx/export:/usr/src/paperless/export:rw - /volume1/docker/paperlessngx/consume:/usr/src/paperless/consume:rw - /volume1/docker/paperlessngx/trash:/usr/src/paperless/trash:rw environment: PAPERLESS_REDIS: redis://:redispass@paper-redis:6379 PAPERLESS_DBENGINE: postgresql PAPERLESS_DBHOST: paper-db PAPERLESS_DBNAME: paperless PAPERLESS_DBUSER: paperlessuser PAPERLESS_DBPASS: paperlesspass PAPERLESS_EMPTY_TRASH_DIR: ../trash PAPERLESS_FILENAME_FORMAT: "{{ created_year }}/{{ correspondent }}/{{ document_type }}/{{ title }}" PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD: 6 PAPERLESS_TASK_WORKERS: 1 USERMAP_UID: 1026 USERMAP_GID: 100 PAPERLESS_SECRET_KEY: "REDACTED_SECRET_KEY" PAPERLESS_TIME_ZONE: America/Los_Angeles PAPERLESS_ADMIN_USER: vish PAPERLESS_ADMIN_PASSWORD: "REDACTED_PASSWORD" # pragma: allowlist secret PAPERLESS_URL: https://docs.vish.gg PAPERLESS_CSRF_TRUSTED_ORIGINS: https://docs.vish.gg PAPERLESS_OCR_LANGUAGE: eng PAPERLESS_TIKA_ENABLED: 1 PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 PAPERLESS_TIKA_ENDPOINT: http://tika:9998 # ntfy notification on document consumption PAPERLESS_POST_CONSUME_SCRIPT: /usr/src/paperless/data/notify.sh # Authentik OIDC SSO PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect PAPERLESS_SOCIALACCOUNT_PROVIDERS: >- {"openid_connect": {"APPS": [{"provider_id": "paperless", "name": "Authentik", "client_id": "paperless", "secret": "10e705242ca03f59b10ea831REDACTED_GITEA_TOKEN", "settings": {"server_url": "https://sso.vish.gg/application/o/paperless/.well-known/openid-configuration"}}]}} restart: on-failure:5 depends_on: db: condition: service_healthy redis: condition: service_healthy tika: condition: service_started gotenberg: condition: service_started