How to set up a private Calendar and Contacts server (Radicale) on Ubuntu 14.04 LTS

In this Server Tutorial we will set up Radicale, a CalDav and CardDav server thats work out-of-the-box, on a Ubuntu (Debian Linux) Machine. We will use htpasswd (SHA1) authentication with SSL.

Tutorial summary:
* Install Radicale using Ubuntu's package manager.
* Configure Radicale:
- with CalDav and CardDav support.
- with user authentication using htpasswd (SHA1 encryption).
- with secured SSL connections (self signed)
* Start Radicale and see if it works.

First of all, bring up your terminal by pressing CTRL+T.

sudo apt-get install radicale

Files and Directories:

* /etc/default/radicale (file) - startup settings
* /etc/radicale/config (file) - configuration file
* /etc/radicale/users (file) - your htpasswd file storing your usernames and passwords
* /var/lib/radicale (directory) - radicale library, find the iCalendar files in collections directory here
* /etc/radicale/ssl (directory) - SSL files
* /var/log/radicale (directory) - log files

Configure Radicale:

Once downloaded and installed, you will get a message saying:

* Not starting radicale, disabled via /etc/default/radicale

So go and edit that file:

sudo nano /etc/default/radicale

If your are using Ubuntu Desktop and prefer the graphical way, replace "nano" with "gedit" and do so in all future commands.

Un comment the line:

#ENABLE_RADICALE=yes

by removing the "#".

This will just enable radicale, not start it. You can skip this step and enable it at the end, but we will do it now.

Edit the config file /etc/radicale/config

sudo nano /etc/radicale/config

and configure it to your needs or simply follow mine:

# -*- mode: conf -*-
# vim:ft=cfg

# Config file for Radicale - A simple calendar server
#
# Place it into /etc/radicale/config (global) 
# or ~/.config/radicale/config (user)
#
# The commented out values are the defaults.


[server]
# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# IPv6 adresses are configured to only allow IPv6 connections
hosts = 0.0.0.0:5232
# Daemon flag
daemon = True
# File storing the PID in daemon mode
#pid =
# SSL flag, enable HTTPS protocol
ssl = True
# SSL certificate path
certificate = /etc/radicale/ssl/server.crt
# SSL private key
key = /etc/radicale/ssl/server.key
# Reverse DNS to resolve client address in logs
#dns_lookup = True
# Root URL of Radicale (starting and ending with a slash)
base_prefix = /
# Message displayed in the client when a password is needed
realm = Radicale - Authetication Required


[encoding]
# Encoding for responding requests
request = utf-8
# Encoding for storing local collections
stock = utf-8


[auth]
# Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http
type = htpasswd

# Usernames used for public collections, separated by a comma
public_users = public
# Usernames used for private collections, separated by a comma
private_users = private

# Htpasswd filename
htpasswd_filename = /etc/radicale/users
# Htpasswd encryption method
# Value: plain | sha1 | crypt
htpasswd_encryption = sha1

# LDAP server URL, with protocol and port
#ldap_url = ldap://localhost:389/
# LDAP base path
#ldap_base = ou=users,dc=example,dc=com
# LDAP login attribute
#ldap_attribute = uid
# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
# leave empty if no additional filter is needed
#ldap_filter =
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
#ldap_binddn =
# LDAP password for initial login, used with ldap_binddn
#ldap_password =
# LDAP scope of the search
#ldap_scope = OneLevel

# IMAP Configuration
#imap_hostname = localhost
#imap_port = 143
#imap_ssl = False

# PAM group user should be member of
#pam_group_membership =

# Path to the Courier Authdaemon socket
#courier_socket =

# HTTP authentication request URL endpoint
#http_url =
# POST parameter to use for username
#http_user_parameter =
# POST parameter to use for password
#http_password_parameter =


[rights]
# Rights management method
# Value: None | owner_only | owner_write | from_file
type = owner_only

# File for rights management from_file
file = /etc/radicale/rights


[storage]
# Storage backend
# Value: filesystem | database
type = filesystem

# Folder for storing local collections, created if not present
filesystem_folder = /var/lib/radicale/collections

# Database URL for SQLAlchemy
# dialect+driver://user:password@host/dbname[?key=value..]
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine
#database_url =


[logging]
# Logging configuration file
# If no config is given, simple information is printed on the standard output
# For more information about the syntax of the configuration file, see:
# http://docs.python.org/library/logging.config.html
config = /etc/radicale/logging
# Set the default logging level to debug
debug = False
# Store all environment variables (including those set in the shell)
full_environment = False


# Additional HTTP headers
#[headers]
#Access-Control-Allow-Origin = *

Create Users:

Now your server is configured with htpasswd authentication so let's add your first user (testuser).

To do this, you will need the apache2-utils package (but you probably already have it installed). If you don't have it installed, install it by performing:

sudo apt-get install apache2-utils

We will now use the htpasswd tool included in this package:

sudo htpasswd -cs /etc/radicale/users testuser

Command summary:
-c will create the file (if it not exists) but it will overwrite the file if it already exists, so only use this argument THE FIRST TIME you create your first user.

-s will use the SHA1 encryption. (change this if you wan't to use another encryption method (change it in your config file as well). Ex: If you use crypt() encryption, use -cd).

/etc/radicale/users - the file location for the htpasswd file (must be the same as in your config (htpasswd_filename key))

testuser - the name of the user.

You will now enter a password for your user (testuser). Enter it two times to confirm. The password will be encrypted with SHA1 encryption.

NOTE: As I said, the argument (-c) will overwrite the file and you should only use this when you are creating your very first user. To add more users later, use this command:

sudo htpasswd -s /etc/radicale/users testuser2

Setting up SSL:

To setup SSL connection you will need to generate a certificate. We will use a self-signed certificate so clients may warn you about untrusted connections when contacting your server.

First, create a directory

sudo mkdir /etc/radicale/ssl

(Because I used this location in my config file)

Generate your key:

sudo openssl genrsa -out /etc/radicale/ssl/server.key 1024

and your certificate:

sudo openssl req -new -x509 -days 365 -key /etc/radicale/ssl/server.key -out /etc/radicale/ssl/server.crt

Make sure the file locations match the ones in your config file.
Enter the information you wan't to provide in your certificate.

Starting Radicale

Finally, start radicale:

sudo service radicale start

(replace "start" with "restart" or "stop" if you wan't to do what the words are saying.)

Make sure it works

Make sure everything works by viewing the url in your browser:

https://<server>:5232/
(could possibly be https://localhost:5232/)

Then login in with one of your users created with htpasswd (testuser), if you get the message - "radicale works" you can start playing with a client.