I run Calibre on my desktop computer. I rsync the Calibre database and files over to my server (so the server has a second copy, distinct from my primary database). I run calibre-web in a Docker container on my server, with the servers copy of the Calibre database mounted read-only into the container. eschwartz mentions that calibre-web only accesses the Calibre data in read-only mode, which is probably true, but I don't recall seeing that mentioned in the calibre-web documentation. However, if you also mount that data read-only into the Docker container, you guaranty that it is read-only.
Just a few minutes ago, coincidentally, I posted my Docker config for calibre-web in a different thread. Here's a link to that:
https://www.mobileread.com/forums/sh...1&postcount=66