Applications Azure

Calibre-Web on Ubuntu 24.04 on Azure User Guide

| Product: Calibre-Web on Ubuntu 24.04 LTS on Azure

Overview

Calibre-Web is a clean, modern, open source web interface for browsing, reading and downloading the books in a Calibre ebook library. From an ordinary browser you get an in browser reader, full text search, custom shelves, per user accounts, Kobo sync and an OPDS feed so dedicated reading apps can pull straight from your library. It is the distinct web frontend project, separate from the Calibre desktop application. The cloudimg image serves Calibre-Web 0.6.26 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The application server listens only on the loopback interface (127.0.0.1:8083) and nginx serves it on port 80. An empty Calibre library is already initialised, so there is no first run setup wizard: you sign in and start uploading books. A unique administrator password is generated on the first boot of every VM and written to a root only file, so no shared or default login ever ships in the image. Backed by 24/7 cloudimg support.

What is included:

  • Calibre-Web 0.6.26 served behind nginx, managed by systemd
  • The Calibre-Web web interface on :80 with authentication required from the first request
  • A per VM administrator password generated on first boot and recorded in a root only file
  • An empty Calibre library pre initialised at /var/lib/calibre-web/library, with the settings database pre seeded so no setup wizard appears
  • The calibredb command line tools for managing the library from the shell
  • The application server bound to 127.0.0.1:8083 only, never exposed directly to the network
  • A dedicated Azure data disk at /var/lib/calibre-web for the library and the settings database
  • calibre-web.service and nginx.service as enabled systemd units
  • An OPDS feed at /opds for dedicated reading apps
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for larger libraries or more concurrent readers. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web interface. Calibre-Web serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The application server is never exposed directly: it listens on 127.0.0.1:8083 only, so port 8083 stays off the network.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Calibre-Web by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name calibre-web \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

Then open port 80 to the web interface:

az vm open-port --resource-group <your-rg> --name calibre-web --port 80

Step 3 - Confirm the services are running

SSH in as azureuser and confirm Calibre-Web and nginx are active. Note that the application server listens only on 127.0.0.1:8083 while nginx serves the web interface on port 80.

systemctl is-active calibre-web nginx calibre-web-firstboot
sudo ss -tlnp | grep -E ':80 |:8083 ' | sed 's/  */ /g'

The calibre-web, nginx and calibre-web-firstboot services active, with nginx on port 80 and the Calibre-Web server bound to loopback 127.0.0.1:8083

Step 4 - Retrieve the per VM administrator password

Every VM generates its own administrator password on first boot and writes it, along with the login user and URL, to a root only credentials file. Read it with sudo:

sudo cat /root/calibre-web-credentials.txt

The per VM Calibre-Web credentials file, showing the admin user, the generated password and the site URL

You sign in to Calibre-Web with username admin and the calibre-web.admin.pass value from this file. You can prove the login works from the command line by round tripping a sign in through nginx with those credentials:

PASS=$(sudo grep '^calibre-web.admin.pass=' /root/calibre-web-credentials.txt | cut -d= -f2-); J=$(mktemp); CSRF=$(curl -s -c "$J" http://127.0.0.1/login | grep -oE 'name="csrf_token"[^>]*value="[^"]+"' | grep -oE 'value="[^"]+"' | head -1 | sed 's/value="//;s/"//'); curl -s -o /dev/null -w 'login HTTP %{http_code}\n' -L -b "$J" -c "$J" --data-urlencode "csrf_token=$CSRF" --data-urlencode 'username=admin' --data-urlencode "password=$PASS" --data-urlencode 'submit=' http://127.0.0.1/login; rm -f "$J"

Step 5 - Sign in to Calibre-Web

Browse to http://<vm-public-ip>/. Calibre-Web opens on its sign in screen. Enter username admin and the password from Step 4.

The Calibre-Web sign in page, protected by the per VM administrator password

Once signed in you land on the library. From the BROWSE sidebar you can list books, browse by author, series, category, publisher, language and rating, and use Discover to jump to a random selection. Because the library ships empty, this is where your books appear once you upload them.

The Calibre-Web library view after sign in, with the browse sidebar and the search and upload toolbar

Step 6 - Upload and read your books

Use the Upload button in the top toolbar to add EPUB, PDF, MOBI and other ebook files. Calibre-Web adds them to the library, extracts metadata and cover art, and lets you read them in the browser or download them. You can also manage the library on the command line with the bundled calibredb tool, which operates on the library directory on the data disk:

calibredb --with-library /var/lib/calibre-web/library list

Step 7 - Add scoped user accounts

Open Admin then Add New User to create additional accounts. Each user has its own permissions (view, download, upload, edit) and visibility settings, so a household or team can share one instance while keeping administrative control with you.

The Calibre-Web Add New User form under Administration, where scoped user accounts are created

Step 8 - Administration

The Admin page lists your users and their permissions, the email server settings used for send to eReader, and the core configuration including the Calibre library directory, the listening port and whether uploads are enabled. From here you manage users, edit the library configuration and review scheduled tasks.

The Calibre-Web Administration page, showing the users table, email server settings and the library configuration

Step 9 - Verify the stack

Confirm the Calibre-Web version, that the services are enabled, the web interface responds through nginx, and the dedicated data disk mount:

/opt/calibre-web/venv/bin/python -c "import importlib.metadata as m; print('Calibre-Web', m.version('calibreweb'))"
systemctl is-enabled calibre-web nginx
curl -sI http://127.0.0.1/ | head -1
findmnt -no SOURCE,TARGET,FSTYPE /var/lib/calibre-web

The Calibre-Web 0.6.26 version, the enabled calibre-web and nginx units, the web interface redirecting to the sign in page, and the dedicated ext4 data disk mount

Step 10 - Where your data lives

The Calibre library and the Calibre-Web settings database both live on a dedicated Azure data disk mounted at /var/lib/calibre-web, separate from the OS disk. This disk is captured into the image and re provisioned on every VM. Confirm the mount and the free space:

df -h /var/lib/calibre-web | tail -1
sudo ls -la /var/lib/calibre-web/library | head

Step 11 - The OPDS feed

Calibre-Web publishes an OPDS catalogue at /opds so dedicated reading apps (KOReader, Moon+ Reader, Marvin and others) can browse and download straight from your library. Point your reader at http://<vm-public-ip>/opds and sign in with your Calibre-Web username and password.

Security notes

  • Calibre-Web serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks. A common approach is certbot with your-domain on a front end proxy.
  • The application server listens on 127.0.0.1:8083 only and is never exposed directly; only nginx on port 80 faces the network.
  • Authentication is required from the first request. The per VM administrator password lives in /root/calibre-web-credentials.txt, readable only by root. Sign in and change it from your profile if you wish, and keep a copy somewhere safe.
  • Create scoped, least privilege user accounts for readers rather than sharing the administrator login.
  • Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.

Support

cloudimg images come with 24/7 support. If you have any questions about this Calibre-Web image or need help with your deployment, contact us through the cloudimg website.