path: root/deskutils/py-paperless/files/paperless.7.in

.\"
.\" Copyright (c) 2019 Michael Gmelin
.\"
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd September 17, 2020
.Dt PAPERLESS 7
.Os
.Sh NAME
.Nm paperless
.Nd Index and archive scanned paper documents - installation
.Sh SYNOPSIS
.Nm pkg install %%PKGBASE%%
.Sh DESCRIPTION
.Em Paperless
is a simple Django application running in two parts: The consumer,
which does the indexing and a web interface, which allows searching
and downloading already-indexed documents.
.Pp
This man page documents how the
.Fx FreeBSD
port is installed and configured.
It assumes that the paperless package was already installed, e.g., from the
.Fx FreeBSD
package repo as described in
.Sx SYNOPSIS .
.Pp
For more information about using paperless, see
.Dq the official paperless documentation
.Pa ( file:/%%DOCSDIR%%/index.html
or
.Pa https://paperless.readthedocs.io ) .
.Pp
The package creates a symlink from
.Pa %%PYTHONPREFIX_SITELIBDIR%%/paperless/manage.py
to
.Pa %%PREFIX%%/bin/paperless
for convenience reasons, so whenever the official
documentation mentions
.Em manage.py
it can be substituted with
.Pa %%PREFIX%%/bin/paperless
or simply
.Pa paperless .
.Pp
.Em Paperless always needs to be run using the correct system user
and an UTF-8 codepage.
.Pp
The package %%PKGBASE%% created a user
.Em paperless
with the following home directory layout, setting appropriate
restrictive access permissions:
.Bl -tag -width "/var"
.It Pa /var/db/paperless
home directory (only writeable by root)
.Bl -tag -width "consume/" -compact
.It Pa consume/
Consume directory writable by root, used as chroot directory
for sftp access (see below).
.Bl -tag -width "123" -compact
.It Pa input/
Input files are dropped in there to be processed by the
paperless document consumer - either directly or via
a mechanism like sftp.
.El
.It Pa media/
Directory used by paperless to store original files and
thumbnails.
.It Pa sqlite/
Contains paperless' SQLite database.
.El
.El
.Sh CONSUMER SETUP
In case documents should be PGP encrypted,
.Va PAPERLESS_PASSPHRASE
needs to be configured in
.Pa %%PREFIX%%/etc/paperless.conf
first.
.Pp
Also,
.Va PAPERLESS_OCR_THREADS
can be tuned in the same configuration file to limit
the impact on system performance.
.Pp
To use paperless, the consumer is enabled
.Bd -literal -offset indent
sysrc paperless_consumer_enable=YES
.Ed
.Pp
and subsequently started
.Bd -literal -offset indent
service paperless-consumer start
.Ed
.Pp
(which also creates/updates the paperless SQLite database).
.Pp
Therefore, restarting the consumer after updates
.Bd -literal -offset indent
service paperless-consumer restart
.Ed
.Pp
updates the database before starting the new program version.
.Sh WEB UI SETUP
Before using the web ui, make sure to create a super user and assign
a password
.Bd -literal -offset indent
su -l paperless -c '%%PREFIX%%/bin/paperless createsuperuser'
.Ed
.Pp
It is recommended to host the web component using a real
web server, e.g., nginx + uwsgi.
.Pp
Install and configure uwsgi:
.Bd -literal -offset indent
pkg install uwsgi
mkdir -p %%PREFIX%%/etc/uwsgi
cp %%EXAMPLESDIR%%/uwsgi.ini \\
    %%PREFIX%%/etc/uwsgi/paperless.ini
sysrc uwsgi_enable=YES
sysrc uwsgi_profiles+=paperless
sysrc uwsgi_paperless_socket_owner=paperless:www
sysrc uwsgi_paperless_uid=paperless
sysrc uwsgi_paperless_gid=paperless
sysrc uwsgi_paperless_configfile=%%PREFIX%%/etc/uwsgi/paperless.ini
.Ed
.Pp
Start the uwsgi process:
.Bd -literal -offset indent
service uwsgi start paperless
.Ed
.Pp
Install nginx:
.Bd -literal -offset indent
pkg install nginx
.Ed
.Pp
Create a basic server configuration (
.Pa %%PREFIX%%/etc/nginx/nginx.conf
), example snippet:
.Bd -literal -offset indent
server {
    listen 80;
    server_name localhost;

    location /static/ {
        alias %%WWWDIR%%/static/;
    }

    location / {
        uwsgi_pass unix:/tmp/uwsgi-paperless.sock;
        include uwsgi_params;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   %%PREFIX%%/www/nginx-dist;
    }
}
.Ed
.Pp
Enable and start nginx:
.Bd -literal -offset indent
sysrc nginx_enable=YES
service nginx start
.Ed
.Pp
.Em \In a real world setup, nginx should be configured to use TLS
.Em and (potentially) client certificates .
.Sh SFTP SETUP
Setting up
.Em sftp
enabled direct upload of files to be processed by the paperless
consumer.
Some scanners allow configuring sftp with key based authentication,
which is convenient as it scans directly to the paperless processing
pipeline.
.Pp
In case paperless is using a dedicated instance of
.Xr sshd 8 ,
access can be limited to the paperless user by adding
these lines to
.Pa /etc/ssh/sshd_config :
.Bd -literal -offset indent
# Only include if sshd is dedicated to paperless
# otherwise you'll lock yourself out
AllowUsers paperless
.Ed
.Pp
The following block limits the paperless user to using the
.Xr sftp 1
protocol and locks it into the consume directory:
.Bd -literal -offset indent
# paperless can only do sftp and is dropped into correct directory
Match User paperless
	ChrootDirectory %h/consume
	ForceCommand internal-sftp -u 0077 -d /input
	AllowTcpForwarding no
	X11Forwarding no
	PasswordAuthentication no
.Ed
.Pp
The public keys of authorized users/devices need to be added to
.Pa /var/db/paperless/.ssh/authorized_keys :
.Bd -literal -offset indent
mkdir -p /var/db/paperless/.ssh
cat path/to/pubkey >>/var/db/paperless/.ssh/authorized_keys
.Ed
.Pp
Make sure
.Xr sshd 8
is enabled and restart (or reload) it:
.Bd -literal -offset indent
sysrc sshd_enable=YES
service sshd restart
.Ed
.Pp
The user will be dropped into the correct directory, so uploading
a file is as simple as:
.Bd -literal -offset indent
echo put file.pdf | sftp -b - paperless@host
.Ed
.Sh FILES
.Bl -tag -width ".Pa %%PREFIX%%/etc/paperless.conf" -compact
.It Pa %%PREFIX%%/etc/paperless.conf
See self-documented
.Pa %%PREFIX%%/etc/paperless.conf.sample
for example.
.It Pa %%DOCSDIR%%/index.html
Official documentation for the version installed.
.It Pa %%DOCSDIR%%/presentation/index.html
Presentation of the motivation for and technology behind paperless.
.It Pa %%EXAMPLESDIR%%
Configuration examples, complementary to this man page.
.El
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr sshd_config 5 ,
.Xr ports 7 ,
.Xr daemon 8 ,
.Xr service 8 ,
.Xr sysrc 8
.Pp
.Rs
.%B "Official paperless documentation"
.Re
.Pp
.Pa https://paperless.readthedocs.io
.Sh AUTHORS
.An -nosplit
This manual page was written by
.An Michael Gmelin Aq Mt grembo@FreeBSD.org .