06-23-2017, 03:41 AM | #16 | |
Grand Sorcerer
Posts: 6,293
Karma: 11806357
Join Date: Jun 2009
Location: Madrid, Spain
Device: Kobo Clara/Aura One/Forma,XiaoMI 5, iPad, Huawei MediaPad, YotaPhone 2
|
Quote:
|
|
06-23-2017, 02:22 PM | #17 |
Junior Member
Posts: 7
Karma: 10
Join Date: Nov 2013
Device: iOS
|
I was about to start a new thread when I found this one, which seems to explain my problem - I too host my Calibre library on a NAS, run the content server on one (headless) Mac, and add/maintain content from a copy of Calibre running on a different Mac. I start and keep the server process running via LingonX - been doing all of this for quite a while.
All of this works fine, except I'd noticed that with 3.x when I added new content to the library, it wasn't showing up in the content server web interface, or the OPDS listings, until I restarted the content server. Would a command-line option to run the content server as a strictly read-only process solve any of this? I'm trying to schedule a nightly re-start of the content server process (again with LingonX) as a workaround. |
Advert | |
|
06-23-2017, 03:17 PM | #18 |
Member
Posts: 12
Karma: 10
Join Date: Jun 2017
Device: Android
|
Changes V2 -> V3
Hi everybody,
just jumping in this thread as I actually upgraded from Calibre 2.x to Calibre 3.1.1 and stumbled across the various architectural changes in the 3.x version. In the 2.x Version I used multiple calibre-server instances bound to different ports with different url-prefixes and different virtual-libraries which in the new version is quite different / harder / even not possible(?) to implement. Background and solution in V2:
So far so good, this worked as expected.. the different LDAP Users got different virtual libraries in the portal and so - for example - children didn't get access to adult content. Now I wanted to adopt this behaviour to V3 and came across these issues which I could partially solve:
Now I stuck at the point to start multiple calibre-server instances for presenting different url prefixes that map to different calibre-users and so to different virtual libraries. As mentioned in this thread, it is not possible to start different server instances any more?? When one calibre-server is running and I want to start a second one (with different options but the same big library) I get this error: "Another calibre program such as another instance of calibre-server or the main calibre program is running. Having multiple programs that can make changes to a calibre library running at the same time is not supported" The part "that can make changes to a calibre library" is the important one as the calibre-server instances (in my case) never ever will do any changes as they should just give read-only access to the library. Isn't there any option to tell calibre-server it should run in a somehow "global read-only" mode (as this would be absolutely enough)? In this case, data-loss can't occour with concurrent writes. I just tried "--disable-local-write" but this didn't work, the error remains. IMHO there could be different solutions to solve this:
Or did I miss something? Or does anyone have another hint how I could achieve the V2 solution in V3? Greetings and thx in advance! Snoopy |
06-23-2017, 11:47 PM | #19 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
@snoopy: A single content server instance can now serve all your libraries. So there is no need to run multiple instances.
@HendelTBD: I'm afraid there is not going to be an option to run the server readonly, this is because the server is now fundamentally read/write in that many core operations it does require write access to the db. As time passes more and more of these operations will be exposed in the main server interface and trying to maintain two different versions of that interface is too difficult. So if you want to simulate readonly behavior, your best bet is to have a script that rsyncs the library to the server computer, and restart the the content server there. |
06-24-2017, 06:54 AM | #20 |
Member
Posts: 12
Karma: 10
Join Date: Jun 2017
Device: Android
|
@kovid
Because of your very common statement which can just be found in the calibre docs, I think you didn't really read / understood my post, do you? It's absolutly clear that one calibre-server can serve multiple virtual libraries with the help of the new userdb in a very simple use case. I absolutly understood how this works as I implemented that for testing without the apache proxy, no problem. But with the current restriction (no multiple calibre-server instances allowed) my use case I described above is much harder / impossible(?) to implement. Please answer this core question resulting of my scenario and the restrictions you implemented with V3: How can a single (existing) apache with enabled Basic Auth and LDAP Backend as own User / Group Management act as a single-entry-point ReverseProxy for multiple virtual libraries if just one calibre server with one url-prefix and one port may run? It is NOT possible to have multiple Basic Auths (first the one from apache and second the one from calibre afterwards) one after the other. To explain this further: You open the URL of the apache reverseproxy for one calibre-server lets say: https://myhost.dyndns.org/calibre (calibre-server in the backend runs with "--url-prefix /calibre" and enabled auth with a userdb) Now this happens:
(BTW: In general it would be not very comfortable to have to enter different credentials twice for entering a service even it would technically work...) Last edited by snoopy_1978; 06-24-2017 at 07:01 AM. |
Advert | |
|
06-24-2017, 08:08 AM | #21 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Umm just use the Virtual library facility inside the server. i.e. any user that wants to restrict the view to a virtual library can simply choose that virtual library by clicking the three dots in the top right corner and choosing Virtual Library.
Instead of describing your somewhat convoluted existing setup, why dont you describe what you are actually trying to do. And I dont see what apache with LDAP as a reverse proxt has to do with anything. The calibre server does not care how it gets the authentication headers, whether directly from a browser or via a proxy in the middle. |
06-26-2017, 10:50 AM | #22 | |||
Member
Posts: 12
Karma: 10
Join Date: Jun 2017
Device: Android
|
Quote:
What I never tried is if you can restrict access to this button / "choose - virtlib site" with the help of Apache, but for me this is not as important. And with V3 thanks of the new userdb (in general a good idea I think) access can be restricted. Quote:
Perhaps some pictures will clear things up. In the attachments in "calibre-V2.png" you find the architecure I implemented with calibre-server V2. As you can see, I have with V2:
Now I want the same in V3, nothing more, nothing less. For the following descriptions look in the attachments at "calibre-V3.png": As you can see here, just one calibre-server can be started, as u restricted that and thefore the "--virt-lib" option doesn't make sense of course. What is more: because of the need of "--url-prefix" it isn't possible any longer to have different Apache-Locations ReverseProxying now the only calibre-server as the "Location" directive in Apache has to match the "--url-prefix" Option in calibre, otherwise calibre builds the wrong URLs. And so I can just have one Apache Location "/calibre" to which all LDAP Users ("John", "Jane" and "Sandra") now have to have access. With V2 this was the point where I could control / restrict access. But how can access now be restricted for "Sandra" to the "NonAdult" Virt.Lib like before in V2? In V3 this can just be achieved with enabling the calibre-auth and - in the new userdb - mapping users to virt.libs. In my example u can see two (technical) users in the calibre-userdb. "All", which is not restriced, and "NonAdult" which is restricted to the virt.lib. "NonAdult". (To be exact: a SearchString filtering out Books with concerning tags) BUT: This implementation does not work at all because of the two BasiceAuths (Apache + calibre) following each other, which leads me to your next statement: Quote:
Will try again to describe in more detail, why this can't work (look at image "calibre-V3.png"):
So again my question: How would u build this scenario in V3 (Basic auth enabled Apache as Proxy and calibre with restricted virtual - libs)? Last edited by snoopy_1978; 06-26-2017 at 11:09 AM. |
|||
06-26-2017, 11:15 AM | #23 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
I dont understand why you are having a problem. You want to restrict users to particular libraries/virtual libraries, use the userdb feature for that. And let calibre do the authentication instead of apache, just use a script in crontab to update the calibre db with the users from ldap. The calibre userdb is a simple sqlite db.
|
06-26-2017, 11:24 AM | #24 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
In fact, in the next release I will modify the --manage-users option to calibre-server so that you can use it to easily programmatically manipulate the user database, if needed.
|
06-26-2017, 11:33 AM | #25 | |
Member
Posts: 12
Karma: 10
Join Date: Jun 2017
Device: Android
|
Quote:
|
|
06-26-2017, 11:40 AM | #26 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
You have hashed passwords then you have to work a little more. Have your script insert some default password into the calibre database and have apache re-write the Authorization header to use that default password instead (also make sure you pass --auth-mode=basic to the calibre server).
|
06-26-2017, 11:42 AM | #27 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Oh and since the calibre server supports digest authentication with the MD5-SESS algorithm, not just basic, it cannot store hashed passwords.
|
06-26-2017, 11:43 AM | #28 |
Member
Posts: 12
Karma: 10
Join Date: Jun 2017
Device: Android
|
Another option I'm currently playing around witht is the "RequestHeader" directive in Apache.
With this it is possible to send / modify the AuhtorizatonHeader to the backend server (calibre in this case). Technically this works, in the location "/calibre" I inserted RequestHeader set Authorization "Basic <base64 encoded User:Pass String>" And now after entering the correct LDAP credentials, calibre doesn't ask for a user, as apache send correct AuthHeaders to calibre now. But now I had to decide somehow, which User:Pass String I have to send from Apache when user "Sandra" logs in or user "John". Here again different Locations in Apache could help:
But therefore, the "--url-prefix" option in calibre had to be removed and calibre had to determine the prefix automatically. |
06-26-2017, 11:52 AM | #29 |
Member
Posts: 12
Karma: 10
Join Date: Jun 2017
Device: Android
|
In this case (even if I would know them) I would NEVER EVER sync productive User/Passwords (which are used as Single-Sign-On in other Services) from an LDAP to the calibre UserDB. If this sqlite database gets stolen somehow... don't want to think further...
|
06-26-2017, 12:19 PM | #30 |
creator of calibre
Posts: 44,041
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
You are syncing default passwords, sow hat earthly difference does it make?
|
Tags |
calibre 3.0, content server, read-only, standalone |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
calibre-sync: Automatically download books from your Calibre Content Server onto Kobo | mishagale | Related Tools | 14 | 05-13-2019 05:18 PM |
Calibre Content Server and Windows Home Server 2011 | HughMcC | Calibre | 8 | 10-01-2014 07:26 AM |
Standalone content-server and Calibre Companion issues | duckpuppy | Devices | 2 | 11-08-2012 07:54 AM |
500 Internal Server Error accessing content server Calibre 0.8.8 | DaddyO57 | Calibre | 1 | 07-20-2012 06:08 PM |
calibre content server only. | nesvarbu | Calibre | 5 | 02-18-2011 03:40 AM |