• 0 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: July 16th, 2023

help-circle







  • You probably need to realise that this is advanced self hosting here.

    I might suggest you start off with something a bit simpler.

    Run an application, do DNS, point Nginx to it, get certbot and follow the instructions on their site to implement it. Read logs. Update stuff. Break stuff.

    You need to build up to it, because Authentication is a compilation of 5-6 different basic tasks that you need to be across. And if you mess up any of them, it won’t work and you need to work out why.




  • This has been exceptionally done to death on Reddit but I’ll say it here since Reddit is dead.

    Authentication -

    If what you’re looking for is a login front end you could check out paper merge - personally I’ve got Keycloak and Nginx running so I can just make my own login page anyway and put paperless behind it.

    Stuff with sensitive documents should probably not be on the internet anyway unless you’re a really advanced user.

    Encryption -

    In app encryption offers no security because the encryption key is stored in RAM and likely a database entry that must be unencrypted.

    So the Devs are 100% correct in stating that it gives people a false sense of security to offer it as a feature.

    Best bet is to have an encrypted filesystem or alternative encrypted storage buuuut, also understand that encryption key is also stored in RAM.

    TLDR: There is no point in Devs offering in app encryption when you should already be encrypting the filesystem.