Jump to content
maxistviews

(SOLVED) How can I share my CalibreWeb container with a friend?

5 posts in this topic Last Reply

Recommended Posts

Posted (edited)

Hello!

 

I have set up a CalibreWeb container and I want to be able to send a URL to a friend and have them access the webUI with a username and password (download/read the epubs stores). Is this possible to do in such a user-friendly manner?

 

I've changed the network type on the container to "Custom: eth0" and given the container a static IP. 

 

I've read how I shouldnt port forward to the unRAID server, but if this is port forwarding to a container, is it in anyway safer? 

 

Thank you for your time!

Edited by maxistviews
Added solution down below.

Share this post


Link to post

I don't use CalibreWeb but I would reverse proxy it. It's a great way to securely connect to your containers remotely. Purchase a domain or get a free subdomain with duckdns or something. Then spin up the let's encrypt container from linuxserver.io which takes care of issuing a free SSL certificate for your domain/subdomain so you can connect securely. It also has nginx baked in so you can set up a web server or just use it to reverse proxy your containers. 

 

The great thing about it is you can access all/most of your containers remotely with just forwarding 1 or max 2 ports to the let's encrypt container. Instead of forwarding one port for each container. And you can connect to all of them using https. If the containers don't have the ability to set up username/password you can do that too with nginx. You can set up geoblocking, you can ban IP's automatically, you can do almost anything. 

 

After you've set it up you just go to containername.yourdomain.com or yourdomain.com/containername like any other website.

  • Like 1

Share this post


Link to post
25 minutes ago, strike said:

I don't use CalibreWeb but I would reverse proxy it. It's a great way to securely connect to your containers remotely. Purchase a domain or get a free subdomain with duckdns or something. Then spin up the let's encrypt container from linuxserver.io which takes care of issuing a free SSL certificate for your domain/subdomain so you can connect securely. It also has nginx baked in so you can set up a web server or just use it to reverse proxy your containers. 

 

The great thing about it is you can access all/most of your containers remotely with just forwarding 1 or max 2 ports to the let's encrypt container. Instead of forwarding one port for each container. And you can connect to all of them using https. If the containers don't have the ability to set up username/password you can do that too with nginx. You can set up geoblocking, you can ban IP's automatically, you can do almost anything. 

 

After you've set it up you just go to containername.yourdomain.com or yourdomain.com/containername like any other website.

 

Thank you so much for taking the time to reply! I have purchased a domain for a different project, so I might try it with that.

 

Do you think I can follow this guide to set up a reverse proxy?

https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/

Share this post


Link to post

If you piece together things from the guide you linked and these two I think you are on the right track:

 

https://technicalramblings.com/blog/how-to-setup-organizr-with-letsencrypt-on-unraid/

https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

 

And I strongly recommend the let's encrypt support thread. It may take a while to find what you're looking for since it is a massive thread but there's a LOT of information there: https://lime-technology.com/forums/topic/51808-support-linuxserverio-letsencrypt-nginx/

 

Basically there are two ways to configure the nginx reverse proxy, either with subdomains (subdomain.domain.com) or subdirectories (domain.com/subdirectory). Some containers won't work with subdirectories so you have to use subdomains.

 

Since you have your own domain I would recommend using cloudfare's dns service, then you can use dns validation to get your certs validated and you only need to forward port 443 to the let's encrypt container. If you don't go with dns validation you'll have to setup http validation over port 80, which have to be forwarded to you LE container.  I personally haven't tried the cloudfare option yet, but I'm going to try it soon. I believe there are some posts in the LE thread on how to set it up.

  • Like 1

Share this post


Link to post

Thanks a lot for your posts! I got it working! 

 

For anyone else looking for a way to do this in the future, here you go:

 

I am assuming you have a domain that you want to serve as an access point to a container on your server. Let's assume your domain is www.dexter.com and you want to access books.dexter.com

Your CNAMES should be:

 

Host Record Points to TTL
books yourname.duckdns.org 14400

 

Feel free to add as many of these CNAMES as you'd like. 

 

I am using duckDNS because it has a container that I can run on my server. What I think it does is when my IP changes, my unRAID server sends an update request to duckDNS to make sure my url (ie yourname.duckdns.org) is still pointing to my IP. If you dont have something similar with your dns service, i think you will need to manually update it everytime your ISP updates your IP (maybe someone can correct me here).

 

Next, you go to letsencrypt's docker and you put this:

 

Domain Name: dexter.com (dont put your dns here)

Subdomain(s): books (if you ever want to add future subdomains, remember to add them here)

Only Subdomains: true

Validation: http (People of the future, refer to documentation to see if this is still the correct way to do this)

 

Now, navigate to appdata\letsencrypt\nginx\site-confs\ and open default. These are the configs that I am using and it seems to be working perfectly. Obviously change dexter.com to your domain and change the local IP and ports with whatever you are accessing.

This was adapted from https://technicalramblings.com/blog/how-to-setup-organizr-with-letsencrypt-on-unraid/ so if you have anything more complicated you wish to do, go there and there are templates.

 

default:

################################################################################################################
#////////////////////////////////////////////////SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
################################################################################################################

# REDIRECT HTTP TRAFFIC TO https://
server {
    listen 80;
    server_name dexter.com .dexter.com;
    return 301 https://$host$request_uri;
}

################################################################################################################
#////////////////////////////////////////////////MAIN SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
################################################################################################################

# MAIN SERVER BLOCK
server {
listen 443 ssl http2 default_server;

server_name dexter.com;

## Certificates from LE container placement
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

## Strong Security recommended settings per cipherli.st
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;


# Custom error pages 
error_page 400 401 402 403 404 405 408 500 502 503 504 $scheme://$server_name/error.php?error=$status;
error_log /config/log/nginx/error.log;

}
################################################################################################################
#////////////////////////////////////////////////SUBDOMAINS\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
################################################################################################################

#CalibreWeb SERVER, accessed by books.dexter.com  
server {
listen 443 ssl http2;

server_name books books.dexter.com;

location /error/ {
    alias /www/errorpages/;
    internal;
    }

location / {
    proxy_bind              $server_addr;
    proxy_pass              http://LOCAL-IP:PORT;
    proxy_set_header        Host            $http_host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Scheme        $scheme;
    }
}

#Copy + Paste the same "CalibreWeb SERVER" block if you want to add another domain such as plex. It may require a different set up though.

Thank you everyone for your help!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now