From 1b29649635a7341747e88385d33882b9c69f0e73 Mon Sep 17 00:00:00 2001 From: Andrew Berry Date: Wed, 6 Mar 2024 10:32:55 -0500 Subject: [PATCH] Move admin/login note to configuration.md and link to the wiki --- docs/advanced_usage.md | 8 +------- docs/configuration.md | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/docs/advanced_usage.md b/docs/advanced_usage.md index b114aa7bb..d4ff80f87 100644 --- a/docs/advanced_usage.md +++ b/docs/advanced_usage.md @@ -695,10 +695,4 @@ More details about configuration option for various providers can be found in th ### Disabling Regular Login -Once external auth is set up, 'regular' login can be disabled with the [PAPERLESS_DISABLE_REGULAR_LOGIN](configuration.md#PAPERLESS_DISABLE_REGULAR_LOGIN) setting. This setting will not block access to the built-in Django login form at `/admin/login`. To block access to that page, consider blocking it in your web server configuration. For example, with Nginx, try: - -``` -location /admin/login { - return 403; -} -``` +Once external auth is set up, 'regular' login can be disabled with the [PAPERLESS_DISABLE_REGULAR_LOGIN](configuration.md#PAPERLESS_DISABLE_REGULAR_LOGIN) setting. diff --git a/docs/configuration.md b/docs/configuration.md index 5fd14caf1..b34e2e9e2 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -585,7 +585,7 @@ system. See the corresponding #### [`PAPERLESS_DISABLE_REGULAR_LOGIN=`](#PAPERLESS_DISABLE_REGULAR_LOGIN) {#PAPERLESS_DISABLE_REGULAR_LOGIN} -: Disables the regular frontend username / password login, i.e. once you have setup SSO. Note that the Django admin login cannot be disabled. +: Disables the regular frontend username / password login, i.e. once you have setup SSO. Note that the Django admin login cannot be disabled by Paperless. To prevent logins directly into Django, consider blocking `/admin/login` in your [web server or reverse proxy configuration](https://github.com/paperless-ngx/paperless-ngx/wiki/Using-a-Reverse-Proxy-with-Paperless-ngx). Defaults to False