diff --git a/env-production.template b/env-production.template
index 087a379..ff07c1f 100644
--- a/env-production.template
+++ b/env-production.template
@@ -42,6 +42,9 @@ PAPERLESS_SECRET_KEY=your_paperless_secret_key_here
 PAPERLESS_ADMIN_USER=admin
 PAPERLESS_ADMIN_PASSWORD=your_paperless_admin_password_here
 PAPERLESS_ADMIN_MAIL=admin@vhtv-stiftung.de
+# Paperless URL configuration for reverse proxy
+PAPERLESS_URL=https://vhtv-stiftung.de/paperless
+PAPERLESS_FORCE_SCRIPT_NAME=/paperless
 
 # GRAMPS WEB CONFIGURATION
 GRAMPSWEB_SECRET_KEY=your_grampsweb_secret_key_here
diff --git a/paperless/paperless_custom_settings.py b/paperless/paperless_custom_settings.py
index 750de13..9512269 100644
--- a/paperless/paperless_custom_settings.py
+++ b/paperless/paperless_custom_settings.py
@@ -10,9 +10,18 @@ SESSION_COOKIE_NAME = 'paperless_sessionid'
 # Also change CSRF cookie name for good measure
 CSRF_COOKIE_NAME = 'paperless_csrftoken'
 
-# Ensure cookies are scoped to avoid conflicts
-SESSION_COOKIE_PATH = '/'
-CSRF_COOKIE_PATH = '/'
+# Scope cookies to Paperless path to avoid conflicts
+SESSION_COOKIE_PATH = '/paperless/'
+CSRF_COOKIE_PATH = '/paperless/'
 
 # Different secret key salt to ensure session isolation
-SESSION_COOKIE_SALT = 'paperless.sessions'
\ No newline at end of file
+SESSION_COOKIE_SALT = 'paperless.sessions'
+
+# Fix login redirect to stay within Paperless scope  
+# Use environment variable if set, otherwise default to /paperless/
+LOGIN_REDIRECT_URL = os.getenv('PAPERLESS_LOGIN_REDIRECT_URL', '/paperless/')
+LOGOUT_REDIRECT_URL = os.getenv('PAPERLESS_LOGOUT_REDIRECT_URL', '/paperless/')
+LOGIN_URL = '/paperless/accounts/login/'
+
+# Ensure Force Script Name for proper URL handling behind proxy
+FORCE_SCRIPT_NAME = os.getenv('PAPERLESS_FORCE_SCRIPT_NAME', '/paperless')
\ No newline at end of file