MobileRead Forums - View Single Post - Requesting Help Securing a Calibre Server

snesbitt · 08-29-2014, 12:01 PM

While I agree that having user accounts on a web server is a bad idea - and I don't plan on doing it - and that any system breach opens a number of vulnerabilities, the idea of a password in the process table that is accessible to any account at any level still strikes me as a needless vulnerability.

I have actually gone down the path of a reverse proxy using NGINX and basic authorization. The problem I'm running into here is that after successful log in, all further access to the calibre server generates an access error log message. Access is still allowed, but my error log is full of crap.

If any one has successfully placed calibre behind Nginx, I would be most appreciative to look at the NGINX configuration.

08-29-2014, 12:01 PM	#4
snesbitt Junior Member Posts: 5 Karma: 10 Join Date: Aug 2014 Device: snesbitt	Thanks for the input While I agree that having user accounts on a web server is a bad idea - and I don't plan on doing it - and that any system breach opens a number of vulnerabilities, the idea of a password in the process table that is accessible to any account at any level still strikes me as a needless vulnerability. I have actually gone down the path of a reverse proxy using NGINX and basic authorization. The problem I'm running into here is that after successful log in, all further access to the calibre server generates an access error log message. Access is still allowed, but my error log is full of crap. If any one has successfully placed calibre behind Nginx, I would be most appreciative to look at the NGINX configuration.