Deploy Readeck for production

This document will show how to deploy Readeck on a Linux server with systemd and an Nginx reverse proxy. You'll need root access to create a user and install the service.

Create a user

It's strongly recommended to no run Readeck as the root user and the first thing we'll do is create a group and a user for the service.

groupadd --system readeck
useradd --system -d /var/lib/readeck -M -s /bin/false -g readeck readeck
mkdir /var/lib/readeck
chown readeck:readeck /var/lib/readeck

This creates a readeck user belonging to the group readeck, as well as a directory /var/lib/readeck.

Install the Readeck binary

This downloads the last Readeck release and makes it executable by any user on the system.

wget -O /usr/local/bin/readeck
chmod a+x /usr/local/bin/readeck

Create a configuration folder

You don't need a configuration file at first but you'll need a configuration folder:

mkdir /etc/readeck
chown readeck:root /etc/readeck
chmod 0750 /etc/readeck

Create a Systemd service

Create a file /etc/systemd/system/readeck.service with the following content:

Description=Readeck - Open Source bookmark manager

ExecStart=/usr/local/bin/readeck serve -config /etc/readeck/config.toml



Now, you can reload systemd and start readeck:

systemctl daemon-reload
systemctl start readeck

You can check that Readeck is running:

systemctl status readeck

Setup a reverse proxy

Now, Readeck is running but is listening publicly on the port 8000 for anyone who wants to connect. You might not want that and put it behind a reverse proxy such as Nginx or Caddy.

Let's first edit the configuration to listen only on localhost. In /etc/readeck/config.toml, edit the following lines:

host = ""
port = 8000
allowed_hosts = [""]
use_x_forwarded_for = true
use_x_forwarded_host = true
use_x_forwarded_proto = true

Change the value of allowed_hosts, and port if you'd like to use something else.


Setting a value for allowed_hosts is a good security measure.
If you're using readeck as a container behind a reverse proxy, you must set the environment variable READECK_USE_X_FORWARDED=1.

We'll assume Nginx is installed and that you followed any necessary step to have a TLS certificate. Here's a fragment of a virtual host than can serve Readeck:

server {

    listen 443 ssl http2;
    listent [::]:443 ssl http2;

    # ... certificate configuration

    location / {
        proxy_set_header  X-Real-IP         $remote_addr;
        proxy_set_header  Host              $host;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;
        client_max_body_size 50M;

2024 © Readeck