oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity
Page: Server Diagnostics Troubleshooting
Pages
01 ‐ Reporting Issues 02 ‐ Contributions C*DAV explanations Client InfCloud Client Status Client Thunderbird Client pimsync Collection Storage Collection type VSUBSCRIBED (Webcal) Current Maintainers Contributors Development Testing Release Donations Fail2Ban Setup Home Installing on Debian Linux Installing on Docker Installing on OpenBSD LDAP authentication Performance Tuning Production ready installation Radicale Custom DAV protocol extensions Radicale Internals Reverse Proxy Diagnostics Troubleshooting Reverse Proxy Hints Server Diagnostics Troubleshooting Sharing Collections Simple installation
22 Server Diagnostics Troubleshooting
Peter Bieringer edited this page 2025-05-09 20:45:42 +02:00
Table of Contents

(work-in-progress, feel free to contribute)

Assumptions

  • the system user is named "radicale"
  • the system user "radicale" owns the the configured storage location

Storage verification

Since 3.0.0 a special command option exists to verify the storage of the collections:

# add optional for watching the progress: --logging-level debug
sudo -u radicale /usr/bin/radicale --verify-storage

It should not report any errors, otherwise particular VCF or ICS files have to be fixed manually.

Storage verification reports: "Invalid item"

Upload reported file to https://icalendar.org/validator.html and run validation.

  • Result: external validator reports also an error -> fix manually or delete file
  • Result: external validator reports OK -> continue here: Reporting-Issues

Storage verification reports: "Invalid collection '$NAME': '$TYPE' must not have child collections

Background: "radicale" do not support a nested storage hierachy.

Solution: check for any folder in which itself is a collection and move it on same level as $NAME. Check also content of related ".Radicale.props" file

Verification of start

Manual start

# including optional for watching the progress: --logging-level debug
# Terminate with CTRL-C to finish test
sudo -u radicale /usr/bin/radicale --logging-level debug

Start by systemd

  • terminal#1 / watch logs: journalctl -f -u radicale
  • terminal#2 / start "radicale" service: systemctl start radicale

Listen Status

Radicale started, it's listen on configured IP/ports

  • config section: [server]
  • config option: hosts

Example:

netstat -nlpt | grep ":5232 "
tcp        0      0 127.0.0.1:5232          0.0.0.0:*               LISTEN      4117/python3        
tcp6       0      0 ::1:5232                :::*                    LISTEN      4117/python3

Example for Windows OS:

netstat -na | find ":5232 "
TCP 127.0.0.1:5232 127.0.0.1:0 LISTENING
TCP [::1]:5232     [::1]:0     LISTENING

Connection tests (plain-text)

Direct connection tests, for tests via reverse proxy see Reverse-Proxy-Diagnostics-Troubleshooting

Connection test to internal web server (if enabled)

  • config section: [web]
  • config option: type

Redirect to landing page

curl http://localhost:5232/

Successful result:

Redirected to /.web

WebUI

curl http://localhost:5232/.web/

Connection test to user's collection

Successful result depends on auth and permission

  • config section: [auth]
  • config option: type
  • config section: [rights]
  • config option: type + file

Without authentication

curl -s --request PROPFIND http://localhost:5232/
Access to the requested resource forbidden.

With authentication on reverse proxy

auth: http_x_remote_user

curl -H "X-Remote-User: USER" --request PROPFIND http://localhost:5232/

Should return in successful response of the particular USER content

With authentication

Depth: 0

curl -s --header 'Depth: 0' --request PROPFIND -u USER1:USERPASS1 http://localhost:5232/ | xmllint --format - | grep "<href>"

Successful result:

    <href>/</href>
          <href>/</href>
          <href>/USER1/</href>

Depth: 1

curl -s --header 'Depth: 1' --request PROPFIND -u USER1:USERPASS1 http://localhost:5232/ | xmllint --format - | grep "<href>"

Successful result:

    <href>/</href>
    <href>/USER1/</href>

Depth: 1 / extending URI by user

(example)

curl -s --header 'Depth: 1' --request PROPFIND -u USER1:USERPASS1 http://localhost:5232/USER1/ | xmllint --format - | grep -E "(^    <href>|displayname|C:calendar-description)"

Successful result:

    <href>/USER1/</href>
    <href>/USER1/mycalendar1/</href>
        <displayname>MyCalendar1</displayname>
        <C:calendar-description>MyCalendar1</C:calendar-description>
    <href>/USER1/mysharedcalendar1/</href>
        <displayname>MySharedCalendar1</displayname>
        <C:calendar-description>MySharedCalendar1</C:calendar-description>
    <href>/USER1/feiertagebayern/</href>
        <displayname>Feiertage Bayern</displayname>
        <C:calendar-description>Feiertage Bayern</C:calendar-description>

Connection tests (SSL)

Test connection using "OpenSSL c_client"

openssl s_client -connect localhost:5232
Connecting to 127.0.0.1
CONNECTED(00000003)
...
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

Hit CTRL-C to terminate in case of successful connect.

Test request using "curl"

initial test

Add option -v in case of an issue, -k disable certificate validation

curl -k -I  https://localhost:5232/.web/
HTTP/1.0 200 OK
Date: Sat, 08 Mar 2025 15:51:34 GMT
Server: WSGIServer/0.2 CPython/3.13.2
Content-Type: text/html
Last-Modified: Sat, 08 Mar 2025 14:43:26 GMT
Content-Length: 9397

test as real client

Request without -k must be successful (usually, if configured certificate is issued from a public known CA), otherwise normal client will not accept the TLS connection

curl -I https://CDAV.DOMAIN.EXAMPLE/.web/
HTTP/1.1 200 OK
Date: Sat, 08 Mar 2025 15:56:48 GMT
Server: WSGIServer/0.2 CPython/3.9.21
Content-Type: text/html; charset=UTF-8
Last-Modified: Sun, 26 Jan 2025 07:15:14 GMT
Content-Length: 8669
Vary: User-Agent