MobileRead Forums
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

MobileRead Forums (https://www.mobileread.com/forums/index.php)
-   Server (https://www.mobileread.com/forums/forumdisplay.php?f=277)
-   -   How do you enable HTTPS on the content server? (https://www.mobileread.com/forums/showthread.php?t=303172)

Inukami 07-07-2018 11:52 AM
How do you enable HTTPS on the content server?
 
So I have managed to set up my content server over the internet with passwords as per the instructions HERE. I had to enable port forwarding on my router (iiNet) and also enable port forwarding with my provider and then everything was fine.

It mentions in the calibre manual that you should enable HTTPS on the content server for maximum security. How do you do this? I know I need to put something into Preferences > Sharing over the net > Advanced but not sure where and how to get the path to the HTTPS certificate. I'm using Chrome as my browser. Any help with this would be appreciated.

Thanks,

Inukami :thanks:

gbm 07-07-2018 02:05 PM
You will need to get a certificate first--this is the hard part. Start here. Now you are on your own.

You will probably want to use the Certbot ACME client.

bernie
Quote:
Originally Posted by Inukami (Post 3718016)
So I have managed to set up my content server over the internet with passwords as per the instructions HERE. I had to enable port forwarding on my router (iiNet) and also enable port forwarding with my provider and then everything was fine.

It mentions in the calibre manual that you should enable HTTPS on the content server for maximum security. How do you do this? I know I need to put something into Preferences > Sharing over the net > Advanced but not sure where and how to get the path to the HTTPS certificate. I'm using Chrome as my browser. Any help with this would be appreciated.

Thanks,

Inukami :thanks:

Inukami 07-17-2018 08:55 AM
Quote:
Originally Posted by gbm (Post 3718067)
You will need to get a certificate first--this is the hard part. Start here. Now you are on your own.

You will probably want to use the Certbot ACME client.

bernie
Thanks for this. It seems to be fairly straight forward (instructions are good) once you know the server software and the system which I have no idea. Any help with the first part would be appreciated.

Apache & Ubuntu?

Inukami

kovidgoyal 07-17-2018 09:03 AM
Any linux distro is fine. I would recommend nginx rather than apache for th eserver (a bit easier to configure). And see https://manual.calibre-ebook.com/server.html for how to integrate the calibre server into nginx.

jlosito 08-15-2018 09:23 AM
I've been trying to do this myself, but I'm strictly using command line tools and am experiencing some trouble. I have my systemd unit file and my certificate from letsencrypt. My unit file is below.

Code:
  1 [Unit]
  2 Description=Calibre Content Server
  3 After=network.target
  4
  5 [Service]
  6 Type=simple
  7 PIDFile=/var/run/calibre-server.pid
  8 User=jlosito
  9 Group=jlosito
 10 ExecStart=/opt/calibre/calibre-server \
 11        --port 8081 \
 12        --userdb /srv/calibre/users.sqlite \
 13        --enable-auth \
 14        --access-log /var/log/calibre/access-log \
 15        --log /var/log/calibre/log \
 16        "/run/media/jlosito/7022f255-e61e-43f3-a5a9-216d5559fc84/Calibre Library"
 17
 18 [Install]
 19 WantedBy=multi-user.target
When I add the following two lines to the unit file in ExecStart, everything breaks.

Code:
16        --ssl-keyfile /etc/letsencrypt/live/losito.ddns.net/privkey.pem \
 17        --ssl-certfile /etc/letsencrypt/live/losito.ddns.net/fullchain.pem \
I noticed an error in the logs. It reads as the following:

Quote:
Unhandled exception in state: State: do_ssl_handshake Client: 192.168.1.1:40352 Request: WebSocketConnection
Traceback (most recent call last):
File "site-packages/calibre/srv/loop.py", line 569, in tick
File "site-packages/calibre/srv/loop.py", line 177, in do_ssl_handshake
SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:590)
I'm really stuck and have no idea what to do. Is it required to set up a reverse proxy using nginx or apache?

:help:

gbm 08-15-2018 10:55 AM
Quote:
Originally Posted by jlosito (Post 3737028)
I've been trying to do this myself, but I'm strictly using command line tools and am experiencing some trouble. I have my systemd unit file and my certificate from letsencrypt. My unit file is below.
Spoiler:

Code:
  1 [Unit]
  2 Description=Calibre Content Server
  3 After=network.target
  4
  5 [Service]
  6 Type=simple
  7 PIDFile=/var/run/calibre-server.pid
  8 User=jlosito
  9 Group=jlosito
 10 ExecStart=/opt/calibre/calibre-server \
 11        --port 8081 \
 12        --userdb /srv/calibre/users.sqlite \
 13        --enable-auth \
 14        --access-log /var/log/calibre/access-log \
 15        --log /var/log/calibre/log \
 16        "/run/media/jlosito/7022f255-e61e-43f3-a5a9-216d5559fc84/Calibre Library"
 17
 18 [Install]
 19 WantedBy=multi-user.target
When I add the following two lines to the unit file in ExecStart, everything breaks.

Code:
16        --ssl-keyfile /etc/letsencrypt/live/losito.ddns.net/privkey.pem \
 17        --ssl-certfile /etc/letsencrypt/live/losito.ddns.net/fullchain.pem \
I noticed an error in the logs. It reads as the following:



I'm really stuck and have no idea what to do. Is it required to set up a reverse proxy using nginx or apache?

:help:
EDIT
What OS and version?


Try putting the certfile first:
Code:
--ssl-certfile /etc/letsencrypt/live/losito.ddns.net/fullchain.pem \
 --ssl-keyfile /etc/letsencrypt/live/losito.ddns.net/privkey.pem \
If that does not work then next try coping your certificate files to /opt/calibre, then change the path for them to:
Code:
--ssl-keyfile /opt/calibre/fullchain.pem \
      --ssl-certfile/opt/calibre/privkey.pem \

bernie

kovidgoyal 08-16-2018 02:53 AM
That error indicates youa re sending an http request to an http server. Use a URL of the form

https://server:port

jlosito 08-16-2018 08:11 AM
Quote:
Originally Posted by gbm (Post 3737044)
EDIT
What OS and version?
Below is my OS.

Code:
$ lsb_release --all
LSB Version:        :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID:        CentOS
Description:        CentOS Linux release 7.5.1804 (Core)
Release:        7.5.1804
Codename:        Core
Below is the server.

Code:
$ calibre-server --version
calibre-server (calibre 3.28)
Quote:
Try putting the certfile first:
Code:
--ssl-certfile /etc/letsencrypt/live/losito.ddns.net/fullchain.pem \
 --ssl-keyfile /etc/letsencrypt/live/losito.ddns.net/privkey.pem \
I tried that, but everything works after following @kovidgoyal advice. He hit it right on the head when he stated the following statement.

Quote:
That error indicates youa re sending an http request to an http server. Use a URL of the form
If I enable SSL in the service file, then I have to explicitly use https in the browser. Exactly like he said.

So I think it's somewhat wanted to use a proxy using Apache or Nginx out of convenience. As per Goyal's advice. I think I'm going to try to use Nginx.

Furthermore, I want to thank you all for replying and maintaining this project. I absolutely love it.

soniabu 12-03-2018 05:54 PM
Quote:
Originally Posted by kovidgoyal (Post 3737274)
That error indicates youa re sending an http request to an http server. Use a URL of the form

https://server:port
Great Kovidgoyal: thxs.
I managed to connect from another terminal in the LAN to the server via https. So it works with the certificate I created with openssl: well.
However, the error it indicates is abstruse!
It is not absolutely clear where it indicates to provide https instead of http.
Anyway well so.
The only test I still can't solve is the connection to the Calibre server via the Internet. While giving the command https://my public IP: port
firefox replay: Unable to connect.
anyway thanks Kovidgoyal.
sonia
P.S.
Maybe it is necessary to install Nginx to connect via the internet?

soniabu 12-05-2018 03:16 PM
Calibre Web Server
 
Friends I can not connect from the internet to the web content of Calibre.
I always get this error when I enter: https://89.30.10.190:9090

Secure Connection Failed

The connection to 89.30.10.190 was interrupted while the page was loading.

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.

try again
but the strange thing is that it does not allow me to skip the notification - with the adwanced button, that would allow me to confirm the exception as happens with the use of a LAN terminal.
Can someone suggest some solution to me?
thx sonia

gbm 12-05-2018 04:25 PM
Quote:
Originally Posted by soniabu (Post 3782989)
Friends I can not connect from the internet to the web content of Calibre.
I always get this error when I enter: https://89.30.10.190:9090

Secure Connection Failed

The connection to 89.30.10.190 was interrupted while the page was loading.

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.

try again
but the strange thing is that it does not allow me to skip the notification - with the adwanced button, that would allow me to confirm the exception as happens with the use of a LAN terminal.
Can someone suggest some solution to me?
thx sonia
You will need to manually install your cert into your blower.

e.g Firefox.

https://wiki.wmtransfer.com/projects...ozilla_Firefox

bernie

soniabu 12-05-2018 04:40 PM
thx gmb, Ill try.
sonia

soniabu 12-05-2018 04:58 PM
Quote:
Originally Posted by gbm (Post 3783012)
You will need to manually install your cert into your blower.

e.g Firefox.

https://wiki.wmtransfer.com/projects...ozilla_Firefox

bernie
Bernie,
was already included in firefox
thx again but nothing to do :(
I have a doubt.
To perform the test on the my public ip address, I login with the same PC on which I have the content server calibre. Can all this be done?
I mean: can I access my public address from the same PC that's reachable from that public address?
sonia

Manuel_Senpai 03-27-2020 06:49 AM
Quote:
Originally Posted by kovidgoyal (Post 3727300)
Any linux distro is fine. I would recommend nginx rather than apache for th eserver (a bit easier to configure). And see https://manual.calibre-ebook.com/server.html for how to integrate the calibre server into nginx.
Hello:
In a rasberrypi with raspbian I have installed and running the server of caliber as a Systend demon, but I can only access by http, I would like to know if there is any way to access by https, without having to install a web server, because that is beyond my knowledge... Can I get some free certificate and use it with the caliber server? without anything else, how could I do it?
Thank you for your help.

Translated with www.DeepL.com/Translator (free version)

kovidgoyal 03-27-2020 07:53 AM
You get the https certificates and then pass the path for them to the calibre server via the command line options.


All times are GMT -4. The time now is 05:35 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by: vBulletin
Copyright ©2000 - 3.8.5, Jelsoft Enterprises Ltd.
MobileRead.com is a privately owned, operated and funded community.