LINUX, SCRIPTING, BASH, READECK, CADDY, REVERSE-PROXY, HOMELAB

Readeck 0.16 and Upgrade Script

Readeck 0.16

I have changed my configuration for Readeck and my Caddy reverse proxy because they have added a new option in Readeck 0.16.

The release simplifies reverse proxy configuration by replacing multiple settings (use_x_forwarded_for, use_x_forwarded_host, use_x_forwarded_proto) with a single trusted_proxies option (or READECK_TRUSTED_PROXIES environment variable). It defaults to private network ranges, so no configuration changes are required for most users.

Previously with Readeck 0.15 I had to set this line in the server part: use_x_forwarded_proto = true # Forward client protocol

And now they have added this one, which is only needed for non-private IP addresses: trusted_proxies = ["XXX.XXX.XXX.XXX"]

I have updated my caddy file as described in the updated Readeck documentation: /etc/caddy/Caddyfile

# Readeck
readeck.internal {
        tls internal
        reverse_proxy 192.168.0.32:8000 {
                header_up X-Real-IP {remote_host}
                header_up Host {host}
        }
}

I also changed the [server] section of the Readeck configuration file to only accept connections from a specific internal DNS name: /etc/readeck/config.toml

...
allowed_hosts = ["readeck.internal"] # Restrict access

Both services will need to be restarted for the new configurations to take effect.
systemctl restart readeck
systemctl restart caddy

Automated Upgrade Script

Now for the script. I wanted to automate the upgrade process for Readeck and also try a few things with bash scripting. So I implemented dependency checking, verbose logging, error handling and various functions for modularity purposes in this little script.

It performs the following steps:

  1. Backup the current binary: If a Readeck binary is found, the script creates a backup of the current version.
  2. Fetch the latest release page: The script fetches the Readeck release page to retrieve the most recent version number.
  3. Download the latest binary: Using the latest version number, the script constructs the appropriate download URL and uses curl to fetch the latest binary.
  4. Stop the Readeck service: The script stops the Readeck service to safely replace the binary.
  5. Replace the binary: It then replaces the old binary with the newly downloaded version.
  6. Start the service: Finally, the script starts the Readeck service and verifies it.

You can find the full script in my script-collection GitLab repository: