Add Paperless-ngx to production deployment

- Add Paperless-ngx service to Docker Compose configuration
- Configure nginx routing for /paperless/ path with large file support
- Add production environment variables for Paperless
- Create automated setup script for initial Paperless configuration
- Add comprehensive production setup documentation
- Configure Paperless with HTTPS and proper database setup
- Update Django app to use production Paperless instance

deploy-production/docker-compose.prod.yml

@@ -141,6 +141,46 @@ services:
           memory: 512M
           cpus: '0.5'
 
+  paperless:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+      - redis
+    ports:
+      - "127.0.0.1:8080:8000"
+    healthcheck:
+      test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    volumes:
+      - paperless_data:/usr/src/paperless/data
+      - paperless_media:/usr/src/paperless/media
+      - paperless_export:/usr/src/paperless/export
+      - paperless_consume:/usr/src/paperless/consume
+    environment:
+      PAPERLESS_REDIS: redis://redis:6379
+      PAPERLESS_DBHOST: db
+      PAPERLESS_DBNAME: ${PAPERLESS_DB:-paperless}
+      PAPERLESS_DBUSER: ${PAPERLESS_USER:-paperless}
+      PAPERLESS_DBPASS: ${PAPERLESS_PASSWORD:-paperless}
+      PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER:-admin}
+      PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD:-admin}
+      PAPERLESS_ADMIN_MAIL: ${PAPERLESS_ADMIN_MAIL:-admin@localhost}
+      PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY}
+      PAPERLESS_URL: https://vhtv-stiftung.de/paperless
+      PAPERLESS_ALLOWED_HOSTS: vhtv-stiftung.de,www.vhtv-stiftung.de
+      PAPERLESS_CORS_ALLOWED_HOSTS: https://vhtv-stiftung.de,https://www.vhtv-stiftung.de
+      PAPERLESS_TRUSTED_PROXIES: 172.16.0.0/12,10.0.0.0/8,192.168.0.0/16
+      PAPERLESS_FORCE_SCRIPT_NAME: /paperless
+      PAPERLESS_STATIC_URL: /paperless/static/
+    deploy:
+      resources:
+        limits:
+          memory: 2G
+          cpus: '1.0'
+
 volumes:
   postgres_data:
   redis_data:
@@ -149,6 +189,10 @@ volumes:
   gramps_thumb_cache:
   gramps_cache:
   gramps_secret:
+  paperless_data:
+  paperless_media:
+  paperless_export:
+  paperless_consume:
 
 networks:
   default:

deploy-production/nginx.conf

@@ -66,6 +66,22 @@ server {
         proxy_busy_buffers_size 256k;
     }
 
+    # Paperless-ngx document management
+    location /paperless/ {
+        proxy_pass http://127.0.0.1:8080/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Script-Name /paperless;
+        
+        # Large file uploads for documents
+        client_max_body_size 100M;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 300s;
+        proxy_send_timeout 300s;
+    }
+
     # Gramps Web (optional)
     location /gramps/ {
         proxy_pass http://127.0.0.1:5000/;

deploy-production/setup-paperless.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Paperless-ngx Production Setup Script
+# Run this script after deploying the updated Docker Compose configuration
+
+set -e
+
+echo "🔧 Setting up Paperless-ngx in production..."
+
+# Check if we're in the right directory
+if [ ! -f "docker-compose.yml" ]; then
+    echo "❌ Error: docker-compose.yml not found. Please run this script from /opt/stiftung"
+    exit 1
+fi
+
+# Generate a random secret key for Paperless
+echo "🔑 Generating Paperless secret key..."
+PAPERLESS_SECRET=$(python3 -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())")
+
+echo "📝 Add this to your .env file:"
+echo "PAPERLESS_SECRET_KEY=$PAPERLESS_SECRET"
+echo ""
+
+# Start containers
+echo "🚀 Starting containers..."
+docker-compose up -d
+
+# Wait for database to be ready
+echo "⏳ Waiting for database to be ready..."
+sleep 30
+
+# Create database for Paperless if it doesn't exist
+echo "🗄️ Setting up Paperless database..."
+docker-compose exec -T db psql -U ${POSTGRES_USER:-stiftung} -d ${POSTGRES_DB:-stiftung} -c "CREATE DATABASE paperless_prod;" || echo "Database may already exist"
+docker-compose exec -T db psql -U ${POSTGRES_USER:-stiftung} -d ${POSTGRES_DB:-stiftung} -c "CREATE USER paperless_user WITH PASSWORD 'secure-paperless-password';" || echo "User may already exist"
+docker-compose exec -T db psql -U ${POSTGRES_USER:-stiftung} -d ${POSTGRES_DB:-stiftung} -c "GRANT ALL PRIVILEGES ON DATABASE paperless_prod TO paperless_user;" || echo "Privileges may already be granted"
+
+# Run Paperless migrations
+echo "📊 Running Paperless migrations..."
+docker-compose exec -T paperless python3 manage.py migrate
+
+# Create Paperless superuser
+echo "👤 Creating Paperless superuser..."
+echo "Note: You'll need to set a strong password for the admin user"
+docker-compose exec paperless python3 manage.py createsuperuser --username admin --email admin@vhtv-stiftung.de
+
+# Get API token
+echo "🔐 Getting API token for Django integration..."
+echo "You can get your API token by:"
+echo "1. Visiting https://vhtv-stiftung.de/paperless/admin/"
+echo "2. Going to Authentication and Authorization > Tokens"
+echo "3. Creating a new token for your admin user"
+echo "4. Adding the token to your .env file as PAPERLESS_API_TOKEN"
+
+echo ""
+echo "✅ Paperless-ngx setup complete!"
+echo ""
+echo "📚 Next steps:"
+echo "1. Update your .env file with the generated PAPERLESS_SECRET_KEY"
+echo "2. Visit https://vhtv-stiftung.de/paperless/ to access Paperless"
+echo "3. Create an API token in the Paperless admin interface"
+echo "4. Update PAPERLESS_API_TOKEN in your .env file"
+echo "5. Restart containers: docker-compose restart"