andonome/lk
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
54a9444544
lk/data/radicale.md

3.2 KiB
Raw Blame History

title tags
radicale and nginx
data
calendar

Check before you start:

  • you have a normally running site on nginx already.
  • your server has the directory /etc/nginx/sites-enabled/ enabled in the nginx config.

Installation and Service

Install radicale through your package manager (not pip). The standard radicale package should come with a nice systemd service file.

If the service comes already-started, stop it immediately:

sudo systemctl stop radicale

Set up Passwords

Edit /etc/radicale/config, changing the [auth] section from this:

#type = none

...to this:

#type = htpasswd

If the service is started, restart it to make sure nobody can sign in without a password.

Next, find the htpasswd program. You might get it in the apache package or similar.

htpasswd allows you to generate passwords for users, and place them in /etc/radicale/users.

PASS="$(xkcdpass)
htpasswd -nb $USER "$PASS" | sudo tee -a /etc/radicale/users
echo "Your username is $USER"
echo "Your password is $PASS"

Right now, you can't sign into the server except through the localhost, which is pointless. So now we add a subdomain to nginx.


echo '
 server {
    if ($host = cal.DOMAIN) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


     listen 80;
     server_name cal.DOMAIN;
                                                                                        
     location / {
         proxy_pass http://localhost:5232;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
                                                                                        
     return 301 https://$server_name$request_uri;
 

}
                                                                                        
 server {
     listen 443 ssl;
     server_name cal.DOMAIN;
    ssl_certificate /etc/letsencrypt/live/cal.DOMAIN/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cal.DOMAIN/privkey.pem; # managed by Certbot
                                                                                        
     location / {
         proxy_pass http://localhost:5232;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
 
}
' > /etc/nginx/sites-available/radicale
sudo ln -s /etc/nginx/sites-available/radicale /etc/nginx/sites-enables/

Finally, replace the example DOMAIN with your actual domain name.

DOMAIN=whatever.com
sudo sed -i "s/DOMAIN/$DOMAIN/g" /etc/nginx/sites-available/radicale

(optional: replace that cal. prefix with anything else)

Check nginx is happy:

sudo nginx -t

You will almost certainly need a new SSL certificate for the site:

sudo certbod -d cal.$DOMAIN

Start or restart both services:

sudo systemctl start radicale
sudo systemctl restart nginx

You should now be able to log into your calendar, and add it to a phone.

NB: you don't need the port number.