Removed some settings from the howto, mainly due to problems with apache reverse proxy to a subdirectory (/calibre/) after the server address:
- using HTTP and no Authentication: able to read books
- using HTTP and Authentication: able to read and upload books, unable to convert them: ajax sends a POST request to
http://FQDN-or-IP/conversion/start/3?library_id=library&sort=timestamp.descthat ends in 404 error (it’s missing the proxied subdirectory/calibre/, or the request should go to calibre server).
The same without using the reverse proxy, directly accessing calibre server (http:FQDN-or-IP:8008/calibre/), works so the problem is in the reverse proxy settings.
Details
#Test Settings
## /etc/httpd/conf.d/zz_calibre.conf
AllowEncodedSlashes On
RewriteEngine on
RewriteRule ^/calibre/(.*) http://127.0.0.1:8008/calibre/$1 [proxy]
RedirectMatch permanent ^/calibre$ /calibre/
## /etc/systemd/system/calibre-server.service
[Unit]
Description=calibre content server
After=network.target
[Service]
Type=simple
User=calibre
Group=calibre
ExecStart=/opt/calibre/calibre-server --userdb=/var/lib/nethserver/calibre/users.sqlite --enable-auth --auth-mode=basic --access-log=/var/log/calibre-server-access.log --log=/var/log/calibre-server.log --port=8008 --url-prefix=/calibre "/var/lib/nethserver/calibre/library"
# Errors
Failed to communicate with "/conversion/start/3?library_id=library&sort=timestamp.desc", with status: [404] Not Found
The requested URL /conversion/start/3 was not found on this server.
[core:info] [pid 3714] [client 192.168.0.11:41600] AH00128: File does not exist: /var/www/html/conversion/start/3, referer: http://192.168.0.2/calibre/
# Request headers (excerpt)
POST /conversion/start/3?library_id=library&sort=timestamp.desc HTTP/1.1
Host: 192.168.0.2
Referer: http://192.168.0.2/calibre/
Content-Type: application/json;charset=UTF-8
Content-Length: 1991
Connection: keep-alive
# Response headers
HTTP/1.1 404 Not Found
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 217
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Have been trying many apache directives, installed mod_proxy_html to try some of its directives too, but I don’t know apache enough to make it work. If someone knows about Apache reverse proxy and is able to help is more than welcome.
Looking at the bright side, a quick test of VirtualHost config seems to work but it’s missing SSL Certificate directives, at least, and some additional polishing:
Virtual Host
# Remember to create a record for the virtual host domain
# --url-prefix on calibre-server.service should not be necessary
# fw_calibreserver can be set to be accessed only from localhost
# --listen-on=127.0.0.1 can be added to calibre-server.service
<VirtualHost *:80>
IncludeOptional conf.d/default-virtualhost.inc
</VirtualHost>
<VirtualHost *:80>
ServerName calibre.domain.tld
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName calibre.domain.tld
SSLEngine On
AllowEncodedSlashes NoDecode
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:8008/$1 [proxy]
</VirtualHost>
Once we find a better config we can add it to the howto.
Have not done any test and we must consider security implications. Here is some useful info:
- Authenticating Apache against Active_Directory
- Apache Module mod_authnz_ldap
- EDIT @stephdl already played with it: Authentication through Apache