Nginx Calibre Proxy

[Ackis]

Good morning everyone - I've been trying to get my calibre server to work behind a reverse proxy, however I've been having various issues.

This setup that I've done has worked for other services (e.g. couchpotato).

Ideally I'll get it running being a ssl connection, but my first goal is to get it working so I can access it via:

http://calibre.local
http://home.local/calibre

These are my nginix configs:


This config is commented out - eventually it'll redirect http://calibre.local to https://calibre.local

Quote:

#server {
# listen 80;
# server_name calibre.local;
# return 301 https://$server_name$request_uri;
#
# access_log /var/log/nginx/sites/calibre/access.80.log;
# error_log /var/log/nginx/sites/calibre/error.80.log info;
#}

Right now this is a normal http proxy - eventually will be ssl

Quote:

server {
listen 80;
# listen 443 ssl;
server_name calibre.local;

location / {
proxy_pass http://192.168.0.199:8080/;
proxy_redirect http://192.168.0.199:8080/calibre/ /;
#proxy_set_header X-Forwarded-Proto https;

access_log /var/log/nginx/sites/calibre/access.443.log;
error_log /var/log/nginx/sites/calibre/error.443.log info;
}
}

My home.local config - obviously http://home.local/calibre won't work

Quote:

server {
listen 80 default;
listen 443 ssl;
server_name home.local;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

if ( $scheme = http )
{
rewrite ^ https://$server_name$request_uri? permanent;
}

include /etc/nginx/conf.d/ssl.conf;

location / {
root /var/www/intranet;
index index.html index.htm;
access_log /var/log/nginx/sites/intranet/access.log;
error_log /var/log/nginx/sites/intranet/error.log;
}

# Calibre doesn't support HTTPS?
# location /calibre {
# include /etc/nginx/conf.d/proxy.conf;
# proxy_pass https://192.168.0.199:8080/calibre;
# access_log /var/log/nginx/sites/calibre/access.log;
# error_log /var/log/nginx/sites/calibre/error.log info;
# }

proxy.conf

Quote:

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;
#proxy_redirect http:// $scheme://;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

ssl.conf

Quote:

#ssl on;
ssl_certificate /opt/sslkey/server.crt;
ssl_certificate_key /opt/sslkey/server.key;

ssl_session_timeout 5m;

# Perfect forward secrecy
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_ciphers ECDH+AESGCMH+AESGCM:ECDH+AES256H+AES256:ECDH+A ES128H+AES:ECDH+3DESH+3DES:RSA+AESGCM:RSA+AES: RSA+3DES:!aNULL:!MD5:!DSS;
#ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+S HA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+a RSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNUL L:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4

# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";


ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

This is my calibre.service file:

Quote:

[Unit]
Description=Calibre eBook Server
After=network.target

[Service]
Type=forking
User=calibre
Group=calibre
PIDFile=/var/run/calibre/calibre-server.pid
ExecStart=/usr/bin/calibre-server \
--daemonize \
--max-cover=600x800 \
--max-opds-items=100 \
--max-opds-ungrouped-items=100 \
--url-prefix /calibre \
--username=calibre \
--port=8080 \
--pidfile=/var/run/calibre/calibre-server.pid \
--with-library=/media/eBooks/

[Install]
WantedBy=multi-user.target

[kovidgoyal]

Why have you got both proxy_pass and proxy_redirect? You cannot acces it both as a top level and under /calibre -- that makes no sense. Pick one, for example, if you want it under /calibre

Code:

location /calibre
{
proxy_pass http://localhost:8080/calibre;
}

And run the calibre server with

calibre-server --url-prefix /calibre

or if you want to devote a whole virtual host to it

Code:

server http://whatever
location / {
proxy_pass http://localhost:8080;
}

and run calibre without --url-prefix

[Ackis]

Quote:

Originally Posted by kovidgoyal

Why have you got both proxy_pass and proxy_redirect? You cannot acces it both as a top level and under /calibre -- that makes no sense. Pick one, for example, if you want it under /calibre

Because I want to be able to access it via calibre.local and home.local/calbre

Anyways to the problem at hand, my configuration was correct however I had this set:

Code:

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

Because I had accessed calibre.local via https previously my browser continued to go to the https version regardless of what address I typed.