(SOLVED) How can I share my CalibreWeb container with a friend?

[maxistviews]

Hello!

 

I have set up a CalibreWeb container and I want to be able to send a URL to a friend and have them access the webUI with a username and password (download/read the epubs stores). Is this possible to do in such a user-friendly manner?

 

I've changed the network type on the container to "Custom: eth0" and given the container a static IP. 

 

I've read how I shouldnt port forward to the unRAID server, but if this is port forwarding to a container, is it in anyway safer? 

 

Thank you for your time!

Edited April 23, 2018 by maxistviews
Added solution down below.

[strike]

I don't use CalibreWeb but I would reverse proxy it. It's a great way to securely connect to your containers remotely. Purchase a domain or get a free subdomain with duckdns or something. Then spin up the let's encrypt container from linuxserver.io which takes care of issuing a free SSL certificate for your domain/subdomain so you can connect securely. It also has nginx baked in so you can set up a web server or just use it to reverse proxy your containers. 

 

The great thing about it is you can access all/most of your containers remotely with just forwarding 1 or max 2 ports to the let's encrypt container. Instead of forwarding one port for each container. And you can connect to all of them using https. If the containers don't have the ability to set up username/password you can do that too with nginx. You can set up geoblocking, you can ban IP's automatically, you can do almost anything. 

 

After you've set it up you just go to containername.yourdomain.com or yourdomain.com/containername like any other website.

[maxistviews]

25 minutes ago, strike said:

I don't use CalibreWeb but I would reverse proxy it. It's a great way to securely connect to your containers remotely. Purchase a domain or get a free subdomain with duckdns or something. Then spin up the let's encrypt container from linuxserver.io which takes care of issuing a free SSL certificate for your domain/subdomain so you can connect securely. It also has nginx baked in so you can set up a web server or just use it to reverse proxy your containers. 

 

The great thing about it is you can access all/most of your containers remotely with just forwarding 1 or max 2 ports to the let's encrypt container. Instead of forwarding one port for each container. And you can connect to all of them using https. If the containers don't have the ability to set up username/password you can do that too with nginx. You can set up geoblocking, you can ban IP's automatically, you can do almost anything. 

 

After you've set it up you just go to containername.yourdomain.com or yourdomain.com/containername like any other website.

 

Thank you so much for taking the time to reply! I have purchased a domain for a different project, so I might try it with that.

 

Do you think I can follow this guide to set up a reverse proxy?

https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/

[strike]

If you piece together things from the guide you linked and these two I think you are on the right track:

 

https://technicalramblings.com/blog/how-to-setup-organizr-with-letsencrypt-on-unraid/

https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

 

And I strongly recommend the let's encrypt support thread. It may take a while to find what you're looking for since it is a massive thread but there's a LOT of information there: https://lime-technology.com/forums/topic/51808-support-linuxserverio-letsencrypt-nginx/

 

Basically there are two ways to configure the nginx reverse proxy, either with subdomains (subdomain.domain.com) or subdirectories (domain.com/subdirectory). Some containers won't work with subdirectories so you have to use subdomains.

 

Since you have your own domain I would recommend using cloudfare's dns service, then you can use dns validation to get your certs validated and you only need to forward port 443 to the let's encrypt container. If you don't go with dns validation you'll have to setup http validation over port 80, which have to be forwarded to you LE container.  I personally haven't tried the cloudfare option yet, but I'm going to try it soon. I believe there are some posts in the LE thread on how to set it up.

[maxistviews]

Thanks a lot for your posts! I got it working! 

 

For anyone else looking for a way to do this in the future, here you go:

 

I am assuming you have a domain that you want to serve as an access point to a container on your server. Let's assume your domain is www.dexter.com and you want to access books.dexter.com

Your CNAMES should be:

 

Host Record	Points to	TTL
books	yourname.duckdns.org	14400

 

Feel free to add as many of these CNAMES as you'd like. 

 

I am using duckDNS because it has a container that I can run on my server. What I think it does is when my IP changes, my unRAID server sends an update request to duckDNS to make sure my url (ie yourname.duckdns.org) is still pointing to my IP. If you dont have something similar with your dns service, i think you will need to manually update it everytime your ISP updates your IP (maybe someone can correct me here).

 

Next, you go to letsencrypt's docker and you put this:

 

Domain Name: dexter.com (dont put your dns here)

Subdomain(s): books (if you ever want to add future subdomains, remember to add them here)

Only Subdomains: true

Validation: http (People of the future, refer to documentation to see if this is still the correct way to do this)

 

Now, navigate to appdata\letsencrypt\nginx\site-confs\ and open default. These are the configs that I am using and it seems to be working perfectly. Obviously change dexter.com to your domain and change the local IP and ports with whatever you are accessing.

This was adapted from https://technicalramblings.com/blog/how-to-setup-organizr-with-letsencrypt-on-unraid/ so if you have anything more complicated you wish to do, go there and there are templates.

 

default:

################################################################################################################
#////////////////////////////////////////////////SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
################################################################################################################

# REDIRECT HTTP TRAFFIC TO https://
server {
    listen 80;
    server_name dexter.com .dexter.com;
    return 301 https://$host$request_uri;
}

################################################################################################################
#////////////////////////////////////////////////MAIN SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
################################################################################################################

# MAIN SERVER BLOCK
server {
listen 443 ssl http2 default_server;

server_name dexter.com;

## Certificates from LE container placement
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

## Strong Security recommended settings per cipherli.st
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;


# Custom error pages 
error_page 400 401 402 403 404 405 408 500 502 503 504 $scheme://$server_name/error.php?error=$status;
error_log /config/log/nginx/error.log;

}
################################################################################################################
#////////////////////////////////////////////////SUBDOMAINS\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
################################################################################################################

#CalibreWeb SERVER, accessed by books.dexter.com  
server {
listen 443 ssl http2;

server_name books books.dexter.com;

location /error/ {
    alias /www/errorpages/;
    internal;
    }

location / {
    proxy_bind              $server_addr;
    proxy_pass              http://LOCAL-IP:PORT;
    proxy_set_header        Host            $http_host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Scheme        $scheme;
    }
}

#Copy + Paste the same "CalibreWeb SERVER" block if you want to add another domain such as plex. It may require a different set up though.

Thank you everyone for your help!

[fachizel90]

Just incase someone is interested in using cops instead, this is the config I added to the nginx configs in letsencrypt.

 

 

Quote

 

# Make sure cops and letsencrypt are on the same network and that the container is called cops, save this as cops.subdomain.conf and put it in the nginx configs folder.

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name cops.*;  # if your domain starts with something other than cops you have to change this

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_cops cops;
        proxy_pass http://LOCALIP:PORT; # replace this with IP address and port of Cops
        
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }
    
    location ~ (/cops)?/socket {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_cops cops;
        proxy_pass http://LOCALIP:PORT; # replace this with IP address and port of Cops
        
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
   }
}

 

 

 

[helomen]

Unfortunately your code doesn't work for me. I've made some adjustments:

 

# Make sure cops and letsencrypt are on the same network and that the container is called cops, save this as cops.subdomain.conf and put it in the nginx configs folder.

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name cops.*;  # if your domain starts with something other than cops you have to change this

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_cops cops;
        proxy_pass http://$upstream_cops:9082; # replace this with IP address and port of Cops
        
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }
    
    location ~ (/cops)?/socket {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_cops cops;
        proxy_pass http://$upstream_cops:9082; # replace this with IP address and port of Cops
        
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
   }
}

 

• The server_name should be right...
• I've set the cops's Host Port 1:* to 9082
• And I configured the reverse proxy right (sonarr, radarr, calibre,... are working perfectly)
• This file is in the appdata-folder: \appdata\letsencrypt\nginx\proxy-confs

 

Do you have any idea?

Edited January 26, 2020 by helomen