Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Calibre > Related Tools

Notices

Reply
 
Thread Tools Search this Thread
Old 12-03-2015, 09:14 PM   #1
josh.p.23
Junior Member
josh.p.23 began at the beginning.
 
josh.p.23's Avatar
 
Posts: 8
Karma: 10
Join Date: Aug 2013
Device: android kindle app, FB Reader, several tablets
calibre server root folder

where can I locate the root folder for the content server? I need to verify ownership so that I can get a custom SSL certificate.

thanks!
josh.p.23 is offline   Reply With Quote
Old 12-03-2015, 10:27 PM   #2
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 28,675
Karma: 7295841
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
There is no root folder, the server is dynamic. I'm guessing you are using lets encrypt? In which case you need to either modify the code (for example in server/content.py or simpler, just turn off the server temporarily and run nginx/apacche/simplehttpserver while you are verifying your domain ownership.
kovidgoyal is offline   Reply With Quote
 
Advertisement
Old 12-05-2015, 01:49 AM   #3
josh.p.23
Junior Member
josh.p.23 began at the beginning.
 
josh.p.23's Avatar
 
Posts: 8
Karma: 10
Join Date: Aug 2013
Device: android kindle app, FB Reader, several tablets
Quote:
Originally Posted by kovidgoyal View Post
I'm guessing you are using lets encrypt?
Good guess!

Well, I have it set up using apache proxy, so apache is already running, accepting connections on port 80 and forwarding them locally to 8080.

So, would I have to manipulate my vhost file for that? That sounds like what you are saying. I like the webroot method of verification, it's awfully good for automating my set up.

Where is the file to alter? I just went looking for content.py and haven't seen it...
josh.p.23 is offline   Reply With Quote
Old 12-05-2015, 01:52 AM   #4
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 28,675
Karma: 7295841
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
If it is already behind apache, then you dont need to do anything in calibre, simply add the webroot rules in the apache conf file.
kovidgoyal is offline   Reply With Quote
Old 12-05-2015, 03:33 AM   #5
josh.p.23
Junior Member
josh.p.23 began at the beginning.
 
josh.p.23's Avatar
 
Posts: 8
Karma: 10
Join Date: Aug 2013
Device: android kindle app, FB Reader, several tablets
Solved

I got it to work by making a universal vhost alias for ./well-known like this

Code:
Alias /.well-known /var/www/LEwebroot/.well-known
<Directory /var/www/LEwebroot/.well-known>
    Options FollowSymlinks
    AllowOverride All
    Order allow,deny
    Require all granted
</Directory>
while having calibre-server running like so in apache

Code:
<VirtualHost *:80>
	ServerName my.vhost.com
	RewriteEngine on
### For letsencrypt ###
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule ^/(.*) http://another.path.to.the.alias.com/$1 [P]
### Letsencrypt fin ###
	RewriteRule ^(.*) http://localhost:8080/$1 [proxy]
	RewriteRule ^ http://localhost:8080 [proxy]
	SetEnv force-proxy-request-1.0 1
	SetEnv proxy-nokeepalive 1
</VirtualHost>
I hit my rate limit testing so I cannot verify this, but the script made it past the url auth step, huzzah.


EDIT: Nevermind. That breaks the server

Last edited by josh.p.23; 12-05-2015 at 03:44 AM.
josh.p.23 is offline   Reply With Quote
Old 12-05-2015, 11:34 AM   #6
josh.p.23
Junior Member
josh.p.23 began at the beginning.
 
josh.p.23's Avatar
 
Posts: 8
Karma: 10
Join Date: Aug 2013
Device: android kindle app, FB Reader, several tablets
So, with that breaking the server, how do I get the calibre redirect to happen while ignoring that one particular url without breaking the server? Or is that... only a dream... a dream...a dream.........
josh.p.23 is offline   Reply With Quote
Old 12-05-2015, 11:48 AM   #7
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 28,675
Karma: 7295841
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
It's been years since I've used apache, but surely it has some form of rule precedence. Give the rule for .well-known a higher precedence.
kovidgoyal is offline   Reply With Quote
Old 04-01-2016, 12:11 PM   #8
josh.p.23
Junior Member
josh.p.23 began at the beginning.
 
josh.p.23's Avatar
 
Posts: 8
Karma: 10
Join Date: Aug 2013
Device: android kindle app, FB Reader, several tablets
Lightbulb SOLUTION!

Hey, so I did finally get this to work. I actually shouted with joy and woke up my kids when it finally did!

For clarity's sake:
  • I am running calibre-server, installed from binary as described here, and daemonized into an upstart job using the instructions here.
  • I am running calibre-server on a headless Ubuntu 14.04 VPS.
  • I'm accessing calibre-server via Apache using a reverse proxy setup, as described here.
  • My goal was to install the official letsencrypt ACME client, and get it to play nicely with my setup, as to take advantage of totally hands-free, automated SSL certificate renewals.

To share the solution:
  • First, as mentioned above, I had to create a static alias for doing the update, since Calibre is served up dynamically and the ACME client calls for a static webroot folder for this. There's great instruction for setting up the LetsEncrypt webroot folder here. There are many advantages to this particular setup.
  • Next I had to alter the virtual host conf file for Calibre. It's quite simple, just add
    Code:
    RewriteCond %{REQUEST_URI} !/\.well-known/.*
    to the virtual host file just above the Rewrite Rules as shown below.
    Code:
    <VirtualHost *:80>
    		ServerName example.com
    	RewriteEngine on
     ---> RewriteCond %{REQUEST_URI} !/\.well-known/.*
    	RewriteRule ^(.*) http://localhost:8080/$1 [proxy]
     ---> RewriteCond %{REQUEST_URI} !/\.well-known/.*
    	RewriteRule ^ http://localhost:8080 [proxy]
    	SetEnv force-proxy-request-1.0 1
    	SetEnv proxy-nokeepalive 1
    </VirtualHost>
    Of course, don't keep those arrows... This works some Mod_Rewrite regex exclusion magic to allow the ACME client to access the "/.well-known" alias path internally and externally for verification purposes without interfering with the calibre-server rewrite proxy. This was where the head was banging against the wall for hours.
  • Assuming a standard letsencrypt client installation: Run the client as root like so:
    Code:
    /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/LEwebroot -d example.com
    And assuming no errors...
  • Perhaps automate future updates by looking here, and here for inspiration. Plenty of info out there if this isn't enough.
  • Now that the certs are in place, and automation is set up moving forward, it's time to alter the virtual host conf file again. This time I added a new virtual host as a redirect to the SSL protected connection like so:
    Code:
    <VirtualHost *:80>
    	ServerName example.com
    	Redirect permanent / https://example.com/
    </VirtualHost>
    and below that, this:
    Code:
    <VirtualHost *:443>
    		SSLEngine on                                                                
    	SSLProtocol all -SSLv2 -SSLv3                                       
            SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
      	SSLHonorCipherOrder     on
    	SSLCompression          off
    	ServerSignature Off
    	AcceptPathInfo Off
    	AddOutputFilterByType DEFLATE text/html text/plain text/xml application/pdf
    	AddDefaultCharset UTF-8
    	SSLOptions +StrictRequire  
     
    	SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    	SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    	SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
    
    	ServerName example.com
    	RewriteEngine on
    	RewriteCond %{REQUEST_URI} !/\.well-known/.*
    	RewriteRule ^(.*) http://localhost:8080/$1 [proxy]
    	RewriteCond %{REQUEST_URI} !/\.well-known/.*
    	RewriteRule ^ http://localhost:8080 [proxy]
    	SetEnv force-proxy-request-1.0 1
    	SetEnv proxy-nokeepalive 1
    </VirtualHost>
  • Finally restart Apache and PRESTO.
Following that simple process Calibre-Server is set up with (forced) SSL encryption from LetsEncrypt with hands free, automated certificate renewals (that optionally email you alerting you of your success).

I wanted to share that solution here because it was such a hassle for me, and hopefully someone can lean on this work.

Happy Day.
josh.p.23 is offline   Reply With Quote
Reply

Tags
calibre-server, encryption, letsencrypt, regex, ssl

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Reimport books from another folder to Calibre folder structure? mendhak Calibre 2 10-11-2013 01:18 AM
changing default folder root ofr odyssey xpj Library Management 8 05-14-2013 02:29 PM
Calibre content server -- save to a folder? Woodstonian Kobo Reader 1 11-02-2012 08:18 PM
News Downloads Auto Saved To Root Folder, in EPUB Format nkormanik Library Management 7 04-09-2011 08:02 PM
News Downloads Auto Saved To Root Folder, in EPUB Format nkormanik Recipes 0 04-08-2011 03:25 AM


All times are GMT -4. The time now is 11:49 AM.


MobileRead.com is a privately owned, operated and funded community.