From 8a18a4042ce62f937b2ea3ddb5e9e2e83ccd397b Mon Sep 17 00:00:00 2001 From: TiynGER Date: Mon, 20 Apr 2020 16:07:01 +0200 Subject: [PATCH] adding guide for radicale --- docker/docker-radicale/config | 133 ++++++++++++++++++++++++++ docker/docker-radicale/description.md | 21 +++- 2 files changed, 151 insertions(+), 3 deletions(-) create mode 100644 docker/docker-radicale/config diff --git a/docker/docker-radicale/config b/docker/docker-radicale/config new file mode 100644 index 0000000..4bae1bc --- /dev/null +++ b/docker/docker-radicale/config @@ -0,0 +1,133 @@ +# -*- mode: conf -*- +# vim:ft=cfg + +# Config file for Radicale - A simple calendar server +# +# Place it into /etc/radicale/config (global) +# or ~/.config/radicale/config (user) +# +# The current values are the default ones + + +[server] + +# CalDAV server hostnames separated by a comma +# IPv4 syntax: address:port +# IPv6 syntax: [address]:port +# For example: 0.0.0.0:9999, [::]:9999 +#hosts = 127.0.0.1:5232 +hosts = 0.0.0.0:5232 + +# Max parallel connections +#max_connections = 8 + +# Max size of request body (bytes) +#max_content_length = 100000000 + +# Socket timeout (seconds) +#timeout = 30 + +# SSL flag, enable HTTPS protocol +#ssl = False + +# SSL certificate path +#certificate = /etc/ssl/radicale.cert.pem + +# SSL private key +#key = /etc/ssl/radicale.key.pem + +# CA certificate for validating clients. This can be used to secure +# TCP traffic between Radicale and a reverse proxy +#certificate_authority = + +# SSL Protocol used. See python's ssl module for available values +#protocol = PROTOCOL_TLSv1_2 + +# Available ciphers. See python's ssl module for available ciphers +#ciphers = + +# Reverse DNS to resolve client address in logs +#dns_lookup = True + + +[encoding] + +# Encoding for responding requests +#request = utf-8 + +# Encoding for storing local collections +#stock = utf-8 + + +[auth] + +# Authentication method +# Value: none | htpasswd | remote_user | http_x_remote_user +type = htpasswd + +# Htpasswd filename +htpasswd_filename = /data/users + +# Htpasswd encryption method +# Value: plain | sha1 | ssha | crypt | bcrypt | md5 +# Only bcrypt can be considered secure. +# bcrypt and md5 require the passlib library to be installed. +htpasswd_encryption = bcrypt + +# Incorrect authentication delay (seconds) +#delay = 1 + +# Message displayed in the client when a password is needed +#realm = Radicale - Password Required + + +[rights] + +# Rights backend +# Value: none | authenticated | owner_only | owner_write | from_file +#type = owner_only + +# File for rights management from_file +#file = /etc/radicale/rights + + +[storage] + +# Storage backend +# Value: multifilesystem +#type = multifilesystem + +# Folder for storing local collections, created if not present +#filesystem_folder = /var/lib/radicale/collections +filesystem_folder = /data/collections + +# Delete sync token that are older (seconds) +#max_sync_token_age = 2592000 + +# Command that is run after changes to storage +# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s) +#hook = + + +[web] + +# Web interface backend +# Value: none | internal | radicale_infcloud +# (See also https://github.com/Unrud/RadicaleInfCloud) +type = internal + + +[logging] + +# Threshold for the logger +# Value: debug | info | warning | error | critical +#level = warning + +# Don't include passwords in logs +#mask_passwords = True + + +[headers] + +# Additional HTTP headers +#Access-Control-Allow-Origin = * diff --git a/docker/docker-radicale/description.md b/docker/docker-radicale/description.md index 0163f80..34996c1 100644 --- a/docker/docker-radicale/description.md +++ b/docker/docker-radicale/description.md @@ -2,7 +2,7 @@ This is a dockerized version of a radicale server. The official container and documentation was made by [tomsquest](https://hub.docker.com/r/tomsquest/docker-radicale). -The ```latest``` tag at the moment of writing this readme was corrupted. +The `latest` tag at the moment of writing this readme was corrupted. The last usable tag was used therefore to guarantee best performance for all users. ## Volumes @@ -10,8 +10,8 @@ Set the following volumes with the -v tag. | Volume-Name | Container mount | Description | | ---------------- | --------------- | --------------------------- | -| radicale_data | /data | storage for caldav | -| radicale_config | /config | storage for radicale config | +| radicale\_data | /data | storage for caldav | +| radicale\_config | /config | storage for radicale config | ## Ports Set the following ports with the -p tag. @@ -26,3 +26,18 @@ There are some special variables to set. | Flag | Usage | | ----------- | ---------------------------------------------------------------------- | | --read-only | make radicale read-only, caldav can still be changed and used normally | + +## Setup +After installation there are a few crucial steps to take to secure your calendars with a login. +It is important to change the config file which can be found in the docker volume with name `radicale_config` to match the `config`-file. + +Following this you need to make sure there is a password file in the docker volume `radicale_data` called `users`. +The password will be encrypted using `bcrypt`. +Steps to create a file with a user and password: +- You will have to install the package which includes `htpasswd`; for debian based distributions this is `apt install apache2-utils` +- `cd /var/lib/docker/volumes/radicale\_data/\_data` - go to the volume +- `touch ./users` - create a file called users +- `htpasswd -B ./users username` - add user with name and password to the file (change `username` to your desired username) + +Now you can go to the exposed port and login with your chosen username and password. +If you only added one user you shouldn't be able to login with any other data than your username and password.