-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Setup Reverse Proxy
Reverse proxy configuration examples for apache, nginx and IIS (on Windows) to use Calibre-Web:
If your reverse proxy has some kind of authentication mechanism, you can configure Calibre-web to log users in based on headers received from the proxy. If using this feature, it's important that only the proxy is exposed to users, because if the Calibre-web instance is at all directly exposed to traffic, then a malicious user will be able to log in as any user that exists via simply setting a header.
In the admin configuration, check the box marked Allow Reverse Proxy Authentication
, and then fill in the text box that appears with the name of the header that will contain the username. If you pass a username that isn't present in the database, nothing will happen - the user must exist beforehand in order to login.
nginx configuration for a local server listening on port 8080, mapping Calibre-Web to /calibre
:
http {
server {
client_max_body_size 20M;
location /calibre {
proxy_bind $server_addr;
proxy_pass http://127.0.0.1:8083;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre; # IMPORTANT: path has NO trailing slash
}
}
}
If you want to use nginx as proxy for subdomain just replace the /calibre
lines with /
, do not change anything else and it will work.
The X-Scheme
directive is used to preserve the protocol (http/https), it could be hard coded to http
or https
to force this type of protocol.
Note: If using SSL in your reverse proxy on a non-standard port (e.g.12345), the following proxy_redirect line may be required:
proxy_redirect http://$host/ https://$host:12345/;
Apache 2.4 configuration for a local server listening on port 443, mapping Calibre-Web to /calibre-web
:
The following modules have to be activated: headers
, proxy
, proxy_http
, rewrite
.
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:\Apache24\conf\ssl\test.crt"
SSLCertificateKeyFile "C:\Apache24\conf\ssl\test.key"
<Location /calibre-web >
RequestHeader set X-SCRIPT-NAME /calibre-web
RequestHeader set X-SCHEME https
ProxyPass http://localhost:8083/
ProxyPassReverse http://localhost:8083/
ProxyPassReverseCookiePath / /calibre-web/
</Location>
</VirtualHost>
First you need to install:
The URL rewrite extension:
http://www.iis.net/downloads/microsoft/url-rewrite
and the application request routing:
https://www.iis.net/downloads/microsoft/application-request-routing
Enable the proxy stuff:
Go to your site and start URL-Rewriting:
Add the server variable:
(The local is comming on it's own) with UNDERSCORE and excact Name:
HTTP_X-SCRIPT_NAME
Then add Reverse Proxy Rules:
Add the ip address and port of your calibre-web instance: e.g. http://127.0.0.1:8083
Change the rule afterwards:
Enter the folder you want to have calibre-web in (/calibre-web
instead of ^
might also works). End the name without a slash, otherwise a call to /calibre-web
would go to nowhere. And Add the server variable to the request and give it the same name as the folder above with starting slash (/calibre-web
in my example, again without trailing slash)
The rewrite rule should look like this:
My web.config file looks like this:
The crossed out sections aren't needed, they are leftovers from my experiments.
Lighttpd 1.4 configuration for a reverse proxy to Calibre-Web to /calibre-web
:
The following modules have to be activated: mod_setenv
, mod_redirect
and mod_proxy
.
Example is for https connection, to have an normal http frontend, the X-SCHEME line has to be deleted.(?)
$HTTP["url"] =~ "^/calibre-web" {
setenv.add-request-header = (
"X-SCRIPT-NAME" => "/calibre-web",
"X-SCHEME" => "https"
)
proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "8083" ) ) )
}
traefik.toml:
[log]
level = "DEBUG"
filePath = "log-file.log"
[accessLog]
filePath = "log-access.log"
bufferingSize = 100
[providers]
[providers.file]
filename = "traefik-proxy.toml"
[entryPoints]
[entryPoints.web]
address = ":80"
traefik-proxy.toml:
[http]
[http.middlewares]
[http.middlewares.cwHeader.headers]
[http.middlewares.cwHeader.headers.customRequestHeaders]
X-Script-Name = "/cw"
[http.middlewares.cwStrip.stripPrefixRegex]
regex = ["/cw"]
[http.routers]
[http.routers.cw-router]
rule = "(Host(`127.0.0.1`) && PathPrefix(`/cw`))"
service = "calibre-web"
entryPoints = ["web"]
middlewares = ["cwStrip","cwHeader"]
[http.services]
[http.services.cw-router.loadbalancer]
[[http.services.cw-router.loadbalancer.servers]]
url = "http://127.0.0.1:8083"
This example is only working for 127.0.0.1 for other hostnames the routing rule has to be extended.