Radicale

From Segfault
Jump to navigation Jump to search

Installation

Preparation:

sudo apt install python3-pip python3-setuptools python3-wheel
sudo useradd -d /home/radicale -m -s `which nologin` -U radicale
sudo -u radicale /bin/bash

Download and install[1] via pip:

python3 -m pip install --upgrade radicale
python3 -m pip install --upgrade radicale[bcrypt]                                            # For bcrypt passwords

If all goes well, we now have radicale installed:

$ .local/bin/radicale --version
2.1.11

Configure[2] with:

python3 -m radicale --config "" --storage-filesystem-folder=$HOME/.var/lib/radicale/collections

We should now have radicale running on localhost:5232!

Configuration

Simple

Create users:

htpasswd -B -c ~/.config/radicale/users admin
htpasswd -B    ~/.config/radicale/users jane

And a configuration file:

$ cat .config/radicale/config
[auth]
type = htpasswd
htpasswd_filename = /home/radicale/.config/radicale/users
htpasswd_encryption = bcrypt
delay = 1

[server]
hosts = localhost:5232
max_connections = 20
max_content_length = 100000000
timeout = 30

[storage]
filesystem_folder = /home/radicale/.var/lib/radicale/collections
[logging]
debug = false

Reverse Proxy

Create users:

htpasswd -B -c /etc/apache2/htpasswd.radicale admin
htpasswd -B    /etc/apache2/htpasswd.radicale jane

Add the proxy configuration[3], for Apache:

       RewriteRule ^/radicale$ /radicale/ [R,L]
       <Location "/radicale/">
               AuthType         Basic
               AuthName         "Radicale - Password Required"
               AuthUserFile     /etc/apache2/htpasswd.radicale
               Require          valid-user
               ProxyPass        http://localhost:5232/ retry=0
               ProxyPassReverse http://localhost:5232/
               RequestHeader    set X-Script-Name /radicale/
               RequestHeader    set X-Remote-User expr=%{REMOTE_USER}
       </Location>

Adjust our radicale configuration somewhat:

$ cat .config/radicale/config
[auth]
type = http_x_remote_user
delay = 1
.
.
.
[rights]
file = /home/radicale/.config/radicale/rights
$ cat .config/radicale/rights
[owner-write]
user = .+
collection = %(login)s(/.*)?
permission = rw

Reverse Proxy with SSL

Create keys and certificates:

umask 0066
SUBJECT='/C=CA/ST=QC/L=Montreal/O=None/OU=None/CN=localhost/emailAddress=radicale@localhost'

openssl req -x509 -sha512 -newkey rsa:4096 -subj $SUBJECT -nodes -days 36500 -keyout .config/ssl/server_key.pem -out .config/ssl/server_cert.pem
openssl req -x509 -sha512 -newkey rsa:4096 -subj $SUBJECT -nodes -days 36500 -keyout .config/ssl/client_key.pem -out .config/ssl/client_cert.pem

Adjust configuration

cat .config/radicale/config
[server]
.
.
.
ssl = true
certificate = /home/radicale/.config/ssl/server_cert.pem
key         = /home/radicale/.config/ssl/server_key.pem
certificate_authority = /home/radicale/.config/ssl/client_cert.pem

Apache config:

TBD

Mozilla Lightning

When using Lightning be sure to adjust the email address for each calendar so invitation responses[4] are sent from the correct address.

Mozilla-lightning.png

Links

References