Calibre with password enters browser refresh loop

trolley · 23 August 2025 14:47

I’ve tried to turn on basic HTTP auth for my Calibre container by adding PASSWORD env var but when I do my browser goes into a refresh loop after I’ve provided the username and password.

My compose file:

services:
  calibre:
    container_name: calibre
    environment:
      PASSWORD: "abc"
      PGID: "${PGID}"
      PUID: "${PUID}"
      TZ: "${TZ}"
    hostname: calibre
    image: lscr.io/linuxserver/calibre
    labels:
      - swag=enable
    restart: unless-stopped
    volumes:
      - type: bind
        source: ${VOLUME_CONFIG}/calibre
        target: /config
        bind:
          create_host_path: true

Once I add the PASSWORD the behaviour I see is that the first time I load the page I get the auth dialog where I enter the username/password and submit it, the page reloads, and I’m prompted for the username/password again but it just reloads the page automatically over and over.

I will attach logs as soon as I can.

TheLamer · 23 August 2025 14:53

As you are not forwarding any ports there has to be another layer here what are you putting in front of it ?

I cannot replicate given the information you have provided.

trolley · 23 August 2025 15:03

Sorry, I forgot to include my Swag config. I have each container in its own YAML file then include them all in the main compose.yaml:

swag-compose.yaml is:

services:
  swag:
    cap_add:
      - NET_ADMIN
    container_name: swag
    environment:
      CF_ACCOUNT_ID: "${SWAG_CF_ACCOUNT_ID}"
      CF_API_TOKEN: "${SWAG_CF_API_TOKEN}"
      CF_TUNNEL_NAME: "swag"
      CF_TUNNEL_PASSWORD: "${SWAG_CF_TUNNEL_PASSWORD}"
      CF_ZONE_ID: "${SWAG_CF_ZONE_ID}"
      DNSPLUGIN: "cloudflare"
      DOCKER_MODS: "linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared|linuxserver/mods:swag-imagemagick|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-cloudflare-real-ip"
      DOCKER_HOST: "docker-socket-proxy"
      EMAIL: "***"
      FILE__CF_TUNNEL_CONFIG: "/config/tunnelconfig.yml"
      PGID: "${PGID}"
      PUID: "${PUID}"
      SUBDOMAINS: "wildcard"
      SWAG_AUTORELOAD: "true"
      TUNNEL_METRICS: "0.0.0.0:60123"
      TZ: "${TZ}"
      URL: "***"
      VALIDATION: "dns"
    extra_hosts:
      - ***:127.0.0.1
    healthcheck:
      test: ["CMD", "cloudflared", "tunnel", "--metrics=localhost:60123", "ready"]
    hostname: swag
    image: lscr.io/linuxserver/swag
    labels:
      - deunhealth.restart.on.unhealthy=true
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    volumes:
      - type: bind
        source: ${VOLUME_CONFIG}/modcache
        target: /modcache
        read_only: true
      - type: bind
        source: ${VOLUME_CONFIG}/swag
        target: /config
        bind:
          create_host_path: true

And my compose.yaml is like:

include
    - calibre-compose.yaml
    - swag-compose.yaml
    …

TheLamer · 23 August 2025 15:07

you don’t do auth at the container level you do it at the swag level. You should read up here

trolley · 23 August 2025 15:11

Got it, thanks. I had used basic HTTP auth in some other containers and assumed it would work in Calibre as well. I’ll review the docs.