Private Calendar with Radicale

So I wanted a quick and easy (and private/secure!) calendar for personal stuff, like vacations, doctor appointments, etc. Because I wanted something private, this meant (to me) that 'public' calendar providers - like GMail and Yahoo - were out. So, that meant hosting my own! Cool!

My first choice was Davical. Unfortunately, it recommands Apache; I don't run Apache on my server, nor did I feel like figuring out how to get it working without Apache.

SO, next choice was Radicale, which is a nice, simple Python based CalDAV project. So I took 30 minutes and got it all setup, with TLS and everything (on Debian 7).

To get started easily, just clone the project like so:

cd
git clone git://github.com/Kozea/Radicale.git

Then install it:

cd Radicale
sudo python setup.py install

At this point, you can run it from the command line with radicale. Then you can connect to it via your favorite CalDAV supporting calendar system (I use Lightning). The default URI is http://<HOST>:5232/<USER>/calendar/. <USER> can be anything you want.

Voila!

Of course, security isn't setup here. To get basic encryption and authentication working, you'll need to setup some configuration stuff for Radicale.

sudo su -
mkdir /etc/radicale
vim /etc/radicale/config

Your config will need to look something like this:

[server]
# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
# IPv6 adresses are configured to only allow IPv6 connections
hosts = 0.0.0.0:5232
# Daemon flag
daemon = True
# SSL flag, enable HTTPS protocol
ssl = True
# SSL certificate path
certificate = /etc/ssl/certs/ssl-bundle.crt
# SSL private key
key = /etc/ssl/private/myserver.key
# SSL Protocol used. See python's ssl module for available values
protocol = PROTOCOL_TLSv1
# Ciphers available. See python's ssl module for available ciphers
#ciphers =

[auth]
# Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
type = htpasswd
htpasswd_filename = /etc/radicale/users
# Htpasswd encryption method
# Value: plain | sha1 | crypt
htpasswd_encryption = crypt

[rights]
# Rights backend
# Value: None | authenticated | owner_only | owner_write | from_file | custom
type = owner_only

daemon = True will make Radicale run in the background as a daemon process.

certificate = /etc/ssl/certs/ssl-bundle.crt and key = /etc/ssl/private/myserver.key should point to your servers certificate and private key, respectively.

For authentication, I use htpasswd. To create your credentials, type this from the command line:

htpasswd -cd /etc/radicale/users <USER>

Where <USER> is the username you used above. You will be prompted to enter a password for this user as well.

type = owner_only will make it so that only your user (once authenticated) has access to your calendar.

Now start Radicale again:

radicale

It should start in the background.

Now, you will need to change your CalDAV supported calendar to use SSL. In Lightning, you'll need to create a new calendar (you can't edit, as far as I know). The URI will now be: https://<HOST>:5232/<USER>/calendar/.

You may have to accept your certificate if it isn't signed/setup properly.

It is worth noting that the Radicale folks suggest putting Radicale behind a proper server if you want the best security (the security modules used by Radicale have 'not been verified by security experts'). You can find more information on this here.

That's it! Now you have a private calendar!

Happy scheduling!

Jarrett