Securing Content Server

[d2produce]

So as some of you know I setup a content server which I access from using a link that looks like (My Home IP)Port).

And I've heard this is very unsecure.

How can I protect my content from the prying eyes of hackers and even from my ISP as I gather books from many sources and can't check each ones legitimacy (I have over 50GB of books).

Also I don't want to go the cloud storage way because I just have too much and I'd rather not pay monthly for a cloud service.

Is there a way I can add a https: link? Would that secure it? Is there a way I can avoid using my actual IP address? As I would like to give access to a friend or two I don't want them knowing my home IP.

Any help would be great, thanks.

[kovidgoyal]

Just create user accounts, then only people with the suername and apssword can access your server. If you want to protect against man-in-the-middle attacks then setup http as well.

[d2produce]

Quote:

Originally Posted by kovidgoyal

Just create user accounts, then only people with the suername and apssword can access your server. If you want to protect against man-in-the-middle attacks then setup http as well.

I have user accounts and passwords. But to log into the server whoever uses it need to see my IP. Is that a security risk?

Also if I'm on my phone downloading and uploading books from the server, what if 1 of them happens to be copyright protected? I don't want to get in trouble for "sharing" a book I didn't know was illegitimate. Is this a concern or can ISP not see what I'm downloading/uploading from Calibre?

[kovidgoyal]

IP addresses are not a security risk. If you dont want your ISP to be able to see what books are present use https.

[d2produce]

Quote:

Originally Posted by kovidgoyal

IP addresses are not a security risk. If you dont want your ISP to be able to see what books are present use https.

How do I use https? Do I simply write:

https : // (ip address) : (port)

When I try that it says the page cannot load.

Is there a setting in Calibre to make https or do I need to do something else?

[loviedovie]

Https is not possible for home servers unless you create your own certificate and use apache or similar server.

With regular http, anyone watching your traffic can steal your creds.

Your best bet is to install Vpn server on your calibre pc and access your calibre pc with a vpn client (android, windows etc all have clients). This is secure even if you use http because the tranffic is encyrpted between you and your computer.

I am not talking about getting some vpn service from some provider, I am talking about installing Vpn server. You do need to do some research, it is doable. There are alot of tutorials. You can start with OpenVPN however there might be other options for your platform.

Another option is to install SSH server and connect to your SSH server via clinet (Putty terminal for instance) then forward the Calibre port in ssh client settings. Once done you can acccess it like this (again super secure) after your ssh client connects to your ssh server whch runs on the same pc as Calibre.

your original ip:xxxxx:8080

forward ports 8080:8080 (8080 ->8080, although you can make it any port say 32333)

new calibre ip on remote pc localhost:8080 (literally localhost)

I use SSH to actually connect to Calibre via Calibre Companion app on Android, also I use my device as a wireless device remotely (to sync data). Because the ports are forwarded remotely.



One last option although might sound silly, to install NoMachine (or Teamviewer maybe) and access it remotely. Nomachine is a secure Vnc like connection. You open your browser and access Calibre on your local Calibre server remotely. So everything you do, you are doing remotely on your actual Calibre pc. The you sync the browsers Downloads folders, so books are synced to your remote pc. A bit silly but it is secure.!

Nomachine also lets you map remote drives to your pc where you use the Nomachine clinet from. That could be an option for you too.

[d2produce]

Well I want my Mom and 1 Friend to access it. So I don't want them gaining full access to my pc. I want me, my mom, my 1 friend to be able to log on from any device anywhere. Similar to how I have it set up now where you just type in a Address in your browser.

Do you have to pay for VPNs? or?

How can I set this up for free.

Any links to a guide or a brief explanation would be great as well, thanks.

[loviedovie]

OpenVPn is free and there are many clients for different platforms. Generally there is a client key (which you create during setting app the server) that you send to your mom. And she uses that key in the client app to access your pc ip securely, though she still needs to know your ip.

Openvpn is a server app and free you do not pay to buy it or run it somewhere. It has to run on your Calibre pc.

https://www.youtube.com/results?sear...envpn+tutorial

Basically Vpn is a secure tunnel between the client and the server. It can be used for many things including accessing server drives etc but it is secure since you need a key(and a pass if you setup) to initiate a tunnel between the client and the server.

Your isp or wifi or 4g provider cant monitor the traffic goes through Vpn if it is setup properly.

[d2produce]

Is there a way to make a secure connection so I don't have to pay money?

I don't want to buy a VPN.

If you have a guide please show me thank you.

[loviedovie]

Did you check the youtube link I gave you?

You are not paying for anythying, you just need to install Openvpn folowing some tutorial.

You are mixing up "Vpn" with some paid Vpn services. Those are just Vpn services (probbaly all are using OpenVPn as the backend) not the actual VPN. VPN is the actual protocol, OpenVpn is the implementation of this protocol.

Quote:

Originally Posted by d2produce

Is there a way to make a secure connection so I don't have to pay money?

I don't want to buy a VPN.

If you have a guide please show me thank you.

[PeterT]

I think you are over worrying. If all you do is to forward a port on your router to your PC you are just enabling access to that one port. All that will be listening on that port is Calibre; the only service that will be accessible to the outside will be via that one port and all that will be accessible on that port is Calibre content server, no other resources on your PC will be accessible.

On top of that CCS will require a user ID and password.

Sent from my Nexus 7 using Tapatalk

[PeterT]

Additionally I don't believe that MobileRead allows assistance in sharing content that is non public domain.

Sent from my Nexus 7 using Tapatalk

[d2produce]

Quote:

Originally Posted by loviedovie

Did you check the youtube link I gave you?

You are not paying for anythying, you just need to install Openvpn folowing some tutorial.

You are mixing up "Vpn" with some paid Vpn services. Those are just Vpn services (probbaly all are using OpenVPn as the backend) not the actual VPN. VPN is the actual protocol, OpenVpn is the implementation of this protocol.

I checked the link but none of those videos provided a free alternative it was all people trying to sell their VPNs.

I would still like a secure way of connecting to Calibre with Public Domain content.

[loviedovie]

Not sure what you are seeing there but try this

http://blog.bobbyallen.me/2016/02/07...ndows-2012-r2/

Quote:

Originally Posted by d2produce

I checked the link but none of those videos provided a free alternative it was all people trying to sell their VPNs.

I would still like a secure way of connecting to Calibre with Public Domain content.

[loviedovie]

There is no over worrying when it comes to security. Downplaying the dangers of exposed user creds is no help to anyone. Http is not secure, period.

Quote:

Originally Posted by PeterT

I think you are over worrying. If all you do is to forward a port on your router to your PC you are just enabling access to that one port. All that will be listening on that port is Calibre; the only service that will be accessible to the outside will be via that one port and all that will be accessible on that port is Calibre content server, no other resources on your PC will be accessible.

On top of that CCS will require a user ID and password.

Sent from my Nexus 7 using Tapatalk