services: webserver: image: ghcr.io/paperless-ngx/paperless-ngx:latest restart: unless-stopped depends_on: - db - broker ports: - "8000:8000" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000"] interval: 30s timeout: 10s retries: 5 volumes: - /srv/mergerfs/DataPool/pdfs/data:/usr/src/paperless/data - /srv/mergerfs/DataPool/pdfs/media:/usr/src/paperless/media - /srv/mergerfs/DataPool/pdfs/export:/usr/src/paperless/export - /srv/mergerfs/DataPool/pdfs/consume:/usr/src/paperless/consume environment: PAPERLESS_REDIS: redis://broker:6379 PAPERLESS_DBHOST: db PAPERLESS_DBNAME: paperless PAPERLESS_DBUSER: paperless PAPERLESS_DBPASS: paperless PAPERLESS_CONSUMER_POLLING: "1" # CSRF and reverse proxy configuration for Caddy PAPERLESS_URL: https://paperless.pressmess.duckdns.org PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.pressmess.duckdns.org PAPERLESS_ALLOWED_HOSTS: paperless.pressmess.duckdns.org # Security settings for reverse proxy PAPERLESS_USE_X_FORWARDED_HOST: true PAPERLESS_USE_X_FORWARDED_PORT: true PAPERLESS_SECURE_SSL_REDIRECT: true # Additional security headers PAPERLESS_SECURE_BROWSER_XSS_FILTER: true PAPERLESS_SECURE_CONTENT_TYPE_NOSNIFF: true PAPERLESS_SECURE_HSTS_INCLUDE_SUBDOMAINS: true PAPERLESS_SECURE_HSTS_SECONDS: 31536000 db: image: postgres:15 restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -U paperless"] interval: 10s timeout: 5s retries: 5 volumes: - paperless_pgdata_fixed:/var/lib/postgresql/data environment: POSTGRES_DB: paperless POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless broker: image: redis:6.0 restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 volumes: paperless_pgdata_fixed: external: true