HomeAudit/fix_paperless_caddy_csrf.sh

#!/bin/bash
# Fix Paperless CSRF verification error for Caddy reverse proxy

set -euo pipefail

echo "🔧 Fixing Paperless CSRF verification error with Caddy..."

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

print_status() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

print_warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

print_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

print_step() {
    echo -e "${BLUE}[STEP]${NC} $1"
}

# Configuration
SURFACE_HOST="jon@192.168.50.254"
OMV800_HOST="root@192.168.50.229"
CADDY_CONFIG_PATH="/etc/caddy/Caddyfile"
BACKUP_DIR="backups/paperless_caddy_csrf_fix_$(date +%Y%m%d_%H%M%S)"

# Step 1: Create backup directory
print_step "Step 1: Creating backups..."
mkdir -p "$BACKUP_DIR"

# Step 2: Backup current configurations
print_step "Step 2: Backing up current configurations..."
cp paperless_fix_compose.yml "$BACKUP_DIR/"
cp corrected_caddyfile.txt "$BACKUP_DIR/"

# Step 3: Update Caddy configuration on surface
print_step "Step 3: Updating Caddy configuration on surface..."
print_status "Copying updated Caddyfile to surface..."

# Copy the updated Caddyfile to surface
scp corrected_caddyfile.txt "$SURFACE_HOST:/tmp/Caddyfile.paperless"

# SSH to surface and update Caddy configuration
ssh "$SURFACE_HOST" << 'EOF'
    # Backup current Caddyfile
    sudo cp /etc/caddy/Caddyfile /etc/caddy/Caddyfile.backup.$(date +%Y%m%d_%H%M%S)
    
    # Replace with updated configuration
    sudo cp /tmp/Caddyfile.paperless /etc/caddy/Caddyfile
    
    # Test Caddy configuration
    sudo caddy validate --config /etc/caddy/Caddyfile
    
    # Reload Caddy
    sudo systemctl reload caddy
    
    # Check Caddy status
    sudo systemctl status caddy --no-pager -l
EOF

print_status "✅ Caddy configuration updated and reloaded"

# Step 4: Update Paperless configuration on OMV800
print_step "Step 4: Updating Paperless configuration on OMV800..."
print_status "Copying updated Paperless configuration to OMV800..."

# Copy the updated Paperless configuration to OMV800
scp paperless_fix_compose.yml "$OMV800_HOST:/tmp/paperless_fix_compose.yml"

# SSH to OMV800 and restart Paperless
ssh "$OMV800_HOST" << 'EOF'
    # Navigate to Paperless directory (adjust path as needed)
    cd /opt/paperless || cd /home/paperless || cd /root/paperless
    
    # Backup current configuration
    if [ -f docker-compose.yml ]; then
        cp docker-compose.yml docker-compose.yml.backup.$(date +%Y%m%d_%H%M%S)
    fi
    
    # Copy updated configuration
    cp /tmp/paperless_fix_compose.yml docker-compose.yml
    
    # Stop current Paperless stack
    docker-compose down
    
    # Start with updated configuration
    docker-compose up -d
    
    # Check service status
    docker-compose ps
    
    # Check logs for any errors
    docker-compose logs webserver --tail 20
EOF

print_status "✅ Paperless configuration updated and restarted"

# Step 5: Wait for services to start
print_step "Step 5: Waiting for services to start..."
sleep 30

# Step 6: Test the connection
print_step "Step 6: Testing Paperless access..."
print_status "Testing https://paperless.pressmess.duckdns.org..."

# Test the connection
if curl -s -o /dev/null -w "%{http_code}" https://paperless.pressmess.duckdns.org | grep -q "200\|302"; then
    print_status "✅ Paperless is accessible!"
else
    print_warning "⚠️  Paperless may still be starting up. Please wait a few more minutes and try again."
fi

# Step 7: Final instructions
print_step "Step 7: Final instructions..."
echo ""
print_status "The CSRF issue should now be resolved. Here's what was fixed:"
echo "  • Updated Paperless environment variables for CSRF support"
echo "  • Added proper reverse proxy headers in Caddy configuration"
echo "  • Updated PAPERLESS_URL to use your DuckDNS domain"
echo "  • Added PAPERLESS_CSRF_TRUSTED_ORIGINS for CSRF validation"
echo "  • Added PAPERLESS_ALLOWED_HOSTS for security"
echo "  • Added reverse proxy headers configuration"
echo ""
print_status "Try accessing https://paperless.pressmess.duckdns.org now."
echo ""
print_warning "If you still see issues:"
echo "  1. Check Caddy logs: ssh $SURFACE_HOST 'sudo journalctl -u caddy -f'"
echo "  2. Check Paperless logs: ssh $OMV800_HOST 'docker-compose logs webserver'"
echo "  3. Wait a few minutes for services to fully start"
echo "  4. Clear your browser cache and cookies"
echo ""
print_status "Backup files are available in: $BACKUP_DIR"