01-19-2023, 07:57 PM | #1 |
Addict
Posts: 224
Karma: 10
Join Date: Jul 2012
Device: Kindle
|
Calibre-Web No-IP SSL Setup
Running C-W on a RPi 4; great setup!
I recently switched to No-IP for ddns service. All the normal website setup went smooth using C-W default port 8083. But I want to make it more secure for users by adding SSL. No-IP is not now providing free SSL certs, so I went about creating 'self-signed' certs and installing the recommended apache2 software on the RPi. That all went well. I then went into the C-W setup for SSL, found the .crt and .key files and added their paths. The C-W docs indicate using port 443 is 'optional', so I left that set for 8083. Thinking that was all that was needed, I simply rebooted the RPi, and a crontab setting starts the /home/pi/.local/bin/cps on boot. Also, I could login locally ok. And indeed C-W started ok (2 cps processes were running), but when I attempted to login over the internet, using https://somesitet, I got my modem/router login screen...not something I want happening, LoL. I do have port 80 forwarded to 8083 in the ISP's modem/router. I am a total newb as far as working with SSL, and am obviously missing something here. Is there something I have t setup at No-IP? Apache2? Monty Last edited by MontyJ; 01-19-2023 at 08:06 PM. Reason: add details |
01-20-2023, 09:36 AM | #2 |
Guru
Posts: 721
Karma: 10738
Join Date: Nov 2012
Device: iPad & iPhone with Marvin 2 + 3 & Kobo Glo HD
|
@MontyJ
Some remarks (R) about your post: (R1) calibre-web and PPi4 is a nice combo. Run it from an USB-SSD not from a SD card. (R2) No-IP free or paid? Take a look at duckdns.org or freemyip.com for FREE. (R3) SSL = security = great! Why not use Let's encrypt? https://pimylifeup.com/raspberry-pi-ssl-lets-encrypt/ Better than self signed certs! (R4) https:// = port 443 (in your setup you have forwarded port 80 to 8083) This does not work. How you get your modem/router login screen is beyond my understanding..... unless you modem router is open to the www. NOT GOOD! You should forward port 443 to port 8083. No guarantee it will work. The portforward 80 to 8083 should be closed. Please report back if this works. If not we'll go the Letsencrypt route with reverse proxying in apache2. (Easy if you know how, but the learning curve is not flat.) |
01-23-2023, 08:53 AM | #3 |
Addict
Posts: 224
Karma: 10
Join Date: Jul 2012
Device: Kindle
|
@Mariosipad
Thanks for the tips! I am running a 1TB SSD for the ebook database, which is quite large. C-W itself is installed normally on a 128GB SD card. I am on a paid sub with No-IP. I wanted support, which was hit/miss with the previous Pagekite ddns service I used. However, No-IP can't/won't help much with a self-signed cert install, and their supported one costs too much for me. I will switch to port 443 and if that doesn't work, will check out Lets Encrypt. I will post back on results. Thanks again! Monty |
Thread Tools | Search this Thread |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Calibre Server for Windows and SSL | arcegabriel | Server | 7 | 12-06-2020 10:21 PM |
Calibre Server Web Reader works only partial on my setup | aCIDsLAM | Calibre | 6 | 08-24-2017 05:15 AM |
Getting Calibre-Companion to Work With SSL | RedArmy | Calibre Companion | 6 | 11-04-2016 08:33 AM |
Wrapping Calibre in SSL, Issue. | Fmstrat | Calibre | 3 | 01-31-2012 10:29 PM |