Installation

Preparation:

sudo apt install python3-pip python3-setuptools python3-wheel
sudo useradd -d /home/radicale -m -s $(which nologin) -U radicale
sudo -u radicale /bin/bash

Download and install^[1] via pip:

python -m pip install --upgrade radicale
python -m pip install --upgrade radicale[bcrypt]                                            # For bcrypt passwords

If all goes well, we now have radicale installed:

$ .local/bin/radicale --version
2.1.11

Configure^[2] with:

python -m radicale --config "" --storage-filesystem-folder=${HOME}/.var/lib/radicale/collections

We should now have radicale running on localhost:5232!

Configuration

Simple

Create users:

htpasswd -B -c ~/.config/radicale/users admin
htpasswd -B    ~/.config/radicale/users jane

And a configuration file:

$ cat .config/radicale/config
[auth]
type = htpasswd
htpasswd_filename = /home/radicale/.config/radicale/users
htpasswd_encryption = bcrypt
delay = 1

[server]
hosts = localhost:5232
max_connections = 20
max_content_length = 100000000
timeout = 30

[storage]
filesystem_folder = /home/radicale/.var/lib/radicale/collections

[logging]
debug = false

Reverse Proxy

Create users:

htpasswd -B -c /etc/apache2/htpasswd.radicale admin
htpasswd -B    /etc/apache2/htpasswd.radicale jane

Add the proxy configuration^[3], for Apache:

       RewriteRule ^/radicale$ /radicale/ [R,L]
       <Location "/radicale/">
               AuthType         Basic
               AuthName         "Radicale - Password Required"
               AuthUserFile     /etc/apache2/htpasswd.radicale
               Require          valid-user

               ProxyPass        http://localhost:5232/ retry=0
               ProxyPassReverse http://localhost:5232/
               RequestHeader    set X-Script-Name /radicale/
               RequestHeader    set X-Remote-User expr=%{REMOTE_USER}
       </Location>

Adjust our radicale configuration somewhat:

$ cat .config/radicale/config
[auth]
type = http_x_remote_user
delay = 1
.
.
.
[rights]
file = /home/radicale/.config/radicale/rights

$ cat .config/radicale/rights
[owner-write]
user = .+
collection = %(login)s(/.*)?
permission = rw

Reverse Proxy with TLS

We can setup Radicale to do the TLS part on its own.

Create keys and certificates:

umask 0066
SUBJECT='/C=CA/ST=QC/L=Montreal/O=None/OU=None/CN=localhost/emailAddress=radicale@localhost'

openssl req -x509 -sha512 -newkey rsa:4096 -subj $SUBJECT -nodes -days 36500 -keyout .config/ssl/server_key.pem -out .config/ssl/server_cert.pem
openssl req -x509 -sha512 -newkey rsa:4096 -subj $SUBJECT -nodes -days 36500 -keyout .config/ssl/client_key.pem -out .config/ssl/client_cert.pem

Adjust configuration

cat .config/radicale/config
[server]
.
.
.
ssl = true
certificate = /home/radicale/.config/ssl/server_cert.pem
key         = /home/radicale/.config/ssl/server_key.pem
certificate_authority = /home/radicale/.config/ssl/client_cert.pem

Apache config:

TBD

Mozilla Lightning

When using Lightning be sure to adjust the email address for each calendar so invitation responses^[4] are sent from the correct address.

Links

radicale.org

References

[1] Radicale: Download

[2] Radicale: Tutorial

[3] Radicale: Reverse Proxy

[4] Server side meeting invitations #254

[1]

[2]

[3]

[4]

Radicale

Contents