<liclass="level4"><ahref="#documentation/basic-setup/windows-with-nssm---the-non-sucking-service-manager">Windows with "NSSM - the Non-Sucking Service Manager"</a></li>
<liclass="level4"><ahref="#documentation/reverse-proxy/manage-user-accounts-with-the-reverse-proxy">Manage user accounts with the reverse proxy</a></li>
<liclass="level4"><ahref="#documentation/reverse-proxy/secure-connection-between-radicale-and-the-reverse-proxy">Secure connection between Radicale and the reverse proxy</a></li>
<liclass="level4"><ahref="#documentation/clients/infcloud-caldavzap-and-carddavmate">InfCloud, CalDavZAP and CardDavMATE</a></li>
<liclass="level4"><ahref="#documentation/clients/manual-creation-of-calendars-and-address-books">Manual creation of calendars and address books</a></li>
<p>When your server is launched, you can check that everything's OK by going to <ahref="http://localhost:5232/">http://localhost:5232/</a> with your browser! You can login with any username and password.</p>
<p>Want more? Why don't you check our wonderful <ahref="#documentation">documentation</a>?</p>
<p>Using is fun, but hacking is soooooooo coooooool. Radicale is a really small and simple piece of code, it may be the perfect project to start hacking!</p>
<ul>
<li><ahref="#documentation/architecture">How does Radicale work?</a></li>
<p>You want to try Radicale but only have 5 minutes free in your calendar? Let's go right now! You won't have the best installation ever, but it will be enough to play a little bit with Radicale.</p>
<p>When everything works, you can get a <ahref="#documentation/clients">client</a> and start creating calendars and address books. The server <strong>only</strong> binds to localhost (is <strong>not</strong> reachable over the network) and you can log in with any user name and password. If Radicale fits your needs, it may be time for <ahref="#documentation/basic-setup">some basic configuration</a>.</p>
<p>Follow one of the chapters below depending on your operating system.</p>
<p>First of all, make sure that <strong>python</strong> 3.3 or later (<strong>python</strong>≥ 3.6 is recommended) and <strong>pip</strong> are installed. On most distributions it should be enough to install the package <code>python3-pip</code>.</p>
<p>Then open a console and type:</p>
<divclass="sourceCode"id="cb2"><preclass="sourceCode bash"><codeclass="sourceCode bash"><spanid="cb2-1"><ahref="#cb2-1"></a><spanclass="co"># Run the following command as root or</span></span>
<spanid="cb2-2"><ahref="#cb2-2"></a><spanclass="co"># add the --user argument to only install for the current user</span></span>
<p>The first step is to install Python. Go to <ahref="https://python.org">python.org</a> and download the latest version of Python 3. Then run the installer. On the first window of the installer, check the "Add Python to PATH" box and click on "Install now". Wait a couple of minutes, it's done!</p>
<p>Radicale tries to load configuration files from <code>/etc/radicale/config</code>, <code>~/.config/radicale/config</code> and the <code>RADICALE_CONFIG</code> environment variable. A custom path can be specified with the <code>--config /path/to/config</code> command line argument.</p>
<p>You should create a new configuration file at the desired location. (If the use of a configuration file is inconvenient, all options can be passed via command line arguments.)</p>
<p>All configuration options are described in detail on the <ahref="#documentation/configuration">Configuration</a> page.</p>
<p>In its default configuration Radicale doesn't check user names or passwords. If the server is reachable over a network, you should change this.</p>
<p>First a <code>users</code> file with all user names and passwords must be created. It can be stored in the same directory as the configuration file.</p>
<h5>The secure way <aclass="headerlink"href="#documentation/basic-setup/authentication/the-secure-way">¶</a></h5>
<p>The <code>users</code> file can be created and managed with <ahref="https://httpd.apache.org/docs/current/programs/htpasswd.html">htpasswd</a>:</p>
<divclass="sourceCode"id="cb4"><preclass="sourceCode bash"><codeclass="sourceCode bash"><spanid="cb4-1"><ahref="#cb4-1"></a><spanclass="co"># Create a new htpasswd file with the user "user1"</span></span>
<p>The default configuration binds the server to localhost. It can't be reached from other computers. This can be changed with the following configuration options:</p>
<p><strong>Security:</strong> The storage folder should not be readable by unauthorized users. Otherwise, they can read the calendar data and lock the storage. You can find OS dependent instructions in the <strong>Running as a service</strong> section.</p>
<p>Radicale enforces limits on the maximum number of parallel connections, the maximum file size (important for contacts with big photos) and the rate of incorrect authentication attempts. Connections are terminated after a timeout. The default values should be fine for most scenarios.</p>
<h4>Running as a service <aclass="headerlink"href="#documentation/basic-setup/running-as-a-service">¶</a></h4>
<p>The method to run Radicale as a service depends on your host operating system. Follow one of the chapters below depending on your operating system and requirements.</p>
<h5>Linux with systemd as a user <aclass="headerlink"href="#documentation/basic-setup/running-as-a-service/linux-with-systemd-as-a-user">¶</a></h5>
<p>Create the file <code>~/.config/systemd/user/radicale.service</code>:</p>
<p>Radicale will load the configuration file from <code>~/.config/radicale/config</code>. You should set the configuration option <code>filesystem_folder</code> in the <code>storage</code> section to something like <code>~/.var/lib/radicale/collections</code>.</p>
<p>To enable and manage the service run:</p>
<divclass="sourceCode"id="cb13"><preclass="sourceCode bash"><codeclass="sourceCode bash"><spanid="cb13-1"><ahref="#cb13-1"></a><spanclass="co"># Enable the service</span></span>
<h5>Linux with systemd system-wide <aclass="headerlink"href="#documentation/basic-setup/running-as-a-service/linux-with-systemd-system-wide">¶</a></h5>
<p>Create the <strong>radicale</strong> user and group for the Radicale service. (Run <code>useradd --system --home-dir / --shell /sbin/nologin radicale</code> as root.) The storage folder must be writable by <strong>radicale</strong>. (Run <code>mkdir -p /var/lib/radicale/collections && chown -R radicale:radicale /var/lib/radicale/collections</code> as root.)</p>
<p><strong>Security:</strong> The storage should not be readable by others. (Run <code>chmod -R o= /var/lib/radicale/collections</code> as root.)</p>
<p>Create the file <code>/etc/systemd/system/radicale.service</code>:</p>
<p>Set the configuration option <code>daemon</code> in the section <code>server</code> to <code>True</code>. You may want to set the option <code>pid</code> to the path of a PID file.</p>
<p>After daemonization the server will not log anything. You have to configure <ahref="#documentation/logging">Logging</a>.</p>
<p>If you start Radicale now, it will initialize and fork into the background. The main process exits, after the PID file is written.</p>
<p><strong>Security:</strong> You can set the <strong>umask</strong> with <code>umask 0027</code> before you start the daemon, to protect your calendar data and log files from other users. Don't forget to set permissions of files that are already created!</p>
<h4>Windows with "NSSM - the Non-Sucking Service Manager" <aclass="headerlink"href="#documentation/basic-setup/windows-with-nssm---the-non-sucking-service-manager">¶</a></h4>
<p>First install <ahref="https://nssm.cc/">NSSM</a> and start <code>nssm install</code> in a command prompt. Apply the following configuration:</p>
<p><strong>Security:</strong> Be aware that the service runs in the local system account, you might want to change this. Managing user accounts is beyond the scope of this manual. Also make sure that the storage folder and log file is not readable by unauthorized users.</p>
<p>The log file might grow very big over time, you can configure file rotation in <strong>NSSM</strong> to prevent this.</p>
<p>The service is configured to start automatically when the computer starts. To start the service manually open <strong>Services</strong> in <strong>Computer Management</strong> and start the <strong>Radicale</strong> service.</p>
<p>When a reverse proxy is used, the path at which Radicale is available must be provided via the <code>X-Script-Name</code> header. The proxy must remove the location from the URL path that is forwarded to Radicale.</p>
<p>Be reminded that Radicale's default configuration enforces limits on the maximum number of parallel connections, the maximum file size and the rate of incorrect authentication attempts. Connections are terminated after a timeout.</p>
<h4>Manage user accounts with the reverse proxy <aclass="headerlink"href="#documentation/reverse-proxy/manage-user-accounts-with-the-reverse-proxy">¶</a></h4>
<p>Set the configuration option <code>type</code> in the <code>auth</code> section to <code>http_x_remote_user</code>. Radicale uses the user name provided in the <code>X-Remote-User</code> HTTP header and disables HTTP authentication.</p>
<p><strong>Security:</strong> Untrusted clients should not be able to access the Radicale server directly. Otherwise, they can authenticate as any user.</p>
<h4>Secure connection between Radicale and the reverse proxy <aclass="headerlink"href="#documentation/reverse-proxy/secure-connection-between-radicale-and-the-reverse-proxy">¶</a></h4>
<p>SSL certificates can be used to encrypt and authenticate the connection between Radicale and the reverse proxy. First you have to generate a certificate for Radicale and a certificate for the reverse proxy. The following commands generate self-signed certificates. You will be asked to enter additional information about the certificate, the values don't matter and you can keep the defaults.</p>
<p>Radicale is compatible with the WSGI specification.</p>
<p>A configuration file can be set with the <code>RADICALE_CONFIG</code> environment variable, otherwise no configuration file is loaded and the default configuration is used.</p>
<p>Be reminded that Radicale's default configuration enforces limits on the maximum upload file size.</p>
<p><strong>Security:</strong> The <code>None</code> authentication type disables all rights checking. Don't use it with <code>REMOTE_USER</code>. Use <code>remote_user</code> instead.</p>
<h4>Manage user accounts with the WSGI server <aclass="headerlink"href="#documentation/wsgi/manage-user-accounts-with-the-wsgi-server">¶</a></h4>
<p>Set the configuration option <code>type</code> in the <code>auth</code> section to <code>remote_user</code>. Radicale uses the user name provided by the WSGI server and disables authentication over HTTP.</p>
<p>This page describes how to keep track of all changes to calendars and address books with <strong>git</strong> (or any other version control system).</p>
<p>The repository must be initialized by running <code>git init</code> in the file system folder. Internal files of Radicale can be excluded by creating the file <code>.gitignore</code> with the following content:</p>
<pre><code>.Radicale.cache
.Radicale.lock
.Radicale.tmp-*
</code></pre>
<p>The configuration option <code>hook</code> in the <code>storage</code> section must be set to the following command:</p>
<divclass="sourceCode"id="cb26"><preclass="sourceCode bash"><codeclass="sourceCode bash"><spanid="cb26-1"><ahref="#cb26-1"></a><spanclass="fu">git</span> add -A <spanclass="kw">&&</span><spanclass="kw">(</span><spanclass="fu">git</span> diff --cached --quiet <spanclass="kw">||</span><spanclass="fu">git</span> commit -m <spanclass="st">"Changes by "</span>%(user<spanclass="kw">)</span><spanclass="ex">s</span>)</span></code></pre></div>
<p>The command gets executed after every change to the storage and commits the changes into the <strong>git</strong> repository.</p>
<li><ahref="https://android.com/">Android</a> with <ahref="https://www.davx5.com/">DAVx⁵</a> (formerly DAVdroid)</li>
<li><ahref="https://wiki.gnome.org/Apps/Calendar">GNOME Calendar</a>, <ahref="https://wiki.gnome.org/Apps/Contacts">Contacts</a> and <ahref="https://wiki.gnome.org/Apps/Evolution">Evolution</a></li>
<li><ahref="https://www.mozilla.org/thunderbird/">Mozilla Thunderbird</a> with <ahref="https://addons.mozilla.org/thunderbird/addon/cardbook/">CardBook</a> and <ahref="https://www.mozilla.org/projects/calendar/">Lightning</a></li>
<li><ahref="https://www.inf-it.com/open-source/clients/infcloud/">InfCloud</a>, <ahref="https://www.inf-it.com/open-source/clients/caldavzap/">CalDavZAP</a> and <ahref="https://www.inf-it.com/open-source/clients/carddavmate/">CardDavMATE</a></li>
</ul>
<p>Many clients do not support the creation of new calendars and address books. You can use Radicale's web interface (e.g. <ahref="http://localhost:5232">http://localhost:5232</a>) to create and manage collections.</p>
<p>In some clients you can just enter the URL of the Radicale server (e.g. <code>http://localhost:5232</code>) and your user name. In others, you have to enter the URL of the collection directly (e.g. <code>http://localhost:5232/user/calendar</code>).</p>
<p>Enter the URL of the Radicale server (e.g. <code>http://localhost:5232</code>) and your user name. DAVx⁵ will show all existing calendars and address books and you can create new.</p>
<h4>GNOME Calendar, Contacts and Evolution <aclass="headerlink"href="#documentation/clients/gnome-calendar-contacts-and-evolution">¶</a></h4>
<p><strong>GNOME Calendar</strong> and <strong>Contacts</strong> do not support adding WebDAV calendars and address books directly, but you can add them in <strong>Evolution</strong>.</p>
<p>In <strong>Evolution</strong> add a new calendar and address book respectively with WebDAV. Enter the URL of the Radicale server (e.g. <code>http://localhost:5232</code>) and your user name. Clicking on the search button will list the existing calendars and address books.</p>
<p>Add a new address book on the network with CardDAV. You have to enter the full URL of the collection (e.g. <code>http://localhost:5232/user/addressbook</code>) and your user name.</p>
<p>Add a new calendar on the network with <code>CalDAV</code>. (Don't use <code>iCalendar (ICS)</code>!) You have to enter the full URL of the collection (e.g. <code>http://localhost:5232/user/calendar</code>). If you want to add calendars from different users on the same server, you can specify the user name in the URL (e.g. <code>http://user@localhost...</code>)</p>
<h4>InfCloud, CalDavZAP and CardDavMATE <aclass="headerlink"href="#documentation/clients/infcloud-caldavzap-and-carddavmate">¶</a></h4>
<p>You can integrate InfCloud into Radicale's web interface with <ahref="https://github.com/Unrud/RadicaleInfCloud">RadicaleInfCloud</a>. No additional configuration is required.</p>
<p>Set the URL of the Radicale server in <code>config.js</code>. If <strong>InfCloud</strong> is not hosted on the same server and port as Radicale, the browser will deny access to the Radicale server, because of the <ahref="https://en.wikipedia.org/wiki/Same-origin_policy">same-origin policy</a>. You have to add additional HTTP header in the <code>headers</code> section of Radicale's configuration. The documentation of <strong>InfCloud</strong> has more details on this.</p>
<h4>Manual creation of calendars and address books <aclass="headerlink"href="#documentation/clients/manual-creation-of-calendars-and-address-books">¶</a></h4>
<p>This is not the recommended way of creating and managing your calendars and address books. Use Radicale's web interface or a client with support for it (e.g. <strong>DAVx⁵</strong>).</p>
<h5>Direct editing of the storage <aclass="headerlink"href="#documentation/clients/manual-creation-of-calendars-and-address-books/direct-editing-of-the-storage">¶</a></h5>
<p>To create a new collection, you have to create the corresponding folder in the file system storage (e.g. <code>collection-root/user/calendar</code>). To tell Radicale and clients that the collection is a calendar, you have to create the file <code>.Radicale.props</code> with the following content in the folder:</p>
<p>Calendar and address book collections must not have any child collections. Clients with automatic discovery of collections will only show calendars and addressbooks that are direct children of the path <code>/USERNAME/</code>.</p>
<p>Delete collections by deleting the corresponding folders.</p>
<h5>HTTP requests with curl <aclass="headerlink"href="#documentation/clients/manual-creation-of-calendars-and-address-books/http-requests-with-curl">¶</a></h5>
<p>To create a new calendar run something like:</p>
<p>The collection <code>/USERNAME</code> will be created automatically, when the user authenticates to Radicale for the first time. Clients with automatic discovery of collections will only show calendars and address books that are direct children of the path <code>/USERNAME/</code>.</p>
<p>Delete the collections by running something like:</p>
<divclass="sourceCode"id="cb31"><preclass="sourceCode bash"><codeclass="sourceCode bash"><spanid="cb31-1"><ahref="#cb31-1"></a>$ <spanclass="ex">curl</span> -u user -X DELETE <spanclass="st">'http://localhost:5232/user/calendar'</span></span></code></pre></div>
<p>Radicale tries to load configuration files from <code>/etc/radicale/config</code>, <code>~/.config/radicale/config</code> and the <code>RADICALE_CONFIG</code> environment variable. This behaviour can be overwritten by specifying a path with the <code>--config /path/to/config</code> command line argument.</p>
<p>The same example configuration via command line arguments looks like:</p>
<p>The <code>--config ""</code> argument is required to stop Radicale from trying to load configuration files. Run <code>python3 -m radicale --help</code> for more information.</p>
<p>In the following, all configuration categories and options are described.</p>
<p>Most configuration options in this category are only relevant in standalone mode. All options beside <code>max_content_length</code> and <code>realm</code> are ignored, when Radicale runs via WSGI.</p>
<p>Path to the CA certificate for validating client certificates. This can be used to secure TCP traffic between Radicale and a reverse proxy. If you want to authenticate users with client-side certificates, you also have to write an authentication plugin that extracts the user name from the certifcate.</p>
<p>The method to verify usernames and passwords.</p>
<p>Available backends:</p>
<p><code>None</code> : Just allows all usernames and passwords. It also disables rights checking.</p>
<p><code>htpasswd</code> : Use an <ahref="https://httpd.apache.org/docs/current/programs/htpasswd.html">Apache htpasswd file</a> to store usernames and passwords.</p>
<p><code>remote_user</code> : Takes the user name from the <code>REMOTE_USER</code> environment variable and disables HTTP authentication. This can be used to provide the user name from a WSGI server.</p>
<p><code>http_x_remote_user</code> : Takes the user name from the <code>X-Remote-User</code> HTTP header and disables HTTP authentication. This can be used to provide the user name from a reverse proxy.</p>
<p>The encryption method that is used in the htpasswd file. Use the <ahref="https://httpd.apache.org/docs/current/programs/htpasswd.html">htpasswd</a> or similar to generate this files.</p>
<p>Available methods:</p>
<p><code>plain</code> : Passwords are stored in plaintext. This is obviously not secure! The htpasswd file for this can be created by hand and looks like:</p>
<preclass="htpasswd"><code>user1:password1
user2:password2
</code></pre>
<p><code>bcrypt</code> : This uses a modified version of the Blowfish stream cipher. It's very secure. The <strong>passlib</strong> python module is required for this. Additionally you may need one of the following python modules: <strong>bcrypt</strong>, <strong>py-bcrypt</strong> or <strong>bcryptor</strong>.</p>
<p><code>md5</code> : This uses an iterated md5 digest of the password with a salt. The <strong>passlib</strong> python module is required for this.</p>
<p><code>sha1</code> : Passwords are stored as SHA1 hashes. It's insecure!</p>
<p><code>ssha</code> : Passwords are stored as salted SHA1 hashes. It's insecure!</p>
<p><code>crypt</code> : This uses UNIX <ahref="https://manpages.debian.org/unstable/manpages-dev/crypt.3.en.html">crypt(3)</a>. It's insecure!</p>
<p>The backend that is used to check the access rights of collections.</p>
<p>The recommended backend is <code>owner_only</code>. If access to calendars and address books outside of the home directory of users (that's <code>/USERNAME/</code>) is granted, clients won't detect these collections and will not show them to the user. Choosing any other method is only useful if you access calendars and address books directly via URL.</p>
<p>Available backends:</p>
<p><code>None</code> : Everyone can read and write everything.</p>
<p><code>authenticated</code> : Authenticated users can read and write everything.</p>
<p><code>owner_only</code> : Authenticated users can read and write their own collections under the path <em>/USERNAME/</em>.</p>
<p><code>owner_write</code> : Authenticated users can read everything and write their own collections under the path <em>/USERNAME/</em>.</p>
<p><code>from_file</code> : Load the rules from a file.</p>
<p>Lock the storage. This must be disabled if locking is not supported by the underlying file system. Never start multiple instances of Radicale or edit the storage externally while Radicale is running if disabled.</p>
<p>Sync all changes to disk during requests. (This can impair performance.) Disabling it increases the risk of data loss, when the system crashes or power fails!</p>
<h3>Authentication and Rights <aclass="headerlink"href="#documentation/authentication-and-rights">¶</a></h3>
<p>This page describes the format of the rights file for the <code>from_file</code> authentication backend. The configuration option <code>file</code> in the <code>rights</code> section must point to the rights file.</p>
<p>The recommended rights method is <code>owner_only</code>. If access to calendars and address books outside of the home directory of users (that's <code>/USERNAME/</code>) is granted, clients won't detect these collections and will not show them to the user. This is only useful if you access calendars and address books directly via URL.</p>
<p>An example rights file:</p>
<divclass="sourceCode"id="cb36"><preclass="sourceCode ini"><codeclass="sourceCode ini"><spanid="cb36-1"><ahref="#cb36-1"></a><spanclass="co"># The user "admin" can read and write any collection.</span></span>
<p>The titles of the sections are ignored (but must be unique). The keys <code>user</code> and <code>collection</code> contain regular expressions, that are matched against the user name and the path of the collection. Permissions from the first matching section are used. If no section matches, access gets denied.</p>
<p>The user name is empty for anonymous users. Therefore, the regex <code>.+</code> only matches authenticated users and <code>.*</code> matches everyone (including anonymous users).</p>
<p>The path of the collection is separated by <code>/</code> and has no leading or trailing <code>/</code>. Therefore, the path of the root collection is empty.</p>
<p><code>%(login)s</code> gets replaced by the user name and <code>%(path)s</code> by the path of the collection. You can also get groups from the <code>user</code> regex in the <code>collection</code> regex with <code>{0}</code>, <code>{1}</code>, etc.</p>
<p>This document describes the layout and format of the file system storage (<code>multifilesystem</code> backend).</p>
<p>It's safe to access and manipulate the data by hand or with scripts. Scripts can be invoked manually, periodically (e.g. with <ahref="https://manpages.debian.org/unstable/cron/cron.8.en.html">cron</a>) or after each change to the storage with the configuration option <code>hook</code> in the <code>storage</code> section (e.g. <ahref="#documentation/versioning">Git Versioning</a>).</p>
<p>The file system contains the following files and folders:</p>
<ul>
<li><code>.Radicale.lock</code>: The lock file for locking the storage.</li>
<li><code>collection-root</code>: This folder contains all collections and items.</li>
</ul>
<p>A collection is represented by a folder. This folder may contain the file <code>.Radicale.props</code> with all WebDAV properties of the collection encoded as <ahref="https://en.wikipedia.org/wiki/JSON">JSON</a>.</p>
<p>An item is represented by a file containing the iCalendar data.</p>
<p>All files and folders, whose names start with a dot but not <code>.Radicale.</code> (internal files) are ignored.</p>
<p>If you introduce syntax errors in any of the files, all requests that access the faulty data will fail. The logging output should contain the names of the culprits.</p>
<p>Future releases of Radicale 2.x.x will store caches and sync-tokens in the <code>.Radicale.cache</code> folder inside of collections. This folder may be created or modified, while the storage is locked for shared access. In theory, it should be safe to delete the folder. Caches will be recreated automatically and clients will be told that their sync-token isn't valid anymore.</p>
<p>You may encounter files or folders that start with <code>.Radicale.tmp-</code>. Radicale uses them for atomic creation and deletion of files and folders. They should be deleted after requests are finished but it's possible that they are left behind when Radicale or the computer crashes. It's safe to delete them.</p>
<p>When the data is accessed by hand or by an externally invoked script, the storage must be locked. The storage can be locked for exclusive or shared access. It prevents Radicale from reading or writing the file system. The storage is locked with exclusive access while the <code>hook</code> runs.</p>
<h5>Linux and MacOS <aclass="headerlink"href="#documentation/storage/locking/linux-and-macos">¶</a></h5>
<p>Use the <ahref="https://manpages.debian.org/unstable/manpages-dev/flock.2.en.html">flock</a> syscall. Python provides it in the <ahref="https://docs.python.org/3/library/fcntl.html#fcntl.flock">fcntl</a> module.</p>
<p>Use <ahref="https://msdn.microsoft.com/en-us/library/windows/desktop/aa365202%28v=vs.85%29.aspx">LockFile</a> for exclusive access or <ahref="https://msdn.microsoft.com/en-us/library/windows/desktop/aa365203%28v=vs.85%29.aspx">LockFileEx</a> which also supports shared access. Setting <code>nNumberOfBytesToLockLow</code> to <code>1</code> and <code>nNumberOfBytesToLockHigh</code> to <code>0</code> works.</p>
<p>Radicale logs to <code>stderr</code>. The verbosity of the log output can be controlled with <code>--debug</code> command line argument or the <code>debug</code> configuration option in the <code>logging</code> section.</p>
<p>This is the recommended configuration for use with modern init systems (like <strong>systemd</strong>) or if you just test Radicale in a terminal.</p>
<p>You can configure Radicale to write its logging output to files (and even rotate them). This is useful if the process daemonizes or if your chosen method of running Radicale doesn't handle logging output.</p>
<p>A logging configuration file can be specified in the <code>config</code> configuration option in the <code>logging</code> section. The file format is explained in the <ahref="https://docs.python.org/3/library/logging.config.html#configuration-file-format">Python Logging Module</a>.</p>
<p>You can specify multiple <strong>logger</strong>, <strong>handler</strong> and <strong>formatter</strong> if you want to have multiple simultaneous log outputs.</p>
<p>The parent folder of the log files must exist and must be writable by Radicale.</p>
<p><strong>Security:</strong> The log files should not be readable by unauthorized users. Set permissions accordingly.</p>
<h5>Timed rotation of disk log files <aclass="headerlink"href="#documentation/logging/logging-to-a-file/timed-rotation-of-disk-log-files">¶</a></h5>
<p>An example <strong>handler</strong> configuration to write the log output to the file <code>/var/log/radicale/log</code> and rotate it. Replace the section <code>handler_file</code> from the file logging example:</p>
<spanid="cb39-3"><ahref="#cb39-3"></a><spanclass="co"># Specify the output file and parameter for rotation here.</span></span>
<spanid="cb39-4"><ahref="#cb39-4"></a><spanclass="co"># See https://docs.python.org/3/library/logging.handlers.html#logging.handlers.TimedRotatingFileHandler</span></span>
<spanid="cb39-5"><ahref="#cb39-5"></a><spanclass="co"># Example: rollover at midnight and keep 7 files (means one week)</span></span>
<h5>Rotation of disk log files based on size <aclass="headerlink"href="#documentation/logging/logging-to-a-file/rotation-of-disk-log-files-based-on-size">¶</a></h5>
<p>An example <strong>handler</strong> configuration to write the log output to the file <code>/var/log/radicale/log</code> and rotate it . Replace the section <code>handle_file</code> from the file logging example:</p>
<spanid="cb40-3"><ahref="#cb40-3"></a><spanclass="co"># Specify the output file and parameter for rotation here.</span></span>
<spanid="cb40-4"><ahref="#cb40-4"></a><spanclass="co"># See https://docs.python.org/3/library/logging.handlers.html#logging.handlers.RotatingFileHandler</span></span>
<spanid="cb40-5"><ahref="#cb40-5"></a><spanclass="co"># Example: rollover at 100000 kB and keep 10 files (means 1 MB)</span></span>
<p>Radicale is a really small piece of software, but understanding it is not as easy as it seems. But don't worry, reading this short page is enough to understand what a CalDAV/CardDAV server is, and how Radicale's code is organized.</p>
<p>Here is a simple overview of the global architecture for reaching a calendar or an address book through network:</p>
<divclass="tableContainer"><table>
<thead>
<tr>
<th>Part</th>
<th>Layer</th>
<th>Protocol or Format</th>
</tr>
</thead>
<tbody>
<tr>
<tdrowspan="2">Server</td>
<td>Calendar/Contact Storage</td>
<td>iCal/vCard</td>
</tr>
<tr>
<td>Calendar/Contact Server</td>
<td>CalDAV/CardDAV Server</td>
</tr>
<tr>
<td>Transfer</td>
<td>Network</td>
<td>CalDAV/CardDAV (HTTP + TLS)</td>
</tr>
<tr>
<tdrowspan="2">Client</td>
<td>Calendar/Contact Client</td>
<td>CalDAV/CardDAV Client</td>
</tr>
<tr>
<td>GUI</td>
<td>Terminal, GTK, Web interface, etc.</td>
</tr>
</tbody>
</table></div>
<p>Radicale is <strong>only the server part</strong> of this architecture.</p>
<p>Please note that:</p>
<ul>
<li>CalDAV and CardDAV are superset protocols of WebDAV,</li>
<li>WebDAV is a superset protocol of HTTP.</li>
</ul>
<p>Radicale being a CalDAV/CardDAV server, it also can be seen as a special WebDAV and HTTP server.</p>
<p>Radicale is <strong>not the client part</strong> of this architecture. It means that Radicale never draws calendars, address books, events and contacts on the screen. It only stores them and give the possibility to share them online with other people.</p>
<p>If you want to see or edit your events and your contacts, you have to use another software called a client, that can be a "normal" applications with icons and buttons, a terminal or another web application.</p>
<p><code>__main__</code> : The main module provides a simple function called run. Its main work is to read the configuration from the configuration file and from the options given in the command line; then it creates a server, according to the configuration.</p>
<p><code>__init__</code> : This is the core part of the module, with the code for the CalDAV/CardDAV server. The server inherits from a WSGIServer server class, which relies on the default HTTP server class given by Python. The code managing the different HTTP requests according to the CalDAV/CardDAV normalization is written here.</p>
<p><code>config</code> : This part gives a dict-like access to the server configuration, read from the configuration file. The configuration can be altered when launching the executable with some command line options.</p>
<p><code>xmlutils</code> : The functions defined in this module are mainly called by the CalDAV/CardDAV server class to read the XML part of the request, read or alter the calendars, and create the XML part of the response. The main part of this code relies on ElementTree.</p>
<p><code>log</code> : The start function provided by this module starts a logging mechanism based on the default Python logging module. Logging options can be stored in a logging configuration file.</p>
<p><code>auth</code> : This module provides a default authentication manager equivalent to Apache's htpasswd. Login + password couples are stored in a file and used to authenticate users. Passwords can be encrypted using various methods. Other authentication methods can inherit from the base class in this file and be provided as plugins.</p>
<p><code>rights</code> : This module is a set of Access Control Lists, a set of methods used by Radicale to manage rights to access the calendars. When the CalDAV/CardDAV server is launched, an Access Control List is chosen in the set, according to the configuration. The HTTP requests are then filtered to restrict the access depending on who is authenticated. Other configurations can be written using regex-based rules. Other rights managers can also inherit from the base class in this file and be provided as plugins.</p>
<p><code>storage</code> : In this module are written the classes representing collections and items in Radicale, and the class storing these collections and items in your filesystem. Other storage classes can inherit from the base class in this file and be provided as plugins.</p>
<p><code>web</code> : This module contains the web interface.</p>
<h4>Getting started <aclass="headerlink"href="#documentation/plugins/getting-started">¶</a></h4>
<p>To get started we walk through the creation of a simple authentication plugin, that accepts login attempts if the username and password are equal.</p>
<p>The easiest way to develop and install <strong>python</strong> modules is <ahref="https://docs.python.org/3/distutils/setupscript.html">Distutils</a>. For a minimal setup create the file <code>setup.py</code> with the following content in an empty folder:</p>
<p>In the same folder create the sub-folder <code>radicale_silly_auth</code>. The folder must have the same name as specified in <code>packages</code> above.</p>
<p>Create the file <code>__init__.py</code> in the <code>radicale_silly_auth</code> folder with the following content:</p>
<spanid="cb42-13"><ahref="#cb42-13"></a><spanclass="va">self</span>.logger.info(<spanclass="st">"Login attempt by </span><spanclass="sc">%r</span><spanclass="st"> with password </span><spanclass="sc">%r</span><spanclass="st">"</span>,</span>
<p>To make use this great creation in Radicale, set the configuration option <code>type</code> in the <code>auth</code> section to <code>radicale_silly_auth</code>:</p>
<p>This plugin type is used to check login credentials. The module must contain a class <code>Auth</code> that extends <code>radicale.auth.BaseAuth</code>. Take a look at the file <code>radicale/auth.py</code> in Radicale's source code for more information.</p>
<p>This plugin type is used to check if a user has access to a path. The module must contain a class <code>Rights</code> that extends <code>radicale.rights.BaseRights</code>. Take a look at the file <code>radicale/rights.py</code> in Radicale's source code for more information.</p>
<p>This plugin type is used to provide the web interface for Radicale. The module must contain a class <code>Web</code> that extends <code>radicale.web.BaseWeb</code>. Take a look at the file <code>radicale/web.py</code> in Radicale's source code for more information.</p>
<p>This plugin is used to store collections and items. The module must contain a class <code>Collection</code> that extends <code>radicale.storage.BaseCollection</code>. Take a look at the file <code>radicale/storage.py</code> in Radicale's source code for more information.</p>
<p>Interested in hacking? Feel free to clone the <ahref="https://github.com/Kozea/Radicale">git repository on Github</a> if you want to add new features, fix bugs or update the documentation.</p>
<p>To change or complement the documentation create a pull request to <ahref="https://github.com/Kozea/Radicale/blob/master/DOCUMENTATION.md">DOCUMENTATION.md</a>.</p>
<p>If you want the development version of Radicale, take a look at the <ahref="https://github.com/Kozea/Radicale/">git repository on GitHub</a>, or install it directly with:</p>
<p>Radicale is a complete calendar and contact storing and manipulating solution. It can store multiple calendars and multiple address books.</p>
<p>Calendar and contact manipulation is available from both local and distant accesses, possibly limited through authentication policies.</p>
<p>It aims to be a lightweight solution, easy to use, easy to install, easy to configure. As a consequence, it requires few software dependencies and is pre-configured to work out-of-the-box.</p>
<p>Radicale is written in Python. It runs on most of the UNIX-like platforms (Linux, *BSD, macOS) and Windows. It is free and open-source software.</p>
<h4>What Radicale Will Never Be <aclass="headerlink"href="#about//what-radicale-will-never-be">¶</a></h4>
<p>Radicale is a server, not a client. No interfaces will be created to work with the server, as it is a really (really really) much more difficult task.</p>
<p>CalDAV and CardDAV are not perfect protocols. We think that their main problem is their complexity, that is why we decided not to implement the whole standard but just enough to understand some of its client-side implementations.</p>
<p>CalDAV and CardDAV are the best open standards available and they are quite widely used by both clients and servers. We decided to use it, and we will not use another one.</p>
<p>Important global development choices have been decided before writing code. They are very useful to understand why the Radicale Project is different from other CalDAV and CardDAV servers, and why features are included or not in the code.</p>
<h5>Oriented to Calendar and Contact User Agents <aclass="headerlink"href="#about//technical-choices/oriented-to-calendar-and-contact-user-agents">¶</a></h5>
<p>Calendar and contact servers work with calendar and contact clients, using a defined protocol. CalDAV and CardDAV are good protocols, covering lots of features and use cases, but it is quite hard to implement fully.</p>
<p>Some calendar servers have been created to follow the CalDAV and CardDAV RFCs as much as possible: <ahref="http://www.davical.org/">Davical</a>, <ahref="http://sabre.io/baikal/">Baïkal</a> and <ahref="http://trac.calendarserver.org/">Darwin Calendar Server</a>, for example, are much more respectful of CalDAV and CardDAV and can be used with a large number of clients. They are very good choices if you want to develop and test new CalDAV clients, or if you have a possibly heterogeneous list of user agents.</p>
<p>Even if it tries it best to follow the RFCs, Radicale does not and <strong>will not</strong> blindly implements the CalDAV and CardDAV standards. It is mainly designed to support the CalDAV and CardDAV implementations of different clients.</p>
<p>Radicale is designed to be simple to install, simple to configure, simple to use.</p>
<p>The installation is very easy, particularly with Linux: one dependency, no superuser rights needed, no configuration required, no database. Installing and launching the main script out-of-the-box, as a normal user, are often the only steps to have a simple remote calendar and contact access.</p>
<p>Contrary to other servers that are often complicated, require high privileges or need a strong configuration, the Radicale Server can (sometimes, if not often) be launched in a couple of minutes, if you follow the <ahref="#documentation/tutorial">tutorial</a>.</p>
<p>The CalDAV RFC defines what must be done, what can be done and what cannot be done. Many violations of the protocol are totally defined and behaviours are given in such cases.</p>
<p>Radicale often assumes that the clients are perfect and that protocol violations do not exist. That is why most of the errors in client requests have undetermined consequences for the lazy server that can reply good answers, bad answers, or even no answer.</p>
<p>Radicale has been started as a (free topic) stupid school project replacing another (assigned topic) even more stupid school project.</p>
<p>At the beginning, it was just a proof-of-concept. The main goal was to write a small, dirty and simple CalDAV server working with Lightning, using no external libraries. That's how we created a piece of code that's (quite) easy to understand, to use and to hack.</p>
<p>The <ahref="https://github.com/Kozea/Radicale/commit/b1591aea">first lines</a> have been added to the SVN (!) repository as I was drinking (many) beers at the very end of 2008 (Python 2.6 and 3.0 were just released). It's now packaged for a growing number of Linux distributions.</p>
<p>And that was fun going from here to there thanks to you!</p>
