I solve this by:
- My firewall blocks all incoming connections to ports that are not explicitly opened.
- Calibre listens on a port that is not explicitly opened in the firewall, say 9199, using a command line argument.
- Apache rewrite rules handle connections to https://my_machine/library. I use the "/library" because SSL requires port 443, preventing use of port-based virtual hosts. I can't use name-based virtual hosts because I didn't buy a multi-host cert.
- The reverse proxy rewrite rules connect to calibre on 127.0.0.1:9199
Doing it this way I don't care what calibre listens on or that it uses mDNS (bonjour).
Here are the relevant apache rules, which are probably very similar to what you already have.
Code:
<VirtualHost 69.164.218.38:443>
# Stuff to set up SSL etc elided
# Calibre library
<Location "/library">
AuthType Digest
AuthName "************"
AuthDigestDomain /
AuthDigestProvider file
AuthUserFile **************
Require valid-user
</Location>
RewriteEngine on
RewriteRule ^/library/(.*) http://127.0.0.1:9199/library/$1 [proxy]
RewriteRule ^/library http://127.0.0.1:9199 [proxy]
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</VirtualHost>