Radicale CardDAV And CalDAV Server

Published Wednesday, Sep 23, 2020 by Tony Davis

I’ve wanted to decrease my reliance on Google products recently and have decided a quick way for me to do this is to host my own CardDav and CalDav server using Radicale

CalDav can be used to host your own calendar server and CardDav is for your own contacts server.

Radicale Configuration

Install Python

The Radicale application is written in python and as such the python package and pip are needed to set it up.

[root@server ~]# yum -y install python36

Install Radicale

[root@server ~]# python3 -m pip install --upgrade radicale

Create Radicale User and Group

[root@server ~]# useradd --system --user-group --home-dir /var/lib/radicale --shell /sbin/nologin radicale

Create Radicale Storage

[root@server ~]# mkdir -p /var/lib/radicale/collections
[root@server ~]# chown -R radicale:radicale /var/lib/radicale/collections
[root@server ~]# chmod -R o= /var/lib/radicale/collections

Create Radicale Config

Create the configuration file

[root@server ~]# vi /etc/radicale/config

Add the following to the configuration file

[server]
hosts = 127.0.0.1:5232
max_connections = 20
# 100 Megabyte
max_content_length = 100000000
# 30 seconds
timeout = 30

ssl = False

[encoding]
request = utf-8
stock = utf-8

[auth]
type = htpasswd
htpasswd_filename = /var/lib/radicale/users
htpasswd_encryption = md5

[storage]
filesystem_folder = /var/lib/radicale/collections

Add Radicale Users

Create a new htpasswd file with the user “user1”

[root@server ~]# printf "user1:`openssl passwd -apr1`\n" >> /var/lib/radicale/users
Password:
Verifying - Password:

Add another user

[root@server ~]# printf "user2:`openssl passwd -apr1`\n" >> /var/lib/radicale/users
Password:
Verifying - Password:

Create Radicale Systemd Script

Create the systemd script

[root@server ~]# vi /etc/systemd/system/radicale.service

Add the following to the systemd service file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[Unit]
Description=A simple CalDAV (calendar) and CardDAV (contact) server
After=network.target
Requires=network.target

[Service]
ExecStart=/usr/bin/env python3 -m radicale
Restart=on-failure
User=radicale
# Deny other users access to the calendar data
UMask=0027
# Optional security settings
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths=/var/lib/radicale/collections

[Install]
WantedBy=multi-user.target

Systemd Radicale Service

Reload Systemd

[root@server ~]# systemctl daemon-reload

Start Radicale Service

[root@server ~]# systemctl start radicale

Radicale Service Autostart

[root@server ~]# systemctl enable radicale

Check the status of the service

[root@server ~]# systemctl status radicale

View all log messages

[root@server ~]# journalctl --unit radicale.service

By here you should be able to connect locally to http://127.0.0.1:5232. Next we will configure Nginx to sit infront of the Radicale service and proxy all requests.

Install Nginx

[root@server ~]# yum -y install nginx

Nginx Configuration:

Add the following configuration to the server block in nginx.conf (Or this can be added to a virtual host)

location /radicale/ { 
    proxy_pass        http://127.0.0.1:5232/;
    proxy_set_header  X-Script-Name /radicale;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host $http_host;
    proxy_pass_header Authorization;
}

Check Nginx Configuration

[root@server ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Start Radicale Service

[root@server ~]# systemctl restart nginx

Open Firewall Ports

Open the firewall ports as needed (80: http or 443: https)

[root@server ~]# firewall-cmd --add-port=80/tcp --permanent

[root@server ~]# firewall-cmd --add-port=443/tcp --permanent
[root@server ~]# firewall-cmd --reload

Once you restart Nignx you should be able to access radicale on a normal http or https port by browsing to http://example.com/radicale/ and you should see the login screen.

Login To Radicale

User the username and password you created in the steps above to login to the Radicale portal.

Create A Collection (Cal)

Click “Create new addressbook or calendar”

Fill it in with what ever details you want, then click create.

You should now be able to add that url to a cal dav enabled client and authenticate and then you should be able to see and sync your calendar.

For further configuration options take a look at the Radicale Page