title: “Self-Hosting MyBibliotheca: A Family Reading Tracker Without Docker” date: 2025-08-09 description: “Complete guide to installing MyBibliotheca on a Debian NAS with systemd, nginx reverse proxy, and maximum security hardening - no Docker required.” tags: [“self-hosting”, “books”, “family”, “debian”, “nginx”, “systemd”] categories: [“tutorials”, “self-hosting”]

Warning : this post has been generated by claude llm, after installing it myself going through trial and errors.

Looking for a simple, privacy-focused way to track your family’s reading habits? MyBibliotheca is an excellent self-hosted alternative to Goodreads that’s perfect for families. Unlike most guides that rely on Docker, this tutorial shows you how to install it directly on Debian with some security hardening.

Why MyBibliotheca?

MyBibliotheca offers exactly what families need:

  • ISBN scanning for easy book addition
  • Reading progress tracking with visual streaks
  • Clean, kid-friendly interface without social media complexity
  • Parent monitoring through shared web access
  • Privacy-first - your data stays on your server

Prerequisites

  • Debian-based server/NAS
  • Nginx with reverse proxy capability
  • Basic command line familiarity
  • Domain name or subdomain for access

Step 1: Create Dedicated System User

Create a secure, isolated user for the application:

# Create system user with home directory
sudo useradd --system --create-home --shell /bin/bash mybibliotheca

Step 2: Install Application

Note : I used asdf to install a local version of python (python 3.13.6), which solved some issue with pip install

# Switch to the new user
sudo su - mybibliotheca

# Clone the repository
git clone https://github.com/pickles4evaaaa/mybibliotheca.git
cd mybibliotheca

# Create virtual environment
python3 -m venv venv
source venv/bin/activate

# Install dependencies
pip install -r requirements.txt

# Install gunicorn for production serving
pip install gunicorn

# Setup data directory and database
python3 setup_data_dir.py

# Test the installation (optional)
gunicorn -w 2 -b 127.0.0.1:5054 run:app
# Press Ctrl+C to stop after confirming it works

# Exit back to root user
exit

Step 3: Create Systemd Service

Create the service file with maximum security hardening:

sudo nano /etc/systemd/system/mybibliotheca.service

Add this configuration:

[Unit]
Description=MyBibliotheca Personal Library Tracker
After=network.target

[Service]
Type=simple
User=mybibliotheca
Group=mybibliotheca
WorkingDirectory=/home/mybibliotheca/mybibliotheca
Environment=PATH=/home/mybibliotheca/mybibliotheca/venv/bin
Environment=VIRTUAL_ENV=/home/mybibliotheca/mybibliotheca/venv
Environment=TIMEZONE=Europe/Helsinki
ExecStart=/home/mybibliotheca/mybibliotheca/venv/bin/gunicorn -w 2 -b 127.0.0.1:5054 run:app
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal

# Maximum security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictSUIDSGID=true
RestrictRealtime=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
ProtectSystem=strict
ReadWritePaths=/home/mybibliotheca/mybibliotheca/data
PrivateDevices=true
ProtectHostname=true
ProtectClock=true

[Install]
WantedBy=multi-user.target

Step 4: Enable and Start Service

# Reload systemd daemon
sudo systemctl daemon-reload

# Enable service to start on boot
sudo systemctl enable mybibliotheca

# Start the service
sudo systemctl start mybibliotheca

# Verify it's running
sudo systemctl status mybibliotheca

Step 5: Configure Nginx Reverse Proxy

For a subdomain setup, create a new nginx configuration:

sudo nano /etc/nginx/sites-available/mybibliotheca

Add this configuration (replace books.yourdomain.com with your subdomain):

server {
    listen 80;
    server_name books.yourdomain.com;
    
    location / {
        proxy_pass http://127.0.0.1:5054;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Handle WebSocket connections
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # Increased timeouts for book metadata fetching
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_send_timeout 300;
    }
}

Enable the site and reload nginx:

# Enable the site
sudo ln -s /etc/nginx/sites-available/mybibliotheca /etc/nginx/sites-enabled/

# Test nginx configuration
sudo nginx -t

# Reload nginx
sudo systemctl reload nginx

If you’re using Let’s Encrypt with certbot:

sudo certbot --nginx -d books.yourdomain.com

Initial Setup

  1. Navigate to https://books.yourdomain.com in your browser
  2. Complete the one-time setup form:
    • Choose an admin username
    • Provide an admin email
    • Set a secure password
  3. Start adding books by ISBN!

Management and Maintenance

Service Management

# Check service status
sudo systemctl status mybibliotheca

# View real-time logs
sudo journalctl -u mybibliotheca -f

# Restart service
sudo systemctl restart mybibliotheca

Updates

# Switch to application user
sudo su - mybibliotheca
cd mybibliotheca

# Backup database first
cp data/books.db data/books.db.backup

# Pull updates
git pull

# Activate virtual environment and update dependencies
source venv/bin/activate
pip install -r requirements.txt

# Exit back to root
exit

# Restart service
sudo systemctl restart mybibliotheca

Backup Strategy

# Simple backup command (add to cron for automation)
sudo cp /home/mybibliotheca/mybibliotheca/data/books.db /your-backup-location/books-$(date +%Y%m%d).db

Security Features

This setup provides enterprise-grade security hardening:

  • Process isolation with dedicated system user
  • Filesystem protection with read-only system access
  • Network isolation bound only to localhost
  • Kernel protection against privilege escalation
  • Memory protection against code injection
  • Device isolation from physical hardware

Resource Usage

MyBibliotheca is reasonably lightweight:

  • RAM: 164 MB
ps -u mybibliotheca --no-headers -o rss | awk '{sum+=$1} END {print sum/1024 " MB"}'
163.703 MB
  • Storage: <100MB total
  • CPU: Minimal (only during page loads)

Family-Friendly Features

  • ISBN scanning: Kids just type the barcode number
  • Visual progress: Book covers and reading streaks
  • Simple interface: No social features to confuse young users
  • Parent visibility: Monitor all reading activity
  • Monthly wrap-ups: Generate shareable reading achievements

Conclusion

(edited) MyBibliotheca might be a good fit for my needs. I’m happy with this bare metal approach, instead of docker which has betrayed me more than once