Caliber-Web with Reverse Proxy

Smithoo4 · January 28, 2023, 1:28pm

I am trying to set up Caliber-Web behind a reverse proxy on NixOS, and so far I have not had any success.

I have tried the basic:

  # Calibre-Web
  services.calibre-web= {
    enable = true;
    group = "media";
    options = {
      calibreLibrary = "/mnt/media/ebook";
      enableBookUploading = true;
    };
  };

With this, I can access the web interface on localhost:8083. I have a working virtual host that I have used to proxy other items:

  services.nginx = {
    enable = true;

    # Use recommended settings
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    commonHttpConfig = ''
      # Add HSTS header with preloading to HTTPS requests.
      # Adding this header to HTTP requests is discouraged
      map $scheme $hsts_header {
          https   "max-age=31536000; includeSubdomains; preload";
      }
      add_header Strict-Transport-Security $hsts_header;
    '';
  
    virtualHosts."example.com" = {
      enableACME = true;
      forceSSL = true;

To this, I have added the following location:

    locations."/" = {
      proxyPass = "http://127.0.0.1:8083";
      proxyWebsockets = true;
      extraConfig =
       "client_max_body_size 1024M;"
        ;
    };

However, when I point a web browsers to this location, I get the Nginx 502 Bad Gateway page.

I have tried playing around with the reverseProxyAuth Nixos option:

  # Calibre-Web
  services.calibre-web= {
    enable = true;
    group = "media";
    options = {
      calibreLibrary = "/mnt/media/ebook";
      enableBookUploading = true;
      reverseProxyAuth.enable = true;
      reverseProxyAuth.header = "admin";
    };
  };

But this to give me he Nginx 502 Bad Gateway page.

I have found the following direction to get Caliber-Web behind a Reverse Proxy in general Linux and tried putting them into my Nix config with the extraConfig = option, but this too gives the Nginx 502 Bad Gateway page.

https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy

Any suggestion on how to get Caliber-Web with a Reverse Proxy working on NixOS? Bonus points to get it to work in a subdirectory, e.g. https://example.com/calibre-web.

Thank you

noah · January 28, 2023, 3:01pm

Did you set the X-Script-Name header in Nginx to /calibre (or /calibre-web, that’s what I’m using in my own configuration)?

If it’s helpful, here is my current working calibre-web configuration.

Unfortunately, are a few things that are different in my setup:

I’m using Caddy instead of Nginx.
I’m not using reverse proxy auth (I stick with native calibre-web auth).
I’m using Cloudflare in front of Caddy, which means I have to patch calibre-web because the session is constantly invalidated.
I set openFirewall to true, but that was probably a mistake, since I expect to serve with Caddy. I think this was leftover from when I was debugging.

Smithoo4 · January 29, 2023, 12:30pm

I believe I have resolved the issue. The problem appears to be that services.calibre-web.listen.ip settings defaults “::1” and I was using 127.0.0.1 in the revers proxy. I tried changing the revers proxy to uses localhost, which changed the Nginx error from 502 to 500. However, in the end I set services.calibre-web.listen.ip to 127.0.0.1 and everything worked. Below are my configs:

  # Calibre-Web
  services.calibre-web= {
    enable = true;
    group = "media";
    listen = {
      ip = "127.0.0.1";
      port = 8083;
    };
    options = {
      calibreLibrary = "/mnt/media/ebook";
      enableBookUploading = true;
      enableBookConversion = true;
    };
  };

    locations."/calibre-web" = {
      extraConfig = "
                proxy_bind           $server_addr;
                proxy_pass           http://127.0.0.1:8083;
                proxy_set_header     Host $host;
                proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header     X-Scheme        $scheme;
                proxy_set_header     X-Script-Name   /calibre-web;  # IMPORTANT: path has NO trailing slash
                client_max_body_size 1024M;
      ";
    };

Thank you

Sandro · January 29, 2023, 4:20pm

extraConfig is a string multiline setting and should use multi line strings.

extraConfig = ''
  client_max_body_size 1024M;
'';

Note two single quotes instead of one double.