Calibre-Web on Ubuntu 24.04 on Azure User Guide
Overview
Calibre-Web is a clean, modern, open source web interface for browsing, reading and downloading the books in a Calibre ebook library. From an ordinary browser you get an in browser reader, full text search, custom shelves, per user accounts, Kobo sync and an OPDS feed so dedicated reading apps can pull straight from your library. It is the distinct web frontend project, separate from the Calibre desktop application. The cloudimg image serves Calibre-Web 0.6.26 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The application server listens only on the loopback interface (127.0.0.1:8083) and nginx serves it on port 80. An empty Calibre library is already initialised, so there is no first run setup wizard: you sign in and start uploading books. A unique administrator password is generated on the first boot of every VM and written to a root only file, so no shared or default login ever ships in the image. Backed by 24/7 cloudimg support.
What is included:
- Calibre-Web 0.6.26 served behind nginx, managed by systemd
- The Calibre-Web web interface on
:80with authentication required from the first request - A per VM administrator password generated on first boot and recorded in a root only file
- An empty Calibre library pre initialised at
/var/lib/calibre-web/library, with the settings database pre seeded so no setup wizard appears - The
calibredbcommand line tools for managing the library from the shell - The application server bound to
127.0.0.1:8083only, never exposed directly to the network - A dedicated Azure data disk at
/var/lib/calibre-webfor the library and the settings database calibre-web.serviceandnginx.serviceas enabled systemd units- An OPDS feed at
/opdsfor dedicated reading apps - 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for larger libraries or more concurrent readers. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web interface. Calibre-Web serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The application server is never exposed directly: it listens on 127.0.0.1:8083 only, so port 8083 stays off the network.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Calibre-Web by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name calibre-web \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Then open port 80 to the web interface:
az vm open-port --resource-group <your-rg> --name calibre-web --port 80
Step 3 - Confirm the services are running
SSH in as azureuser and confirm Calibre-Web and nginx are active. Note that the application server listens only on 127.0.0.1:8083 while nginx serves the web interface on port 80.
systemctl is-active calibre-web nginx calibre-web-firstboot
sudo ss -tlnp | grep -E ':80 |:8083 ' | sed 's/ */ /g'

Step 4 - Retrieve the per VM administrator password
Every VM generates its own administrator password on first boot and writes it, along with the login user and URL, to a root only credentials file. Read it with sudo:
sudo cat /root/calibre-web-credentials.txt

You sign in to Calibre-Web with username admin and the calibre-web.admin.pass value from this file. You can prove the login works from the command line by round tripping a sign in through nginx with those credentials:
PASS=$(sudo grep '^calibre-web.admin.pass=' /root/calibre-web-credentials.txt | cut -d= -f2-); J=$(mktemp); CSRF=$(curl -s -c "$J" http://127.0.0.1/login | grep -oE 'name="csrf_token"[^>]*value="[^"]+"' | grep -oE 'value="[^"]+"' | head -1 | sed 's/value="//;s/"//'); curl -s -o /dev/null -w 'login HTTP %{http_code}\n' -L -b "$J" -c "$J" --data-urlencode "csrf_token=$CSRF" --data-urlencode 'username=admin' --data-urlencode "password=$PASS" --data-urlencode 'submit=' http://127.0.0.1/login; rm -f "$J"
Step 5 - Sign in to Calibre-Web
Browse to http://<vm-public-ip>/. Calibre-Web opens on its sign in screen. Enter username admin and the password from Step 4.

Once signed in you land on the library. From the BROWSE sidebar you can list books, browse by author, series, category, publisher, language and rating, and use Discover to jump to a random selection. Because the library ships empty, this is where your books appear once you upload them.

Step 6 - Upload and read your books
Use the Upload button in the top toolbar to add EPUB, PDF, MOBI and other ebook files. Calibre-Web adds them to the library, extracts metadata and cover art, and lets you read them in the browser or download them. You can also manage the library on the command line with the bundled calibredb tool, which operates on the library directory on the data disk:
calibredb --with-library /var/lib/calibre-web/library list
Step 7 - Add scoped user accounts
Open Admin then Add New User to create additional accounts. Each user has its own permissions (view, download, upload, edit) and visibility settings, so a household or team can share one instance while keeping administrative control with you.

Step 8 - Administration
The Admin page lists your users and their permissions, the email server settings used for send to eReader, and the core configuration including the Calibre library directory, the listening port and whether uploads are enabled. From here you manage users, edit the library configuration and review scheduled tasks.

Step 9 - Verify the stack
Confirm the Calibre-Web version, that the services are enabled, the web interface responds through nginx, and the dedicated data disk mount:
/opt/calibre-web/venv/bin/python -c "import importlib.metadata as m; print('Calibre-Web', m.version('calibreweb'))"
systemctl is-enabled calibre-web nginx
curl -sI http://127.0.0.1/ | head -1
findmnt -no SOURCE,TARGET,FSTYPE /var/lib/calibre-web

Step 10 - Where your data lives
The Calibre library and the Calibre-Web settings database both live on a dedicated Azure data disk mounted at /var/lib/calibre-web, separate from the OS disk. This disk is captured into the image and re provisioned on every VM. Confirm the mount and the free space:
df -h /var/lib/calibre-web | tail -1
sudo ls -la /var/lib/calibre-web/library | head
Step 11 - The OPDS feed
Calibre-Web publishes an OPDS catalogue at /opds so dedicated reading apps (KOReader, Moon+ Reader, Marvin and others) can browse and download straight from your library. Point your reader at http://<vm-public-ip>/opds and sign in with your Calibre-Web username and password.
Security notes
- Calibre-Web serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks. A common approach is
certbotwith your-domain on a front end proxy. - The application server listens on
127.0.0.1:8083only and is never exposed directly; only nginx on port 80 faces the network. - Authentication is required from the first request. The per VM administrator password lives in
/root/calibre-web-credentials.txt, readable only by root. Sign in and change it from your profile if you wish, and keep a copy somewhere safe. - Create scoped, least privilege user accounts for readers rather than sharing the administrator login.
- Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.
Support
cloudimg images come with 24/7 support. If you have any questions about this Calibre-Web image or need help with your deployment, contact us through the cloudimg website.