calibre-web-automated-book-downloader

calibre-web-automated-book-downloader

Docker app from Nodiaque's Repository

Overview

This template was replaced by Shelfmark. Please migrate to shelfmark. An intuitive web interface for searching and requesting book downloads, designed to work seamlessly with Calibre-Web-Automated. This project streamlines the process of downloading books and preparing them for integration into your Calibre library. You must have already setup Calibre-Web-Automated for this to work. It is an add-on to it. The docker CloudFlareBypassForScrapping isn't needed anymore and can be remove ✨ Features 🌐 User-friendly web interface for book search and download 🔄 Automated download to your specified ingest folder 🔌 Seamless integration with Calibre-Web-Automated 📖 Support for multiple book formats (epub, mobi, azw3, fb2, djvu, cbz, cbr) 🛡️ Cloudflare bypass capability for reliable downloads 🐳 Docker-based deployment for quick setup Note that PDF are NOT supported at the moment (they do not get ingested by CWA, but if you want to just download them locally, you can add pdf to the SUPPORTED_FORMATS env If you are a donator on AA, you can use your Key in AA_DONATOR_API_KEY to speed up downloads and bypass the wait times. If disabling the cloudflare bypass, you will be using alternative download hosts, such as libgen or z-lib, but they usually have a delay before getting the more recent books and their collection is not as big as aa's. But this setting should work for the majority of books. CLOUDFLARE_PROXY_URL is ignored if USE_CF_BYPASS is set to false

📚 Shelfmark: Book Search & Request Tool

Shelfmark

[!NOTE] This project is in a stable state as of May 2026 but is not under active maintenance.

Shelfmark is a self-hosted web interface for searching and requesting books and audiobooks across multiple sources. Bring your own sources, metadata providers, and download clients to build a single hub for your digital library. Supports multiple users with a built-in request system, so you can share your instance with others and let them browse and request books on their own.

Works great alongside the following library tools, with support for automatic imports:

✨ Features

  • One-Stop Interface - A clean, modern UI to search, browse, and download from multiple configured sources in one place
  • Multiple Sources - Configurable web, torrent, usenet, and IRC source support
  • Audiobook Support - Full audiobook search and download with dedicated processing
  • Flexible Search - Search metadata providers (Hardcover, Open Library, Google Books) for rich book and audiobook discovery, or query configured sources directly
  • Multi-User & Requests - Share your instance with others, let users browse and request books, and manage approvals with configurable notifications
  • Authentication - Built-in login, OIDC single sign-on, proxy auth, and Calibre-Web database support
  • Real-Time Progress - Unified download queue with live status updates across all sources
  • Network Flexibility - Configurable proxy support, DNS settings, and optional Cloudflare handling for protected sources

🖼️ Screenshots

Home screen Home screen

Search results Search results

Multi-source downloads Multi-source downloads

Download queue Download queue

🚀 Quick Start

Prerequisites

  • Docker & Docker Compose

Installation

  1. Download the docker-compose file:

    curl -O https://raw.githubusercontent.com/calibrain/shelfmark/main/compose/docker-compose.yml
    
  2. Start the service:

    docker compose up -d
    
  3. Open http://localhost:8084

Open the web interface, then configure the sources and settings you want to use.

Volume Setup

volumes:
  - /your/config/path:/config # Config, database, and artwork cache directory
  - /your/download/path:/books # Downloaded books
  - /client/path:/client/path # Optional: For Torrent/Usenet downloads, match your client directory exactly.

Tip: Point the download volume to your CWA or Grimmory ingest folder for automatic import.

Note: CIFS shares require nobrl mount option to avoid database lock errors.

Non-root container mode

  • Start the container as 1000:1000 with Docker user: "1000:1000" or docker run --user 1000:1000.
  • For Kubernetes, set runAsUser: 1000, runAsGroup: 1000, and runAsNonRoot: true together.
  • PUID/PGID keep the default root startup flow.
  • Mounted paths must already be writable by 1000:1000.
  • USING_TOR=true requires root startup.

⚙️ Configuration

Search Modes

Direct

  • Queries configured sources directly

Universal (recommended)

  • Search via metadata providers (Hardcover, Open Library, Google Books) for richer results
  • Aggregates releases from multiple configured sources
  • Full audiobook support

Environment Variables

Environment variables work for initial setup and Docker deployments. They serve as defaults that can be overridden in the web interface.

Variable Description Default
FLASK_PORT Web interface port 8084
INGEST_DIR Book download directory /books
TZ Container timezone UTC
PUID / PGID Runtime user/group for the default root-startup flow (also supports legacy UID/GID) 1000 / 1000
SEARCH_MODE direct or universal universal
USING_TOR Enable Tor routing (requires root startup) false
USING_WIREGUARD Enable WireGuard VPN egress with kill-switch (requires root startup) false
WIREGUARD_CONFIG Path to the mounted wg-quick config /config/wg0.conf
WIREGUARD_INTERFACE WireGuard interface name wg0
LAN_NETWORK Comma-separated CIDRs kept off the tunnel so the WebUI / internal clients stay reachable 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
WIREGUARD_ENFORCE_DNS Pin the resolver (via WIREGUARD_DNS, else the config's DNS =) so DNS can't silently fall back to an off-tunnel path. Designed for a trusted LAN resolver kept reachable via LAN_NETWORK (query leaves over the LAN; download still egresses via the tunnel) — it does not force queries through the tunnel. Docker's embedded resolver (127.0.0.11) is preserved when present so container-name resolution keeps working; pin its upstream via the container's dns: list. Fails closed if no resolver is available or /etc/resolv.conf is not writable. true
WIREGUARD_DNS Explicit resolver(s) to pin (comma/space separated). Use when the VPN's pushed DNS filters domains you need; point at a resolver reachable via the tunnel or an allowed LAN resolver. (unset; uses config DNS =)
WIREGUARD_DISABLE_IPV6 Strip IPv6 from the tunnel config (many container kernels lack the ip6tables raw table wg-quick needs) and remove IPv6 as a leak surface. true
WIREGUARD_ALLOW_IPV6_LEAK Escape hatch: continue even when an IPv6 kill-switch can't be installed AND IPv6 can't be disabled. Only set if the container has no IPv6 connectivity. false
WIREGUARD_ALLOW_WEBUI_OFFTUNNEL Opt-in off-tunnel WebUI reachability. Default (false) keeps the kill-switch strictly fail-closed: the only off-tunnel egress is loopback, the tunnel device and the LAN allowlist. Set true only if a non-LAN client (e.g. a public reverse proxy on another segment) must reach the WebUI; it permits app-server replies (--sport FLASK_PORT, conntrack REPLY) off-tunnel — server replies only, never client-initiated egress. LAN clients never need it (covered by LAN_NETWORK). false
WIREGUARD_STALE_AFTER Seconds since the last handshake before the healthcheck bounces the tunnel. 180

See the full Environment Variables Reference for all available options.

Some of the additional options available in Settings:

  • Prowlarr - Configure indexers and download clients to download books and audiobooks
  • Additional audiobook sources - Configure additional sources for audiobook discovery
  • IRC - Add details for IRC book sources and download directly from the UI
  • Library Link - Add a link to your Calibre-Web or Grimmory instance in the UI header
  • File processing - Customiseable download paths, file renaming and directory creation with template-based renaming
  • Network Settings - Custom proxy support (SOCKS5 + HTTP/S) and configurable DNS
  • Format & Language - Filter downloads by preferred formats, languages and sorting order
  • Metadata Providers - Configure API keys for Hardcover, Open Library, etc.

🐳 Docker Variants

Standard

docker compose up -d

The full-featured image with all network capabilities included.

Tor Routing

Optional Tor support for network privacy:

curl -O https://raw.githubusercontent.com/calibrain/shelfmark/main/compose/docker-compose.tor.yml
docker compose -f docker-compose.tor.yml up -d

Notes:

  • Requires root startup
  • Requires NET_ADMIN and NET_RAW capabilities
  • Timezone is auto-detected from Tor exit node
  • Custom DNS/proxy settings are ignored when Tor is active

WireGuard VPN Routing

Optional WireGuard support to route all external egress through a VPN tunnel with a fail-closed kill-switch:

curl -O https://raw.githubusercontent.com/calibrain/shelfmark/main/compose/docker-compose.wireguard.yml
# place your wg-quick config where the compose mounts /config, as wg0.conf
docker compose -f docker-compose.wireguard.yml up -d

Notes:

  • Requires root startup
  • Requires NET_ADMIN and NET_RAW capabilities
  • Mount a standard wg-quick config at WIREGUARD_CONFIG (default /config/wg0.conf)
  • All non-LAN egress is forced through the tunnel; if the tunnel drops, external traffic fails closed while LAN ranges (WebUI, Prowlarr, qBittorrent) stay reachable
  • IPv4 and IPv6 both fail closed. On kernels without a usable ip6tables, disable IPv6 for the container (sysctls: net.ipv6.conf.all.disable_ipv6=1, as in the compose example) or the container refuses to start rather than risk an IPv6 leak
  • A supervised healthcheck bounces the tunnel if the handshake goes stale, and refreshes the endpoint allow rules so a roaming/rotated peer endpoint can reconnect
  • Mutually exclusive with USING_TOR
  • DNS trust: WIREGUARD_DNS must be a resolver you trust on a trusted network segment. When it is a LAN resolver (kept reachable off-tunnel by LAN_NETWORK), the query to that resolver leaves as plaintext UDP/53 on the LAN — the resolver is responsible for encrypting upstream. Two resolver paths exist: (1) when Docker's embedded resolver (127.0.0.11) is present it is preserved so container names (Prowlarr, qBittorrent) resolve — you MUST pin its upstream to a trusted resolver via the container's compose dns: list, since WIREGUARD_DNS cannot repoint the embedded resolver from inside the container; (2) otherwise WIREGUARD_DNS/the config DNS = line is written to /etc/resolv.conf. Setting WIREGUARD_ENFORCE_DNS=false is a foot-gun: with no embedded resolver present the container then uses its inherited resolver, which forwards to the Docker daemon's upstream off-tunnel, leaking your DNS. Leave enforcement on unless you have pinned the resolver another way.

Lite

A lighter image without the built-in browser automation. Ideal for:

  • External services - Already running FlareSolverr or similar for other applications
  • Alternative sources - Using Prowlarr, IRC, or other configured sources
  • Audiobooks - Using Shelfmark primarily for audiobooks
curl -O https://raw.githubusercontent.com/calibrain/shelfmark/main/compose/docker-compose.lite.yml
docker compose -f docker-compose.lite.yml up -d

If you need browser-based access with the Lite image, configure an external resolver in Settings.

🔐 Authentication

Authentication is optional but recommended for shared or exposed instances. Multiple authentication methods are available in Settings:

1. Single Username/Password

2. Proxy (Forward) Authentication

Proxy auth trusts headers set by your reverse proxy (e.g. X-Auth-User). Ensure Shelfmark is not directly exposed, and configure your proxy to strip/overwrite these headers for all inbound requests.

3. OIDC (OpenID Connect)

Integrate with your identity provider (Authelia, Authentik, Keycloak, etc.) for single sign-on. Supports PKCE flow, auto-discovery, group-based admin mapping, and auto-provisioning of new users.

4. Calibre-Web Database

If you're running Calibre-Web, you can reuse its user database by mounting it:

volumes:
  - /path/to/calibre-web/app.db:/auth/app.db:ro

Multi-User Support

With any authentication method enabled, Shelfmark supports multi-user management with admin/user roles. Users can have per-user settings for download destinations, email recipients, and notification preferences. Non-admin users only see their own downloads and can submit book requests for admin review. Admins can configure request policies per source to control whether users can download directly, must submit a request, or are blocked entirely.

Project Scope

Shelfmark is a manual search and download tool, the entry point to your book library, not a library manager. It finds books, downloads them, and sends them to a configured destination. That's the full scope.

Shelfmark intentionally does not:

  • Track or manage your library - it doesn't know or care what you already own
  • Integrate with library software - what happens after delivery is up to your library tool
  • Monitor authors, series, or new releases - there is no background automation
  • Queue future downloads - if a book isn't available now, Shelfmark won't watch for it

These are non-goals, not missing features.

Contributing

Shelfmark's core feature set is complete. Development focuses on stability, bug fixes, quality-of-life improvements, and refining the search experience. Contributions in these areas are welcome, please file issues or submit pull requests on GitHub.

Feature requests that fall outside the project scope (library integration, automation, collection management) will be closed. If you're unsure whether something fits, open a discussion first.

Health Monitoring

The application exposes a health endpoint at /api/health (no authentication required). Add a health check to your compose:

healthcheck:
  test: ["CMD", "curl", "-sf", "http://localhost:8084/api/health"]
  interval: 30s
  timeout: 30s
  retries: 3

Logging

Logs are available via:

  • docker logs <container-name>
  • /var/log/shelfmark/ inside the container (when ENABLE_LOGGING=true)

Log level is configurable via Settings or LOG_LEVEL environment variable.

Development

# Quality checks
make checks              # Run ALL static analysis (frontend + Python)
make python-checks       # Run Ruff, BasedPyright, and Vulture
make install-python-dev  # Sync Python runtime + dev tools with uv

# Frontend development
make install     # Install dependencies
make dev         # Start Vite dev server (localhost:5173)
make build       # Production build
make frontend-typecheck  # TypeScript checks

# Backend (Docker)
make up          # Start backend via docker-compose.dev.yml
make down        # Stop services
make refresh     # Rebuild and restart
make restart     # Restart container

The frontend dev server proxies to the backend on port 8084.

License

MIT License - see LICENSE for details.

⚠️ Disclaimer

Shelfmark is a search interface that displays results from external metadata providers and sources. It does not host, store, or distribute any content. The developers are not responsible for how the tool is used or what is accessed through it.

Users are solely responsible for:

  • Ensuring they have the legal right to download any material they access
  • Complying with copyright laws and intellectual property rights in their jurisdiction
  • Understanding and accepting the terms of any sources they configure

Use of this tool is entirely at your own risk.

Support

For issues or questions, please file an issue on GitHub.

Install calibre-web-automated-book-downloader on Unraid in a few clicks.

Find calibre-web-automated-book-downloader in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for calibre-web-automated-book-downloader Review the template variables and paths Click Install

Related apps

Explore more like this

Explore all

Details

Repository
ghcr.io/calibrain/calibre-web-automated-book-downloader:latest
Last Updated2026-07-17
First Seen2025-01-07

Runtime arguments

Web UI
http://[IP]:[PORT:8084]
Network
bridge
Shell
bash
Privileged
false

Template configuration

AppdataPathrw

Appdata folder

Target
/var/log/cwa-book-downloader
Default
/mnt/user/appdata/calibre-web-automated-book-downloader/
Value
/mnt/user/appdata/calibre-web-automated-book-downloader/
Container External PortVariable

Container external port. Follow FLASK PORT. Default: 8084

Target
PORT
Default
8084
Value
8084
FLASK PORTPorttcp

Default: 8084

Target
8084
Default
8084
Value
8084
FLASK_PORTVariable

FLASK port. If you change this, you need to recreate the

Default
8084
Value
8084
FLASK_HOSTVariable

Web interface binding. Default: 0.0.0.0

Default
0.0.0.0
Value
0.0.0.0
Calibre Web Automated Import FolderPathrw

Mount should align with your Calibre-Web-Automated ingest folder.

Target
/cwa-book-ingest
Default
/mnt/user/calibre_library/import/
Value
/mnt/user/calibre_library/import/
Download dir (host)Variable

Download directory inside the docker. Default: /cwa-book-ingest. If you change this, you must change the path for 'Calibre Web Automated Import Folder'

Target
INGEST_DIR
Default
/cwa-book-ingest
Value
/cwa-book-ingest
USE_CF_BYPASSVariable

Disable CF bypass and use alternative links instead. Default: true

Default
false
Value
false
MAX_RETRYVariable

Maximum download retry attempts. Default: 3

Default
3
Value
3
DEFAULT_SLEEPVariable

Retry delay (seconds). Default: 5

Default
5
Value
5
MAIN_LOOP_SLEEP_TIMEVariable

Processing loop delay (seconds)

Default
5
Value
5
SUPPORTED_FORMATSVariable

Supported book formats. PDF is currently not supported. Default: epub,mobi,azw3,fb2,djvu,cbz,cbr

Default
epub,mobi,azw3,fb2,djvu,cbz,cbr
Value
epub,mobi,azw3,fb2,djvu,cbz,cbr
BOOK_LANGUAGEVariable

Preferred language for books. Default: en

Default
en
Value
en
Calibre-Web's databaseVariable

Used to enable authentication to the web gui using the same user/pass as calibre. Remove to disable authentication. MUST NOT BE EMPTY

Target
CWA_DB_PATH
AA_BASE_URLVariable

Base URL of Annas-Archive (could be changed for a proxy). Default: https://annas-archive.org

Default
https://annas-archive.org
Value
https://annas-archive.org
AA_DONATOR_KEYVariable

Optional Donator key for Anna's Archive fast download API

Use Book TitleVariable

Use book title as filename instead of ID

Target
USE_BOOK_TITLE
Default
false
Value
false
DEBUGVariable

Debug mode toggle. Default: false

Default
false
Value
false
AA Additional URLVariable

Proxy URLs for AA, comma separated. Default empty

Target
AA_ADDITIONAL_URLS
HTTP ProxyVariable

HTTP PRoxy URL

Target
HTTP_PROXY
HTTPS ProxyVariable

HTTPS proxy URL

Target
HTTPS_PROXY
Custom DNSVariable

Custom DNS IP

Target
CUSTOM_DNS
USE DOHVariable

Use DNS over HTTPS

Target
USE_DOH
Default
false
Value
false
Custom ScriptVariable

Path to an executable script that runs after each download before the file is moved to ingest directory

Target
CUSTOM_SCRIPT
UIDVariable
Default
99
Value
99
GIDVariable
Default
100
Value
100
Log LevelVariable

DEBUG | INFO | WARNING | ERROR | CRITICAL

Target
LOG_LEVEL
Default
info
Value
LOG_LEVEL
LoggingVariable

Enable log file in /var/log/cwa-book-downloader

Target
ENABLE_LOGGING
Default
true
Value
true