-
Notifications
You must be signed in to change notification settings - Fork 442
Simple installation
Peter Bieringer edited this page Nov 12, 2024
·
8 revisions
This page should explain how to set up a small installation for personal use, with:
- no reverse proxy frontend,
- an example of plain htpasswd authentication,
- an example of SSL certificate.
-
Setup and Verify Test CalDAV Server on Localhost:5232
- If you want to become familiar with Radicale before attempting a setup
-
Setup Real CalDAV Server on LocalNetwork:5232
- If you want to immediately begin work
- Assumes you have OpenSSH server already up and can use "scp" command
- Setup Real CalDAV Server on PublicIPAddress:5232
This is a small installation on Ubuntu Desktop. All credit to Radicale Documentation
Open a terminal and enter these commands:
##### Install dependencies for Radicale
sudo apt-get install python3-pip
##### -H flag uses root's home rather than USER's home
sudo -H python3 -m pip install --upgrade radicale
##### logline should be shown (EXAMPLE)
sudo -H python3 -m radicale -D --config "" --storage-filesystem-folder=~/.var/lib/radicale/collections
...
[2024-03-22 06:17:00 +0100] [1727] [INFO] Listening on '127.0.0.1:5232'
[2024-03-22 06:17:00 +0100] [1727] [INFO] Radicale server ready
Terminate with CTRL+C
##### Cursor will simply blink in Terminal
sudo -H python3 -m radicale --config "" --logging-level info --storage-filesystem-folder=~/.var/lib/radicale/collections
- Open your browser, connect to: http://localhost:5232/
- Enter a Username and click "Next"
- Username: fake
- Click "Create new addressbook or calendar"
- Enter a Calendar Title, Description, Type, and Color and click "Save"
- Title: fakecalDAV01
- Description: fakecalendar01
- Type: calendar, journal and tasks [default]
- Color: [default]
- You are now returned to the Radicale "Collections" page in your browser
- Note that collection (Calendar) "fakecalDAV01" has a URL, we will use this in our Calendar Client
- Open Thunderbird
- Click "Events and Tasks > Calendar"
- Click "File > New > Calendar" [or right-click "Calendar Pane > Calendar List" area and select "New Calendar"]
- Select "On the Network" in the dialog box and click "Next"
- Select a Format and Location and click "Next"
- Format: CalDAV
- Location: Copy and paste fakecalDAV01's URL (all of it) and add any "USERNAME@" before "localhost"
- Enter a Name, Color, and Thunderbird email account and click "Next"
- Name: TB Radicale Test Calendar (TBRTC)
- Color: [color you would like to indicate an event on TBRTC]
- Email: [default]
- Click "Finish"
- Click "Events and Tasks > New Event"
- Select Title, Location, Start and End Time, and Calendar and click "Save and Close"
- Title: First New Event
- Location: 123 Main Street
- Start and End Time: 01 Jan 2000 15:00 to 01 Jan 2000 18:00
- Calendar: TB Radicale Test Calendar
- Select Title, Location, Start and End Time, and Calendar and click "Save and Close"
Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to TB Radicale Test Calendar. Hopefully, "TB Radicale Test Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close."
- Return to browser, http://localhost:5232/
- Click URL for "fakecalDAV01" and save .ics file
- Go to folder with .ics file and open .ics file with a text editor
- Enjoy ~50 lines that represent your "First New Event" in your "TB Radicale Test Calendar"
This is a small installation on Ubuntu Server. All credit to Radicale Documentation
- Return to browser on Desktop Client, http://localhost:5232/
- Click "Logout[fake]"
- Return to Terminal where you launched Radicale in the foreground (still running) and type Ctrl+C
- Create some users and passwords (the CalDAV username does not need to match your login USERNAME on either Desktop Client or Server but you should pick a name and password you actually want to use for the real calendar)
##### Install dependencies for htpasswd command (if needed)
ClientUSER@CLIENT:~$ sudo apt-get install apache2-utils
##### Put user "fakeuser" in a new "users" file
ClientUSER@CLIENT:~$ sudo htpasswd -B -c /etc/radicale/users fakeuser
New password:
Re-type new password:
##### Add another user
ClientUSER@CLIENT:~$ sudo htpasswd -B /etc/radicale/users user2
New password:
Re-type new password:
##### Install dependencies for bcrypt encryption method
ClientUSER@CLIENT:~$ sudo python3 -m pip install --upgrade passlib bcrypt
- Tell Radicale where to find users by editing the /etc/radicale/config file in your Terminal [assuming you installed Radicale as root with "sudo -H" above. If you installed as USER, edit ~/.config/radicale/config]
- Add lines to [auth] section of config file
- Note that your config file should already look finished (~200 lines), not empty
- Add lines to [auth] section of config file
ClientUSER@CLIENT:~$ sudo nano /etc/radicale/config
##### Add these lines under relevant portions of [auth] section
type = htpasswd
htpasswd_filename = /etc/radicale/users
# encryption method used in the htpasswd file
htpasswd_encryption = bcrypt
- Add some safety limits to /etc/radicale/config file
##### Add these lines under relevant portions of [server] section
max_connections = 20
# 1 Megabyte
max_content_length = 10000000
# 10 seconds
timeout = 10
##### Add these lines under relevant portions of [auth] section
# Average delay after failed login attempts in seconds
delay = 1
- Run Radicale with our /etc/radicale/config file (rather than blank configuration file used above for Test Server)
##### Note that you may need to comment out some sections in /etc/radicale/config if this does not work
##### by adding a "#" before "[well-known]" and "[git]" if you see similar errors
##### ERROR: Invalid configuration: Invalid section 'well-known' in config
ClientUSER@CLIENT:~$ sudo -H python3 -m radicale
- Return to browser on Desktop Client, http://localhost:5232/
- Authentication Required for localhost:5232, enter Username and Password and click "OK"
- Username: fakeuser
- Password: [password you gave to htpasswd]
- Try to login as FAKE, or wrongUser--this should now fail!
- Authentication Required for localhost:5232, enter Username and Password and click "OK"
- Still in Desktop Client browser, click "Create new addressbook or calendar"
- Enter a Calendar Title, Description, Type, and Color and click "Save"
- Title: fakeusercalDAV01
- Description: fakeuser's /etc/radicale/config calendar
- Type: calendar, journal and tasks [default]
- Color: [default]
- You can edit these variables later
- You are now returned to the Radicale "Collections" page in your browser
- Note that collection (Calendar) "fakeusercalDAV01" has a URL, we will use this in our Calendar Client
- URL: http://localhost:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/
- Note that this URL is different from "TB Radicale Test Calendar" (i.e., fakecalDAV01)
- Note that collection (Calendar) "fakeusercalDAV01" has a URL, we will use this in our Calendar Client
- Open Thunderbird
- Authentication Required for localhost:5232, enter Username and Password
- Username: fakeuser
- Password: [password you gave to htpasswd]
- Click "Events and Tasks > Calendar"
- Click "File > New > Calendar" [or right-click "Calendar Pane > Calendar List" area and select "New Calendar"]
- Authentication Required for localhost:5232, enter Username and Password
- Select "On the Network" in the dialog box and click "Next"
- Select a Format and Location and click "Next"
- Format: CalDAV
- Location: Copy and paste fakeusercalDAV01's URL (all of it)
- i.e., http://localhost:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/
- At this stage, you could also add the username given to htpasswd as "USERNAME@" before "localhost"
- Enter a Name, Color, and Thunderbird email account and click "Next"
- Name: TB Real Radicale Calendar (TBRRTC)
- Color: [color you would like to indicate an event on TBRRTC]
- Email: [default]
- Click "Finish"
- Click "Events and Tasks > New Event"
- Select Title, Location, Start and End Time, and Calendar and click "Save and Close"
- Title: Second New Event
- Location: 123 Main Street
- Start and End Time: 01 Jan 2000 15:00 to 01 Jan 2000 18:00
- Calendar: TB Real Radicale Calendar
- Select Title, Location, Start and End Time, and Calendar and click "Save and Close"
Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to TB Real Radicale Calendar. Hopefully, "TB Real Radicale Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close."
- Return to browser, http://localhost:5232/
- Click URL for "fakeusercalDAV01" and save .ics file
- Go to folder with .ics file and open .ics file with a text editor
- Enjoy ~50 lines that represent your "Second New Event" in your "TB Real Radicale Calendar"
Your configuration files and authentication worked! Now let's install Radicale on the Server and push these config files to the Server.
SSH from your Desktop Client to Server by opening a terminal and enter these commands:
ClientUSER@Client:~$ ssh [email protected]
##### Install dependencies for Radicale
ServerUSER@Server:~$ sudo apt-get install python3-pip
##### Install dependencies for bcrypt encryption method
ServerUSER@Server:~$ sudo python3 -m pip install --upgrade passlib bcrypt
##### -H flag uses root's home rather than USER's home
ServerUSER@Server:~$ sudo -H python3 -m pip install --upgrade radicale
Make /etc/radicale directory
ServerUSER@Server:~$ sudo mkdir /etc/radicale
Return to Terminal attached to Desktop Client
ClientUSER@Client:~$ sudo scp /etc/radicale/config [email protected]:/home/ServerUSER/radicale-config
ClientUSER@Client:~$ sudo scp /etc/radicale/config [email protected]:/home/ServerUSER/radicale-users
ClientUSER@Client:~$ sudo scp /var/lib/radicale/collections/collections-root [email protected]:/home/ServerUSER/radicale-collections-root
Return to SSH Terminal attached to Server, move the config and storage files to proper locations and change owner
ServerUSER@Server:~$ sudo mv /home/ServerUSER/radicale-config /etc/radicale/config
ServerUSER@Server:~$ sudo mv /home/ServerUSER/radicale-users /etc/radicale/users
ServerUSER@Server:~$ sudo mv /home/ServerUSER/radicale-collection-root /var/lib/radicale/collections/collection-root
ServerUSER@Server:~$ sudo chown root:root /etc/radicale/config
ServerUSER@Server:~$ sudo chown root:root /etc/radicale/users
ServerUSER@Server:~$ sudo chown -R radicale:radicale /var/lib/radicale/collections
- HELP: I cannot make "hosts = 192.168.1.0:5232" or something restricted to local network! ???
##### Open config file for editing
ServerUSER@Server:~$ sudo nano /etc/radicale/config
##### Add these lines under relevant portions of [server] section where your router is 192.168.1.1
hosts = 0.0.0.0:5232
##### By setting ssl = True, Radicale no longer responds to HTTP requests.
ssl = True
certificate = /etc/ssl/radicale.cert.pem
key = /etc/ssl/radicale.key.pem
##### You can hit enter as an answer to all the questions to set the default except this one:
##### "Common Name (eg, YOUR name) []:" where you will enter your domain name or dns record
##### used for your development server, or in case of wildcard certificates,
##### use an astrisk, like this: *.mycompany.com
##### By using a self-signed certificate, your browser should warn you of this fact.
##### Confirm exception as you wish, but this exception is necessary to visit page.
ServerUSER@Server:~$ openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/radicale.key.pem -out /etc/ssl/radicale.cert.pem -x509 -days 365
Common Name (eg, YOUR name) []: developmentserver12345
##### Create "radicale" user and group for Radicale service
ServerUSER@Server:~$ sudo useradd --system --home-dir / --shell /sbin/nologin radicale
##### Make storage folder writable by user "radicale"
ServerUSER@Server:~$ sudo mkdir -p /var/lib/radicale/collections
ServerUSER@Server:~$ sudo chown -R radicale:radicale /var/lib/radicale/collections
##### Make storage folder non-readable by others
ServerUSER@Server:~$ sudo chmod -R o= /var/lib/radicale/collections
Create the file /etc/systemd/system/radicale.service
ServerUSER@Server:~$ sudo nano /etc/systemd/system/radicale.service
Cut and paste and save the following into the /etc/systemd/system/radicale.service blank nano screen
[Unit]
Description=A simple CalDAV (calendar) and CardDAV (contact) server
After=network.target
Requires=network.target
# replace with following in case of specific address is used in config server->hosts
# Wants=network-online.target
# After=network-online.target
[Service]
ExecStart=/usr/bin/env python3 -m radicale
Restart=on-failure
User=radicale
# Deny other users access to the calendar data
UMask=0027
# Optional security settings
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths=/var/lib/radicale/collections
# from https://github.com/Kozea/Radicale/issues/1614
StateDirectory=radicale
[Install]
WantedBy=multi-user.target
Start the Service Manually (Service will start automatically on failure and/or Server restart)
# Enable the service
ServerUSER@Server:~$ sudo systemctl enable radicale
# Start the service
ServerUSER@Server:~$ sudo systemctl start radicale
# Check the status of the service
ServerUSER@Server:~$ sudo systemctl status radicale
# View all log messages
ServerUSER@Server:~$ sudo journalctl --unit radicale.service
- Return to Thunderbird
- Click "Events and Tasks > Calendar"
- Click "File > New > Calendar" [or right-click "Calendar Pane > Calendar List" area and select "New Calendar"]
- Select "On the Network" in the dialog box and click "Next"
- Select a Format and Location and click "Next"
- Format: CalDAV
- Location: Copy and paste fakeusercalDAV01's URL (all of it)
- i.e., https://192.168.1.20:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/
- Note that this URL is different from "TB Radicale Test Calendar" (i.e., fakecalDAV01) but identical to the "TB Real Radicale Calendar" (i.e., fakeusercalDAV01)
- At this stage, you could also add the username given to htpasswd "USERNAME@" before "localhost"
- Enter a Name, Color, and Thunderbird email account and click "Next"
- Name: TB to Server Real Radicale Calendar (TSRRC)
- Color: [color you would like to indicate an event on TSRRC]
- Email: [default]
- Click "Finish"
- Click "Events and Tasks > New Event"
- Select Title, Location, Start and End Time, and Calendar and click "Save and Close"
- Title: Third New Event
- Location: 123 Main Street
- Start and End Time: 01 Jan 2000 15:00 to 01 Jan 2000 18:00
- Calendar: TB to Server Real Radicale Calendar
- Select Title, Location, Start and End Time, and Calendar and click "Save and Close"
Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to TB to Server Real Radicale Calendar. Hopefully, "TB to Server Real Radicale Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close."
- Return to browser, https://192.168.1.20:5232/ (assuming Server is 192.168.1.20)
- Authentication Required for 192.168.1.20:5232, enter Username and Password and click "OK"
- Username: fakeuser
- Password: [password you gave to htpasswd]
- Try to login as FAKE, or wrongUser--this should now fail!
- Authentication Required for 192.168.1.20:5232, enter Username and Password and click "OK"
- Click URL for "fakeusercalDAV01" and save .ics file
- Go to folder with .ics file and open .ics file with a text editor
- Enjoy another ~50 lines that represent your "Third New Event" in your "TB to Server Real Radicale Calendar"
Caveats:
- You need to properly configure port forwarding from your home router to your Server such that incoming requests on port 5232 are forwarded to port 5232 of your Server (192.168.1.20)
- You will need to know your public IP address
- You will not be able to test that your calendar at public IP address is accessible from INSIDE your local network unless your router allows NAT Loopback
- This also means that if you successfully access your CalDAV Server collection "fakeusercalDAV01" from inside your local network from your laptop (192.168.1.10) via a calendar client pointed at https://192.168.1.20:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ on Monday, this calendar client will not work outside your local network on Tuesday as the path to your calendar is different, e.g., https://your.public.IP.address:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/