diff --git a/Simple-installation.md b/Simple-installation.md index a994450..e805fc7 100644 --- a/Simple-installation.md +++ b/Simple-installation.md @@ -3,11 +3,17 @@ This page should explain how to set up a small installation for personal use, wi - an example of plain htpasswd authentication, - an example of SSL certificate. +# Contents +- [Setup and Verify Test CalDAV Server on Localhost:5232](https://github.com/Kozea/Radicale/wiki/Simple-installation/_edit#setup-and-verify-test-server-on-localhost5232) + - If you want to become familiar with Radicale before attempting a setup +- [Setup Real CalDAV Server on LocalNetwork:5232](https://github.com/Kozea/Radicale/wiki/Simple-installation/_edit#setup-real-caldav-server-on-localnetwork5232) + - If you want to immediately begin work + - Assumes you have OpenSSH server already up and can use "scp" command +- Setup Real CalDAV Server on PublicIPAddress:5232 +# Setup and Verify Test CalDAV Server on Localhost:5232 -# Setup and Verify Test Server on Localhost:5232 - -> This is a small installation on Ubuntu Desktop 16.04 [once this works, will write up necessary edits for small installation on Ubuntu Server 16.04]. All credit to [Radicale Documentation](http://radicale.org/documentation/) +> This is a small installation on Ubuntu Desktop 16.04. All credit to [Radicale Documentation](http://radicale.org/documentation/) ## Install and Run Radicale @@ -15,6 +21,7 @@ This page should explain how to set up a small installation for personal use, wi Open a terminal and enter these commands: ``` +##### Install dependencies for Radicale sudo apt-get install python3-pip ``` @@ -40,12 +47,12 @@ sudo -H python3 -m radicale --config "" --storage-filesystem-folder=~/.var/lib/r - Username: fake - Click "Create new addressbook or calendar" - Enter a Calendar Title, Description, Type, and Color and click "Save" - - Title: fakecal01 + - Title: fakecalDAV01 - Description: fakecalendar01 - Type: calendar, journal and tasks [default] - Color: [default] - You are now returned to the Radicale "Collections" page in your browser - - Note that collection (Calendar) "fakecal01" has a URL, we will use this in our Calendar Client + - Note that collection (Calendar) "fakecalDAV01" has a URL, we will use this in our Calendar Client - URL: http://localhost:5232/fake/234e38a1-32eg-9e0x-e3tn-eut92930etae/ ## Modify first Calendar in Thunderbird Calendar Client @@ -57,86 +64,88 @@ sudo -H python3 -m radicale --config "" --storage-filesystem-folder=~/.var/lib/r - Select "On the Network" in the dialog box and click "Next" - Select a Format and Location and click "Next" - Format: CalDAV - - Location: Copy and paste fakecal01's URL (all of it) and add any "USERNAME@" before "localhost" + - Location: Copy and paste fakecalDAV01's URL (all of it) and add any "USERNAME@" before "localhost" - e.g., http://fake@localhost:5232/fake/234e38a1-32eg-9e0x-e3tn-eut92930etae/ - e.g., http://myusername@localhost:5232/fake/234e38a1-32eg-9e0x-e3tn-eut92930etae/ - Enter a Name, Color, and Thunderbird email account and click "Next" - - Name: First Radicale Test Calendar (FRTC) - - Color: [color you would like to indicate an event on FRTC] + - Name: TB Radicale Test Calendar (TBRTC) + - Color: [color you would like to indicate an event on TBRTC] - Email: [default] - Click "Finish" -### Modify First Radicale Test Calendar +### Modify Radicale Test Calendar - Click "Events and Tasks > New Event" - Select Title, Location, Start and End Time, and Calendar and click "Save and Close" - Title: First New Event - Location: 123 Main Street - Start and End Time: 01 Jan 2000 15:00 to 01 Jan 2000 18:00 - - Calendar: First Radicale Test Calendar + - Calendar: TB Radicale Test Calendar -Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to First Radicale Test Calendar. Hopefully, "First Radicale Test Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close." +Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to TB Radicale Test Calendar. Hopefully, "TB Radicale Test Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close." ### Verify Modification of CalDAV backend - Return to browser, http://localhost:5232/ -- Click URL for "fakecal01" and save .ics file +- Click URL for "fakecalDAV01" and save .ics file - Go to folder with .ics file and open .ics file _with a text editor_ -- Enjoy ~50 lines that represent your "First New Event" in your "First Radicale Test Calendar" +- Enjoy ~50 lines that represent your "First New Event" in your "TB Radicale Test Calendar" -# Setup Real Server on PublicIPaddress:5232 +# Setup Real CalDAV Server on LocalNetwork:5232 -> This is a small installation on Ubuntu Desktop 16.04 [once this works, will write up necessary edits for small installation on Ubuntu Server 16.04]. All credit to [Radicale Documentation](http://radicale.org/documentation/) +> This is a small installation on Ubuntu Server 16.04. All credit to [Radicale Documentation](http://radicale.org/documentation/) -## Shut down Test Server +## Shut down Test Server on Desktop Client ### Logging off -- Return to browser, http://localhost:5232/ +- Return to browser on Desktop Client, http://localhost:5232/ - Click "Logout[fake]" - Return to Terminal where you launched Radicale in the background (still running) and type Ctrl+C ``` ##### Cursor will simply blink in Terminal -sudo -H python3 -m radicale --config "" --storage-filesystem-folder=~/.var/lib/radicale/collections +ClientUSER@CLIENT:~$ sudo -H python3 -m radicale --config "" --storage-filesystem-folder=~/.var/lib/radicale/collections [BLINKING CURSOR] ^C +##### Radicale command finished, Terminal ready for next command +ClientUSER@CLIENT:~$ ``` -## Configure Server with Real Configuration File +## Configure Real Configuration File on Desktop Client ### Configure Secure Users -- Create some users and passwords +- Create some users and passwords (the CalDAV username does not need to match your login USERNAME on either Desktop Client or Server but you should pick a name and password you actually want to use for the real calendar) ``` ##### Install dependencies for htpasswd command (if needed) -sudo apt-get install apache2-utils -##### Put user "fake" in a new "users" file -sudo htpasswd -B -c /etc/radicale/users fakeuser +ClientUSER@CLIENT:~$ sudo apt-get install apache2-utils +##### Put user "fakeuser" in a new "users" file +ClientUSER@CLIENT:~$ sudo htpasswd -B -c /etc/radicale/users fakeuser New password: Re-type new password: ##### Add another user -sudo htpasswd -B /etc/radicale/users user2 +ClientUSER@CLIENT:~$ sudo htpasswd -B /etc/radicale/users user2 New password: Re-type new password: ##### Install dependencies for bcrypt encryption method -sudo python3 -m pip install --upgrade passlib bcrypt +ClientUSER@CLIENT:~$ sudo python3 -m pip install --upgrade passlib bcrypt ``` -- Tell Radicale where to find users by editing the /etc/radicale/config file [remember, you installed Radicale as root with "sudo -H" above] in your Terminal +- Tell Radicale where to find users by editing the /etc/radicale/config file in your Terminal [assuming you installed Radicale as root with "sudo -H" above. If you installed as USER, edit ~/.config/radicale/config] - Add lines to [auth] section of config file - Note that your config file should already look finished (~200 lines), not empty ``` -sudo nano /etc/radicale/config +ClientUSER@CLIENT:~$ sudo nano /etc/radicale/config ##### Add these lines under relevant portions of [auth] section type = htpasswd -htpasswd_filename = /path/to/users +htpasswd_filename = /etc/radicale/users # encryption method used in the htpasswd file htpasswd_encryption = bcrypt ``` -- Add some safety limits to /etc/radicale/config file + - Add some safety limits to /etc/radicale/config file ``` ##### Add these lines under relevant portions of [server] section @@ -151,37 +160,40 @@ timeout = 10 delay = 1 ``` -## Test Configuration -- Run Radicale with our /etc/radicale/config file (rather than blank configuration file for Test Server) +## Test Configuration on Desktop Client +- Run Radicale with our /etc/radicale/config file (rather than blank configuration file used above for Test Server) ``` -##### Note that you may need to comment out some sections in /etc/radicale/config if this does not work first by adding a "#" before "[well-known]" and "[git]" if you see similar errors +##### Note that you may need to comment out some sections in /etc/radicale/config if this does not work +##### by adding a "#" before "[well-known]" and "[git]" if you see similar errors ##### ERROR: Invalid configuration: Invalid section 'well-known' in config -sudo -H python3 -m radicale --storage-filesystem-folder=~/.var/lib/radicale/collections +ClientUSER@CLIENT:~$ sudo -H python3 -m radicale ``` -- Return to browser, http://localhost:5232/ +- Return to browser on Desktop Client, http://localhost:5232/ - Authentication Required for localhost:5232, enter Username and Password and click "OK" - Username: fakeuser - Password: [password you gave to htpasswd] + - Try to login as FAKE, or wrongUser--this should now fail! -## Create second Calendar +## Create real Calendar -### Create calendar -- Click "Create new addressbook or calendar" +### Create real calendar +- Still in Desktop Client browser, click "Create new addressbook or calendar" - Enter a Calendar Title, Description, Type, and Color and click "Save" - - Title: fakeusercal01 + - Title: fakeusercalDAV01 - Description: fakeuser's /etc/radicale/config calendar - Type: calendar, journal and tasks [default] - Color: [default] + - You can edit these variables later - You are now returned to the Radicale "Collections" page in your browser - - Note that collection (Calendar) "fakeusercal01" has a URL, we will use this in our Calendar Client + - Note that collection (Calendar) "fakeusercalDAV01" has a URL, we will use this in our Calendar Client - URL: http://localhost:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ - - Note this URL is different from "First Radicale Test Calendar" (i.e., fakecal01) + - Note that this URL is different from "TB Radicale Test Calendar" (i.e., fakecalDAV01) -## Modify second Calendar in Thunderbird Calendar Client +## Modify real Calendar in Thunderbird Calendar Client -### Create New Calendar in Thunderbird +### Create New Calendar in Thunderbird (localhost) - Open Thunderbird - Authentication Required for localhost:5232, enter Username and Password - Username: fakeuser @@ -191,32 +203,224 @@ sudo -H python3 -m radicale --storage-filesystem-folder=~/.var/lib/radicale/coll - Select "On the Network" in the dialog box and click "Next" - Select a Format and Location and click "Next" - Format: CalDAV - - Location: Copy and paste fakeusercal01's URL (all of it) and add any "USERNAME@" before "localhost" - - e.g., http://fake@localhost:5232/fake/234e38a1-32eg-9e0x-e3tn-eut92930etae/ - - e.g., http://myusername@localhost:5232/fake/234e38a1-32eg-9e0x-e3tn-eut92930etae/ + - Location: Copy and paste fakeusercalDAV01's URL (all of it) + - i.e., http://localhost:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ + - At this stage, you could also add ***the username given to htpasswd*** as "USERNAME@" before "localhost" + - i.e., http://fakeuser@localhost:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ - Enter a Name, Color, and Thunderbird email account and click "Next" - - Name: Second Radicale Test Calendar (SRTC) - - Color: [color you would like to indicate an event on SRTC] + - Name: TB Real Radicale Calendar (TBRRTC) + - Color: [color you would like to indicate an event on TBRRTC] - Email: [default] - Click "Finish" -### Modify Second Radicale Test Calendar +### Modify TB Real Radicale Calendar - Click "Events and Tasks > New Event" - Select Title, Location, Start and End Time, and Calendar and click "Save and Close" - Title: Second New Event - Location: 123 Main Street - Start and End Time: 01 Jan 2000 15:00 to 01 Jan 2000 18:00 - - Calendar: Second Radicale Test Calendar + - Calendar: TB Real Radicale Calendar -Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to Second Radicale Test Calendar. Hopefully, "Second Radicale Test Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close." +Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to TB Real Radicale Calendar. Hopefully, "TB Real Radicale Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close." ### Verify Modification of CalDAV backend - Return to browser, http://localhost:5232/ -- Click URL for "fakeusercal01" and save .ics file +- Click URL for "fakeusercalDAV01" and save .ics file - Go to folder with .ics file and open .ics file _with a text editor_ -- Enjoy ~50 lines that represent your "Second New Event" in your "Second Radicale Test Calendar" +- Enjoy ~50 lines that represent your "Second New Event" in your "TB Real Radicale Calendar" -## Set Up Service -[Something confuses me here???] +## Set Up Radicale on Server +Your configuration files and authentication worked! Now let's install Radicale on the Server and push these config files to the Server. -## Serve Calendar to Public WWW (e.g., your computer outside home, your phone via cellular) \ No newline at end of file +## Install Radicale on Server +SSH from your Desktop Client to Server by opening a terminal and enter these commands: + +``` +ClientUSER@Client:~$ ssh ServerUSER@server.local.ip.address +``` + +### Install Dependencies + +``` +##### Install dependencies for Radicale +ServerUSER@Server:~$ sudo apt-get install python3-pip +##### Install dependencies for bcrypt encryption method +ServerUSER@Server:~$ sudo python3 -m pip install --upgrade passlib bcrypt +``` + +### Install Radicale + +``` +##### -H flag uses root's home rather than USER's home +ServerUSER@Server:~$ sudo -H python3 -m pip install --upgrade radicale +``` + +## Configure Server + +### Transfer files from Desktop Client to Server +Make /etc/radicale directory + +``` +ServerUSER@Server:~$ sudo mkdir /etc/radicale +``` + +Return to Terminal attached to Desktop Client + +``` +ClientUSER@Client:~$ sudo scp /etc/radicale/config ServerUSER@server.local.ip.address:/home/ServerUSER/radicale-config +ClientUSER@Client:~$ sudo scp /etc/radicale/config ServerUSER@server.local.ip.address:/home/ServerUSER/radicale-users +ClientUSER@Client:~$ sudo scp /var/lib/radicale/collections/collections-root ServerUSER@server.local.ip.address:/home/ServerUSER/radicale-collections-root +``` + +Return to SSH Terminal attached to Server, move the config and storage files to proper locations and change owner + +``` +ServerUSER@Server:~$ sudo mv /home/ServerUSER/radicale-config /etc/radicale/config +ServerUSER@Server:~$ sudo mv /home/ServerUSER/radicale-users /etc/radicale/users +ServerUSER@Server:~$ sudo mv /home/ServerUSER/radicale-collection-root /var/lib/radicale/collections/collection-root +ServerUSER@Server:~$ sudo chown root:root /etc/radicale/config +ServerUSER@Server:~$ sudo chown root:root /etc/radicale/users +ServerUSER@Server:~$ sudo chown -R radicale:radicale /var/lib/radicale/collections +``` + +### Edit files to allow SSL/TLS connections from other machines + +- HELP: I cannot make "hosts = 192.168.1.0:5232" or something restricted to local network! ??? + +``` +##### Open config file for editing +ServerUSER@Server:~$ sudo nano /etc/radicale/config +``` + +``` +##### Add these lines under relevant portions of [server] section where your router is 192.168.1.1 +hosts = 0.0.0.0:5232 +##### By setting ssl = True, Radicale no longer responds to HTTP requests. +ssl = True +certificate = /etc/ssl/radicale.cert.pem +key = /etc/ssl/radicale.key.pem +``` + +### Make a Self-Signed SSL/TLS Certificate to allow HTTPS connection to your Radical Service on Server + +``` +##### You can hit enter as an answer to all the questions to set the default except this one: +##### "Common Name (eg, YOUR name) []:" where you will enter your domain name or dns record +##### used for your development server, or in case of wildcard certificates, +##### use an astrisk, like this: *.mycompany.com +##### By using a self-signed certificate, your browser should warn you of this fact. +##### Confirm exception as you wish, but this exception is necessary to visit page. +ServerUSER@Server:~$ openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/radicale.key.pem -out /etc/ssl/radicale.cert.pem -x509 -days 365 + +Common Name (eg, YOUR name) []: developmentserver12345 + +``` + +### Set Up Service on Server to allow Radicale to run in background all the time + +``` +##### Create "radicale" user and group for Radicale service +ServerUSER@Server:~$ sudo useradd --system --home-dir / --shell /sbin/nologin radicale +##### Make storage folder writable by user "radicale" +ServerUSER@Server:~$ sudo mkdir -p /var/lib/radicale/collections +ServerUSER@Server:~$ sudo chown -R radicale:radicale /var/lib/radicale/collections +##### Make storage folder non-readable by others +ServerUSER@Server:~$ sudo chmod -R o= /var/lib/radicale/collections +``` + +Create the file /etc/systemd/system/radicale.service + +``` +ServerUSER@Server:~$ sudo nano /etc/systemd/system/radicale.service +``` + +Cut and paste and save the following into the /etc/systemd/system/radicale.service blank nano screen + +``` +[Unit] +Description=A simple CalDAV (calendar) and CardDAV (contact) server +After=network.target +Requires=network.target + +[Service] +ExecStart=/usr/bin/env python3 -m radicale +Restart=on-failure +User=radicale +# Deny other users access to the calendar data +UMask=0027 +# Optional security settings +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +NoNewPrivileges=true +ReadWritePaths=/var/lib/radicale/collections + +[Install] +WantedBy=multi-user.target + +``` + + +Start the Service Manually (Service will start automatically on failure and/or Server restart) +``` +# Enable the service +ServerUSER@Server:~$ sudo systemctl enable radicale +# Start the service +ServerUSER@Server:~$ sudo systemctl start radicale +# Check the status of the service +ServerUSER@Server:~$ sudo systemctl status radicale +# View all log messages +ServerUSER@Server:~$ sudo journalctl --unit radicale.service +``` + +## Modify real Calendar on Server from Thunderbird Calendar Client on Desktop Client + +### Create New Calendar in Thunderbird (192.168.1.20 Server) +- Return to Thunderbird + - Click "Events and Tasks > Calendar" + - Click "File > New > Calendar" [or right-click "Calendar Pane > Calendar List" area and select "New Calendar"] +- Select "On the Network" in the dialog box and click "Next" +- Select a Format and Location and click "Next" + - Format: CalDAV + - Location: Copy and paste fakeusercalDAV01's URL (all of it) + - i.e., https://192.168.1.20:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ + - Note that this URL is different from "TB Radicale Test Calendar" (i.e., fakecalDAV01) but identical to the "TB Real Radicale Calendar" (i.e., fakeusercalDAV01) + - At this stage, you could also add ***the username given to htpasswd*** "USERNAME@" before "localhost" + - i.e., https://fakeuser@localhost:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ +- Enter a Name, Color, and Thunderbird email account and click "Next" + - Name: TB to Server Real Radicale Calendar (TSRRC) + - Color: [color you would like to indicate an event on TSRRC] + - Email: [default] +- Click "Finish" + +### Modify TB to Server Real Radicale Calendar +- Click "Events and Tasks > New Event" + - Select Title, Location, Start and End Time, and Calendar and click "Save and Close" + - Title: Third New Event + - Location: 123 Main Street + - Start and End Time: 01 Jan 2000 15:00 to 01 Jan 2000 18:00 + - Calendar: TB to Server Real Radicale Calendar + +Hopefully, you do not see a yellow triangle with black "!" in "Calendar Pane > Calendar List" next to TB to Server Real Radicale Calendar. Hopefully, "TB to Server Real Radicale Calendar" text is not greyed out. Hopefully, no error message upon "Save and Close." + +### Verify Modification of CalDAV backend +- Return to browser, https://192.168.1.20:5232/ (assuming Server is 192.168.1.20) + - Authentication Required for 192.168.1.20:5232, enter Username and Password and click "OK" + - Username: fakeuser + - Password: [password you gave to htpasswd] + - Try to login as FAKE, or wrongUser--this should now fail! +- Click URL for "fakeusercalDAV01" and save .ics file +- Go to folder with .ics file and open .ics file _with a text editor_ +- Enjoy another ~50 lines that represent your "Third New Event" in your "TB to Server Real Radicale Calendar" + +# Serve Calendar to Public WWW (e.g., your computer outside home, your phone via cellular) + +Caveats: +- You need to properly configure port forwarding from your home router to your Server such that incoming requests on port 5232 are forwarded to port 5232 of your Server (192.168.1.20) +- You will need to know your public IP address +- You will not be able to test that your calendar at public IP address is accessible from ***INSIDE*** your local network unless your router allows NAT Loopback + - This also means that if you successfully access your CalDAV Server collection "fakeusercalDAV01" from ***inside*** your local network from your laptop (192.168.1.10) via a calendar client pointed at https://192.168.1.20:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ on Monday, this calendar client will not work ***outside*** your local network on Tuesday as the path to your calendar is different, e.g., https://your.public.IP.address:5232/fakeuser/775e38a1-32eg-9e0x-e3tn-fax92930uskl/ \ No newline at end of file