Calibre - Personal E-Book Manager

Calibre is a powerful and easy to use e-book manager. Users say it’s outstanding and a must-have. It’ll allow you to do nearly everything and it takes things a step beyond normal e-book software.

The calibre Content server allows you to access your calibre libraries and read books directly in a browser on your favorite mobile phone or tablet device. As a result, you do not need to install any dedicated book reading/management apps on your phone. Just use the browser. The server downloads and stores the book you are reading in an off-line cache so that you can read it even when there is no internet connection. 

Let try setup your own personal e-book manager on your local homelab server or cloud VPS like Oracle Cloud.

1. Setup an Ubuntu minimal 22.04 VM or cloud instance. Install the calibre's dependencies.

sudo apt-get nano cron wget rsyslog logrotate lsof
sudo apt-get install libegl1 libopengl0 libfontconfig libxkbcommon0 libgl1-mesa-glx libnss3 libxcomposite1 libxdamage1 libxrandr2 libxtst6 libxkbfile1

2. Download and install the latest calibre to the /opt directory. You can always inspect the installation script first before run it.

wget -nv -O- https://download.calibre-ebook.com/linux-installer.sh | sudo sh /dev/stdin install_dir=/opt

3. Create directory to store the calibre's ebook library.

mkdir /home/ubuntu/calibre_library

4. Download ebook and add it to your calibre's library.

wget http://www.gutenberg.org/ebooks/1661.kindle.noimages -O adventuresofsherlockholmes.mobi 

calibredb add adventuresofsherlockholmes.mobi --with-library /home/ubuntu/calibre-library

5. Let test start calibre from command line.

ubuntu@calibre:~$ calibre-server /home/ubuntu/calibre-library/
calibre server listening on 0.0.0.0:8080
OPDS feeds advertised via BonJour at: xxx.xxx.xxx.xxx port: 8080

6. Create systemd script (/etc/systemd/system/calibre-server.service) to autostart the service. Optional to customize your calibre-server with multiple options.

[Unit]
Description=calibre Content server
After=network.target

[Service]
Type=simple
User=calibreuser
Group=calibregroup
ExecStart=/opt/calibre/calibre-server "/home/ubuntu/calibre-library" --port 8080

[Install]
WantedBy=multi-user.target

7. Enable and start the calibre-server service.

sudo systemctl enable calibre-server --now

8. If you are running any firewall, remember to allow incoming ingress rule for your calibre port.

ubuntu@calibre:~$ sudo iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8080
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

9. Access the calibre's content server in browser via link http://xxx.xxx.xxx.xxx/:8080.

10. Let configure authentication to improve security and allow upload/delete ebook via webUI. Add new user to calibre's user database.

ubuntu@calibre:~$ calibre-server --manage-users

1) Add a new user
2) Edit an existing user
3) Remove a user
4) Cancel

What do you want to do? [1-4]: 1
Enter the username: user1
Enter the new password for user1:
Re-enter the new password for user1, to verify:
User user1 added successfully!

11. Edit /etc/systemd/system/calibre-server.service to allow authentication and local write access to make changes to calibre. Optional to set ban for invalid login too.

ExecStart=/opt/calibre/calibre-server "/home/ubuntu/calibre-library" \
--port 8080 --enable-local-write \
--userdb "/home/ubuntu/.config/calibre/server-users.sqlite" \
--enable-auth \
--ban-after 5 --ban-for 360

12. Restart calibre-server service.

sudo systemctl daemon-reload
sudo systemctl restart calibre-server

13. Optional: Setup cron job to auto upload ebook. Copy your epub or mobi ebook to the temp directory and the scheduled cron job will auto upload it. Remember to set the script to run same as your calibre user to prevent any permission issue.

mkdir /home/ubuntu/calibre-temp

#/etc/cron.d/calibre
*/5 * * * * calibreuser calibredb add /home/ubuntu/calibre-temp/ -r --with-library http://localhost:8080#calibre-library --username user1 --password user1password && rm -r /home/ubuntu/calibre-temp/* 2> /dev/null

14. After setup user authentication to calibre's library, let encrypted the connection via HTTPS. There are few way to do it.

14.1. Option 1: Create self-signed SSL cert for calibre HTTPS.

mkdir /home/ubuntu/ssl-cert

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/ubuntu/ssl-cert/calibre-selfsiged.key -out /home/ubuntu/ssl-cert/calibre-selfsigned.crt

14.1.1. Start the calibre service with the ssl-keyfile/certfile options. Btw, enable calibre HTTPS webUI will break the auto upload ebook cron job as it does not support SSL handshake directly. To use both cron job and HTTPS, use apache2 reverse proxy instead.

ExecStart=/opt/calibre/calibre-server "/home/ubuntu/calibre-library" \
--port 8080 --enable-local-write \
--userdb "/home/ubuntu/.config/calibre/server-users.sqlite" \
--enable-auth \
--ban-after 5 --ban-for 360 \
--ssl-keyfile /home/ubuntu/ssl-cert/calibre-selfsigned.key \
--ssl-certfile /home/ubuntu/ssl-cert/calibre-selfsigned.crt

14.2. Option 2: Apache web server HTTPS reverse proxy. Install apache2 and enable the proxy_http module. Create /etc/apache2/sites-available/calibre.conf with below configuration.

sudo apt-get install apache2

sudo a2enmod proxy_http

#/etc/apache2/sites-available/calibre.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

<VirtualHost *:80>
ServerName your_FQDN
AllowEncodedSlashes On
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8080/"
</VirtualHost>

14.2.1. Enable the calibre web configuration and restart apache2 service afterward.

sudo a2dissite 000-default
sudo a2ensite calibre.conf 
sudo systemctl restart apache2

14.2.2. To force HTTP to HTTPS with your self-signed SSL cert, enable apache2 SSL module and edit /etc/apache2/sites-available/calibre.conf as below. Change the server name and IP accordingly.

sudo a2enmod ssl

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

<VirtualHost *:80>
ServerName your_FQDN
Redirect "/" "https://xxx.xxx.xxx.xxx/"
</VirtualHost>

<VirtualHost *:443>
ServerName your_FQDN
#DocumentRoot /var/www/your_domain_or_ip

SSLEngine on
SSLCertificateFile /home/ubuntu/ssl-cert/calibre-selfsigned.crt
SSLCertificateKeyFile /home/ubuntu/ssl-cert/calibre-selfsigned.key

AllowEncodedSlashes On
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8080/"
</VirtualHost>

14.3. Option 3: If you want to use Let's Encrypt free SSL cert, setup a valid FQDN in your apache, I am using no-IP.com and use certbot to get the free SSL cert.

sudo install python3-certbot-apache
sudo certbot --apache

15. Remember to update your firewall rules to allow ingress TCP 80/443 for the apache2 web access. No longer needed to allow incoming ingress for the calibre port access.

ubuntu@calibre:~$ sudo iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHE
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited