How to remotely access your ebooks library with Calibre server

Calibre is, without a doubt, the most featured ebook manager available on Linux and other operating systems. The application is completely free and open source: it lets us easily organize, convert and sync our ebooks with a variety of devices and ebook readers. Calibre has an included media server, which can be used to remotely access a library.

In this tutorial we see how to install Calibre in some of the most used Linux distributions, and how to launch and configure the Calibre server.

In this tutorial you will learn:

  • How to install Calibre
  • How to start and configure the Calibre server
  • How to allow library modifications for local connections or specific IPs
  • How to enable authentication in the Calibre server
  • How to encrypt communications with the Calibre server using https
  • How to create a Systemd service to start and enable the calibre-server at boot
How to remotely access your ebooks library with calibre server
How to remotely access your ebooks library with Calibre server
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Distribution agnostic
Software calibre
Other Privileged access to your Linux system as root or via the sudo command in order to perform system-wide installation of required packages
Conventions # – requires given linux-commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux-commands to be executed as a regular non-privileged user

Installing Calibre

Calibre is free and open source software. It is mainly written in Python, and actively developed on Github. The application is available in the official repository of all the major Linux distributions. To install Calibre on Debian, and Debian-based distributions, all we have to do, is to run the following command:

$ sudo apt install calibre

Talking about Debian-based distributions, is worth noticing that the installation of Calibre on Raspberry Pi OS Bullseye is broken at the moment of writing, since the “qtwebengine” package, required as a dependency, is not supported on the armv6 architecture. If you are using a recent Rpi model (>= 3) and an arm64 system, you should be able to install the flatpak version of Calibre (see below).

To install Calibre on Fedora, we can use dnf:

$ sudo dnf install calibre

Installing Calibre on Archilinux is just as easy, since the application is available in the “Extra” repository:

$ sudo pacman -S calibre

Except for Archlinux, where applications are always kept up to date, the version of Calibre available in the distributions repositories can be quite old. At the moment of writing, for example, the latest version of Calibre is 6.23.0, however, the one available in Fedora repositories is 5.43.0 (on Debian stable we are stuck with version 5.12.0!). In order to install the latest version of Calibre, in a distribution-agnostic way, we can use flatpaks.

Installing Calibre as a flatpak

In order to install the Calibre flatpak, first we must ensure flatpak itself is installed in our system. If using Debian:

$ sudo apt install flatpak

On Fedora and Fedora-based distributions:

$ sudo dnf install flatpak

On Archlinux, instead:

$ sudo pacman -S flatpak

The next step consist into ensuring the “flathub” repository is available as a software source. In the following examples we make flatpak-related actions as unprivileged users, therefore the software won’t be available system-wide. This has the advantage of not requiring privilege escalation, and is the ideal solution if you are using Calibre on a single-user machine. If you want to perform a system-wide installation, however, you can just prefix the commands with sudo and omit the --user flag. To add the flathub repo we run:

$ flatpak --user remote-add --if-not-exists flathub

To actually install Calibre, instead, we run:

flatpak --user --assumeyes install flathub com.calibre_ebook.calibre

In the command above the --assumeyes option is used to automatically answer affirmatively to the interactive prompt. You may want to omit it, to inspect the Calibre flatpak dependencies before actually installing them.

Staring the Calibre server

To start the Calibre server from the Calibre GUI, all we have to do is to click on Connect/Share -> Start Content Server in the main menu:

starting the calibre server from the GUI
Starting Calibre server from the GUI

At this point we should be able to reach our library at localhost:8080:

Calibre server interface
Calibre server interface

To start the calibre server on an headless system, we can run the calibre-server CLI utility and pass the path of the calibre library as argument:

$ calibre-server /path/to/library

If using the flatpak version of Calibre, instead:

$ flatpak --command="sh" run com.calibre_ebook.calibre -c "calibre-server /path/to/library"

Basically, the command should be passed as argument to the -c option: this is valid for all the commands we will report from here on.

Managing the Calibre server

The Calibre server can be managed both from the GUI, from preferences -> Sharing over the net , or  using the CLI utility. In this tutorial we will focus on the latter.

Changing the server port

To change ther port used by the server,  we can use the --port option. To make the Calibre server listen on port 8000, for example, we would run:

$ calibre-server --port=8000  /path/to/library

Running the server in daemon mode

To execute the server as a daemon, so that it works in the background, we can use the --daemonize option:

$ calibre-server --daemonize /path/to/library

Allowing local library changes through the web interface

When authentication is disabled (default), the server runs in read-only mode. This means any changes made to the library via the web interface, is not effective. To change this behavior and allow “write privileges” to requests originating from the same machine the server is running on, we can use the --enable-local-write option:

$ calibre-server --enable-local-write /path/to/library

Setting up authentication

The first thing we have to do to in order to enable authentication, is to create the database containing the users authorized to access the Calibre server. In order to do that, we can run calibre-server with the --manage-users option, and specify the path where we want to store the database, passing it as argument to--userdb. This invokes an interactive guide, which let us add, edit and remove new users:

$ calibre-server --manage-users --userdb=calibre_users.sqlite

1) Add a new user
2) Edit an existing user    
3) Remove a user
4) Cancel

What do you want to do? [1-4]: 1

In this case, just as an example, we specified we want the database created in the current working directory, as “calibre_users.sqlite”. To add a new user, we selected and confirmed the first entry in the menu, then we provided an username and a password:

Enter the username: calibreuser
Enter the new password for calibreuser: 
Re-enter the new password for calibreuser, to verify: 
User calibreuser added successfully!

Now, to actually enable authentication, we must launch the server with the --enable-auth option, and again, specify the path of the database:

$ calibre-server --userdb=calibre_users.sqlite --enable-auth /path/to/library

To access the library, we must now provide the username and the password we previously specified:

Calibrare database authentication
Calibre server authentication

To ban a specific IP after a predefined number of failed authentications, we can launch the server with the additional --ban-after option, and provide the number of failed authentication attempts which will trigger the ban.

Allowing modifications from specific IPs without authentication

As a partial alternative to authentication, we can launch the server with the --trusted-ips option, passing a comma-separated list of IP addresses allowed to perform modifications. For example, suppose we want to authorize writing operations from the IP. We would run:

$ calibre-server --trusted-ips= /path/to/calibre/library

Logging access requests

By default Calibre server doesn’t log access requests. If we want to enable this feature, all we have to do is to use the --access-log option, and pass the path of the log file as argument. To run the server and log accesses to a file in the current working directory, for example, we would run:

$ calibre-server --access-log=calibre_access.log /path/to/library

Enabling HTTPS

For the maximum security, we want to encrypt communications with the server. The easiest way to do it is by directly providing the path of the SSL/TLS certificate and of the private key, as arguments to the --ssl-certfile and -ssl-keyfile options, respectively. To obtain a valid certificate you may want to use Let’s encrypt. To just perform some tests, as an alternative, you may want to generate a self signed certificate. Once we obtained a certificate and a private key, we can run:

$ calibre-server --ssl-certfile=/path/to/certificate --ssl-keyfile=/path/to/keyfile /path/to/library

We can access the server using the same port we specified before, we just have to change the protocol to “https://” in the address.

Creating a systemd service for calibre-server

All the major Linux distributions adopted Systemd as their init system. If we want the Calibre server to be automatically started at boot, we need to create a service unit for it. Here is an example of a possible configuration.First of all, to avoid running the server as root, we can create a dedicated user:

$ sudo useradd --system --shell /usr/sbin/nologin calibre-server

With the command above we created a system user. Since system user are not meant to interactively login into the system, we set his shell to /usr/sbin/nologin. Now, we want to create the directory we will use to store the server logs, and assign its ownership to the “calibre-server” user and the “calibre-server” group:

$ sudo mkdir /var/log/calibre-server
$ sudo chown calibre-server:calibre-server /var/log/calibre-server

For a clean setup, we move our shared library to a global directory, let’s say we want to move it under /srv/calibre:

$ sudo mkdir /srv/calibre
$ sudo mv /path/to/library /srv/calibre

We move the user database, the SSL/TLS certificate and the corresponding private key, under the same directory:

$ sudo mv /path/to/database /srv/calibre
$ sudo mv /path/to/certificate.pem /path/to/privatekey.pem /srv/calibre

Finally, we assign ownership of this directory and all its sub-directories to the “calibre-server” user and “calibre-server” group:

$ sudo chown -R calibre-server:calibre-server /srv/calibre

We can now create the systemd service file as /etc/systemd/system/calibre-server.service:

Description=Start calibre content server

ExecStart=/usr/bin/calibre-server --userdb=/srv/calibre/database --enable-auth --access-log=/var/log/calibre-server/access_log --ssl-certfile=/srv/calibre/certificate.pem --ssl-keyfile=/sr
v/calibre/privatekey.pem /srv/calibre/library 


To start the service and automatically enable it at boot, we can run:

$ sudo systemctl enable --now calibre-server.service

Setting up the firewall

Once the server is up and running, to allow external access, we must allow traffic though the appropriate ports. How to proceed depends on what firewall manager we are using. When using UFW, for example, to allow traffic though port 8080 from anywhere, we would run:

$ sudo ufw allow 8080/tcp

If we are using firewalld, instead, to permanently allow traffic to the default zone, we would run:

$ sudo firewall-cmd --add-port 8080/tcp --permanent
$ sudo firewall-cmd --reload


In this tutorial we learned how to setup a calibre-server instance and share a Calibre library. We saw how to allow changes from local connections or from specific IP addresses, how to enable authentication, how to log access requests, and finally, how to create a Systemd service to automatically start the server at boot.

Comments and Discussions
Linux Forum