Radicale
Jump to navigation
Jump to search
Installation
Preparation:
sudo apt install python3-pip python3-setuptools python3-wheel sudo useradd -d /home/radicale -m -s $(which nologin) -U radicale sudo -u radicale /bin/bash
Download and install[1] via pip:
python -m pip install --upgrade radicale python -m pip install --upgrade radicale[bcrypt] # For bcrypt passwords
If all goes well, we now have radicale
installed:
$ .local/bin/radicale --version 2.1.11
Configure[2] with:
python -m radicale --config "" --storage-filesystem-folder=${HOME}/.var/lib/radicale/collections
We should now have radicale
running on localhost:5232
!
Configuration
Simple
Create users:
htpasswd -B -c ~/.config/radicale/users admin
htpasswd -B ~/.config/radicale/users jane
And a configuration file:
$ cat .config/radicale/config [auth] type = htpasswd htpasswd_filename = /home/radicale/.config/radicale/users htpasswd_encryption = bcrypt delay = 1 [server] hosts = localhost:5232 max_connections = 20 max_content_length = 100000000 timeout = 30 [storage] filesystem_folder = /home/radicale/.var/lib/radicale/collections
[logging] debug = false
Reverse Proxy
Create users:
htpasswd -B -c /etc/apache2/htpasswd.radicale admin
htpasswd -B /etc/apache2/htpasswd.radicale jane
Add the proxy configuration[3], for Apache:
RewriteRule ^/radicale$ /radicale/ [R,L]
<Location "/radicale/">
AuthType Basic
AuthName "Radicale - Password Required"
AuthUserFile /etc/apache2/htpasswd.radicale
Require valid-user
ProxyPass http://localhost:5232/ retry=0 ProxyPassReverse http://localhost:5232/ RequestHeader set X-Script-Name /radicale/ RequestHeader set X-Remote-User expr=%{REMOTE_USER} </Location>
Adjust our radicale
configuration somewhat:
$ cat .config/radicale/config [auth] type = http_x_remote_user delay = 1 . . . [rights] file = /home/radicale/.config/radicale/rights
$ cat .config/radicale/rights [owner-write] user = .+ collection = %(login)s(/.*)? permission = rw
Reverse Proxy with TLS
We can setup Radicale to do the TLS part on its own.
Create keys and certificates:
umask 0066 SUBJECT='/C=CA/ST=QC/L=Montreal/O=None/OU=None/CN=localhost/emailAddress=radicale@localhost' openssl req -x509 -sha512 -newkey rsa:4096 -subj $SUBJECT -nodes -days 36500 -keyout .config/ssl/server_key.pem -out .config/ssl/server_cert.pem openssl req -x509 -sha512 -newkey rsa:4096 -subj $SUBJECT -nodes -days 36500 -keyout .config/ssl/client_key.pem -out .config/ssl/client_cert.pem
Adjust configuration
cat .config/radicale/config [server] . . . ssl = true certificate = /home/radicale/.config/ssl/server_cert.pem key = /home/radicale/.config/ssl/server_key.pem certificate_authority = /home/radicale/.config/ssl/client_cert.pem
Apache config:
TBD
Mozilla Lightning
When using Lightning be sure to adjust the email address for each calendar so invitation responses[4] are sent from the correct address.