andonome/lk
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3e3e072623
lk/data/radicale.md
Malin Freeborn 09f3afa35b
edit radicale
2024-04-07 12:38:33 +02:00

3.2 KiB
Raw Blame History

title tags
radicale and nginx
data
calendar

Check before you start:

  • you have a normally running site on nginx already.
  • your server has the directory /etc/nginx/sites-enabled/ enabled in the nginx config.

Installation and Service

Install radicale through your package manager (not pip). The standard radicale package should come with a nice systemd service file.

If the service comes already-started, stop it immediately:

sudo systemctl stop radicale

Set up Passwords

Edit /etc/radicale/config, changing the [auth] section from this:

#type = none

...to this:

type = htpasswd

Make sure the service is off, as people may be able to sign in without a password at this point.

Next, find the htpasswd program. You might get it in the apache package or similar.

htpasswd allows you to generate passwords for users, and place them in /etc/radicale/users.

PASS="$(xkcdpass)"
htpasswd -nb $USER "$PASS" | sudo tee -a /etc/radicale/users
echo "Your username is $USER"
echo "Your password is $PASS"

Right now, you can't sign into the server except through the localhost, which is pointless. So now we add a subdomain to nginx.


echo '
 server {
    if ($host = cal.DOMAIN) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


     listen 80;
     server_name cal.DOMAIN;
                                                                                        
     location / {
         proxy_pass http://localhost:5232;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
                                                                                        
     return 301 https://$server_name$request_uri;
 

}
                                                                                        
 server {
     listen 443 ssl;
     server_name cal.DOMAIN;
    ssl_certificate /etc/letsencrypt/live/cal.DOMAIN/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cal.DOMAIN/privkey.pem; # managed by Certbot
                                                                                        
     location / {
         proxy_pass http://localhost:5232;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
 
}
' > /etc/nginx/sites-available/radicale
sudo ln -s /etc/nginx/sites-available/radicale /etc/nginx/sites-enables/

Finally, replace the example DOMAIN with your actual domain name.

DOMAIN=whatever.com
sudo sed -i "s/DOMAIN/$DOMAIN/g" /etc/nginx/sites-available/radicale

(optional: replace that cal. prefix with anything else)

Check nginx is happy:

sudo nginx -t

You will almost certainly need a new SSL certificate for the site:

sudo certbod -d cal.$DOMAIN

Start or restart both services:

sudo systemctl start radicale
sudo systemctl restart nginx

You should now be able to log into your calendar, and add it to a phone.

NB: you don't need the port number.