Advanced connection options for server connection about paperless_app HOT 8 OPEN

Hey,

thank you for sharing this idea! This seems like a useful feature, especially with all the sensitive documents that may be stored in Paperless.

I'm currently working on the document editing feature and improvements to the in-app scanner so I'm not able to work on this now. I'd be happy to accept a pull-request with this implemented.

To promote usage of client certificates, it would be nice if this could be integrated into the Paperless-NG documentation for the default Docker setup. Could you open an issue there as well?

from paperless_app.

Good afternoon.
I am also worried about the issue of https certificates.
I am using paperless + nginx proxy manager with self signed certificate using openssl.
That is, my certificate is not certified by the CA. For this reason, the system does not allow me to use paperless_app with my server.

from paperless_app.

One thing we could try is using a native Android HTTP client instead of using dio.

However, this has the disadvantage of making it harder to maintain compatibility with iOS and also means we have to rewrite a big part of the app. I would really prefer if this could be fixed in Flutter/Dart.

from paperless_app.

I'm another user and admin for friends, running instances of Paperless ng.
An option to accept a self-signed certificate stop me and others from using the app.

from paperless_app.

I'm another user and admin for friends, running instances of Paperless ng.
An option to accept a self-signed certificate stop me and others from using the app.

I spent a very long time trying to get the application to work with a self signed certificate.
I tried:

1. Decompile the APK and add "network_security_config.xml"
2. Created my own CA and added the CA certificate to the custom store
3. I also tried adding my CA to the system trusted store

Neither option worked. As I understand it, this is the specifics of "dart" and the "dio" used.
As I understand it, this can only be solved by modifying the "dio" itself. But I'm not good at mobile development, so I didn't.

I found a way out for myself. I'm using HTTP over a VPN tunnel. I do not know how safe it is, I would like to know the opinion of experts in this matter.

from paperless_app.

Thanks for testing this so thoroughly. At least we know now that we didn't miss anything obvious!

Your setup should be secure if you trust everyone in your VPN. However, I would still recommend using HTTPS.

What's stopping you from using a certificate from a trusted CA?

from paperless_app.

I was planning to use "paperless" only on the local network anyway, behind the VPN.
I think not one certification authority will sign me a certificate for the local network.
Using HTTPS is an additional layer of protection in case of unauthorized intrusion into my network.

It seems to me that VPN will be more reliable in comparison with public paperless + HTTPS

from paperless_app.

I think not one certification authority will sign me a certificate for the local network.

Sure, you can just use DNS validation, then you don't need a public IP. Let's Encrypt and ZeroSSL both offer that for free.

It seems to me that VPN will be more reliable in comparison with public paperless + HTTPS

Unlikely, but it will certainly be more secure!

from paperless_app.