Sign in Subscribe
Project Journal

Audiobookshelf Setup & Secure Online Access

dean

2 min read
Audiobookshelf Setup & Secure Online Access

Summary

To expand our home server’s functionality, we recently installed Audiobookshelf, a self-hosted audiobook and podcast manager with a clean interface, multi-user support, and full playback tracking.

While installing the container was easy, getting it securely online took a bit of configuration work. This post documents what we did — and what we plan to do next.

How We Installed It

We launched the container using:

docker run -d \
  --name audiobookshelf \
  -e PUBLIC_URL=https://[your-subdomain] \
  -v /mnt/Crucial1TB/audiobooks:/audiobooks \
  -v /mnt/Crucial1TB/abs-config:/config \
  -p 13378:80 \
  ghcr.io/advplyr/audiobookshelf
  • /mnt/Crucial1TB/audiobooks holds our audiobook collection
  • /mnt/Crucial1TB/abs-config stores persistent settings

Once up and running, Audiobookshelf was accessible internally at:

http://localhost:13378

Making It Public

To access Audiobookshelf from outside the network, we routed it through an existing Cloudflare Tunnel, mapping a subdomain to port 13378.

Steps:

  1. Created a DNS CNAME record for the subdomain pointing to the tunnel.
  2. Configured the tunnel to proxy local traffic to localhost:13378.
  3. Verified HTTPS and secure connection were active by default through Cloudflare.

No port forwarding. No public IP exposure.

Planned Security: Caddy Basic Auth

Right now, access is only protected by Audiobookshelf’s internal login — but we plan to add a Caddy reverse proxy with Basic Auth in front of the service.

This will:

  • Block unauthenticated requests before they even reach Audiobookshelf.
  • Prevent bots or scanners from accessing the login screen.

We’ll generate a secure password hash using Caddy’s CLI:

caddy hash-password --plaintext "yourpassword"

Then embed that into a Caddyfile like this:

[your.subdomain.com] {
    reverse_proxy localhost:13378
    basicauth /* {
        username [hashed-password]
    }
}

This will prompt for credentials before anything loads — even the Audiobookshelf UI.

Reflection

This was one of our smoothest Docker deployments to date. Audiobookshelf:

  • Immediately scanned our existing audiobooks
  • Worked flawlessly on mobile using plappa
  • Had no third-party setup or account requirements

The UI is lightweight, polished, and perfect for streaming without needing a full Plex setup. We’re glad we chose it.

Next up: lock down the subdomain with Basic Auth (or possibly Cloudflare Access), and maybe review the access logs with Caddy’s built-in analytics.