-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate-caddy.sh
More file actions
executable file
·61 lines (51 loc) · 2.17 KB
/
update-caddy.sh
File metadata and controls
executable file
·61 lines (51 loc) · 2.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
# =============================================================================
# update-caddy.sh — Download latest Caddy with coraza-caddy module, replace binary
# Safe: validates new binary before replacing, restarts only on success.
# Run as: root, or via monthly cron.
# =============================================================================
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
for candidate in "/usr/local/lib/serverdeploy" "${SCRIPT_DIR}/lib"; do
[[ -f "${candidate}/common.sh" ]] && { source "${candidate}/common.sh"; break; }
done
require_root
load_config
CADDY_BIN=/usr/local/bin/caddy
DL_URL="https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcorazawaf%2Fcoraza-caddy%2Fv2"
OLD_VERSION=$("${CADDY_BIN}" version 2>/dev/null | head -1 || echo "unknown")
info "Current Caddy: ${OLD_VERSION}"
info "Downloading latest Caddy with coraza-caddy..."
TMP_BIN=$(mktemp)
if ! curl -fsSL --retry 3 -o "${TMP_BIN}" "${DL_URL}"; then
rm -f "${TMP_BIN}"
die "Download failed."
fi
chmod +x "${TMP_BIN}"
NEW_VERSION=$("${TMP_BIN}" version 2>/dev/null | head -1 || echo "unknown")
info "Downloaded Caddy: ${NEW_VERSION}"
if [[ "${OLD_VERSION}" == "${NEW_VERSION}" ]]; then
info "Already up to date. Nothing to do."
rm -f "${TMP_BIN}"
exit 0
fi
# Validate the new binary can parse the existing Caddyfile
if ! "${TMP_BIN}" validate --config /etc/caddy/Caddyfile --adapter caddyfile >/dev/null 2>&1; then
rm -f "${TMP_BIN}"
die "New binary fails to validate existing Caddyfile — not replacing."
fi
success "New binary validates existing config."
# Replace and restart
mv "${TMP_BIN}" "${CADDY_BIN}"
chmod 755 "${CADDY_BIN}"
systemctl restart caddy
sleep 2
if systemctl is-active --quiet caddy; then
success "Caddy updated: ${OLD_VERSION} → ${NEW_VERSION}"
# Notify admin
source /usr/local/lib/serverdeploy/notify.sh 2>/dev/null && \
send_email "Caddy updated to ${NEW_VERSION}" \
"Caddy on $(hostname -f) updated from ${OLD_VERSION} to ${NEW_VERSION} at $(date)." 2>/dev/null || true
else
die "Caddy failed to start after update. Rollback: restore binary from backup."
fi