Paperless-ngx Installation on Ubuntu 24.04 with Caddy and Automatic SSL Certificates
Interested in the product showcased here?
WZ-IT can take care of consulting, installation, support, operation, maintenance, and monitoring for you.
Book your free, no-obligation call here:
Schedule a meeting.
Recent political developments show that it's becoming increasingly important to maintain control over your own data. Paperless-ngx is an open-source solution that allows you to host your own DMS while keeping full control over your data. In this guide, we'll show you how to install Paperless-ngx on an Ubuntu 24.04 server and automatically set up SSL certificates from Let's Encrypt with Caddy.
Prerequisites
- An Ubuntu 24.04 server (e.g., a VPS from Hetzner or another provider)
- SSH access to the server
- Domain pointing to the server (at least an A record) (e.g.,
paperless.example.com
)
In our example, we use the domain paperless-demo.wz-it.com
. You can replace this domain in the guide with your own domain. We've set the domain with an A record pointing to the IP address of the server where we want to install Paperless-ngx. Here's an excerpt from the DNS configuration:

Step 1: Prepare the Server
We log in via SSH as root or a user with sudo privileges on the server and update the package list:
apt update && apt upgrade -y
Step 2: Install Docker and Docker Compose
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
rm get-docker.sh
This script installs the latest version of Docker and Docker Compose. Feel free to check the content of the script to understand what exactly happens. Generally, it's not a good idea to blindly execute scripts from the internet, but in this case, it's a common method to install Docker.
Step 3: Create User for Paperless-ngx
We create a new user that will later be used for the Paperless-ngx installation. We also add the user to the Docker group so they can execute Docker commands without sudo. This is important because Paperless-ngx runs in a Docker container and the user needs access to Docker resources.
adduser --system --group --home /opt/paperless paperless
sudo usermod -aG docker paperless
Step 4: Install Paperless-ngx
Paperless-ngx provides an official Docker Compose template that we can use. However, a script is also provided that simplifies the installation. In our case, where we want to use the server exclusively for Paperless-ngx, this is a sensible option. If we want to integrate Paperless-ngx into a different setup, this installation method might not be suitable. We download the script and execute it:
sudo -u paperless bash -c "$(curl --location --silent --show-error https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/install-paperless-ngx.sh)"
The script guides us through an interactive installation process where we can make some settings.
The following settings are important for our installation:
- URL: Here we enter the domain under which Paperless-ngx should be accessible, e.g.,
https://paperless-demo.wz-it.com
. - OCR Language: We choose
eng
for English, so text recognition is performed in English.
We can leave all other settings at their default values and confirm with "Enter". At the end, we set a password for the admin user that will later be used to access Paperless-ngx.
The script now installs Paperless-ngx and all required dependencies. It also creates the necessary directories and configuration files.
Now Paperless-ngx is installed and we can access our instance at http://SERVER_IP:8000. However, the connection is not yet secured since we haven't set up an SSL certificate yet.
Step 5: Set up Caddy as Reverse Proxy and SSL Certificate
Caddy is a simple and powerful web server that automatically issues and manages SSL certificates from Let's Encrypt. We use Caddy to make Paperless-ngx accessible via HTTPS. We can add Caddy to the Docker Compose
We open the docker-compose.yml
file in the /opt/paperless
directory and add the Caddy service. Here's what the updated docker-compose.yml
looks like:
services:
broker:
image: docker.io/library/redis:8
restart: unless-stopped
volumes:
- redisdata:/data
db:
image: docker.io/library/postgres:17
restart: unless-stopped
volumes:
- pgdata:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- db
- broker
ports:
- "8000:8000"
volumes:
- data:/usr/src/paperless/data
- media:/usr/src/paperless/media
- ./export:/usr/src/paperless/export
- /opt/paperless/paperless-ngx/consume:/usr/src/paperless/consume
env_file: docker-compose.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_DBHOST: db
caddy:
image: caddy
network_mode: "host"
volumes:
- ./caddy/data/:/data/
- ./caddy/config/:/config/
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
volumes:
data:
media:
pgdata:
redisdata:
We now create the directories for Caddy and the configuration file Caddyfile
:
mkdir -p /opt/paperless/caddy
chown -R paperless:paperless /opt/paperless/caddy
We create the Caddyfile
file in the /opt/paperless/caddy
directory with the following content:
{
email [email protected] # Your email address for Let's Encrypt notifications
}
paperless-demo.wz-it.com { # Replace this with your domain
reverse_proxy http://127.0.0.1:8000
}
Here we specify the domain under which Paperless-ngx should be accessible and forward traffic to the Paperless-ngx web server. Replace paperless-demo.wz-it.com
with your own domain. The email address is used for Let's Encrypt certificate registration. You should provide a valid email address to receive notifications about certificate issues.
Step 6: Start Paperless-ngx and Caddy
We now start Paperless-ngx and Caddy with Docker Compose. We switch to the /opt/paperless
directory and execute the following command:
sudo -u paperless docker-compose up -d
Now Paperless-ngx should be accessible via HTTPS. You can verify this by opening https://paperless-demo.wz-it.com
in your browser. You should see the Paperless-ngx login page.
Here you can log in with the admin user you set during installation. The default username is
paperless
and the password is what you set during installation.
Firewall Configuration
If you have set up a firewall on your server, make sure ports 80 (HTTP) and 443 (HTTPS) are open. This is necessary for Caddy to receive requests via HTTP and HTTPS. You can do this with ufw
or configure it through your cloud provider's firewall.
Conclusion
With this guide, you have successfully installed Paperless-ngx on an Ubuntu 24.04 server and set up an SSL certificate from Let's Encrypt with Caddy. You can now manage your documents securely and privately without relying on external cloud services. This installation is an absolute basic installation. To use certain features, additional steps may be necessary to activate them. In the official Paperless-ngx documentation, you can find more information about available features and how to configure them: Paperless-ngx Documentation.