Host your own Radicale CalDAV and CardDAV

Suddenly Outlook.com started to block all incoming email from my domains (i forwarded).
After GMail, now outlook failed to be a trusted cloudbased service.
Since a lot of email was being bounced I needed to resolve the issue asap by hosting my own dovecot imap (following my own guide ^^ see other blog posts).
But what about my contacts and calendar? I liked the way my email integrated this. On OSX for example I need to have the contacts in the ‘contact’ app to function with the Mail.app, keeping them on outlook.com would seperate the two.
So I discovered Radicale, a simple Cal and CardDAV server.

Here is a quick guide to setting up and securing Radicale behind nginx and https and getting things working on iOS and OSX:

Step 1

First install and configure Radicale.

1
apt-get install radicale

Now change the /etc/radicale/config file to match this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[server]
hosts = 127.0.0.1:5232
ssl = False
base_prefix = /radicale/

[encoding]

request = utf-8
stock = utf-8

[auth]

type = None

[rights]

type = None

Don’t forget to enable the service in /etc/default/radicale
And restart the service and check if it’s running.

1
2
service radicale restart
service radicale status

Step 2

Configure nginx.
Add these locations to your server block, preferably an SSL TLS1.2 block like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
server {
listen 443 ssl;

ssl_certificate /etc/ssl/cybertim.net.crt;
ssl_certificate_key /etc/ssl/cybertim.net.key;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

server_name cybertim.net;

location /radicale {
try_files $uri @radicale;
}

location /.well-known/carddav {
try_files $uri @radicale;
}

location /.well-known/caldav {
try_files $uri @radicale;
}
}

The .well-known locations are needed for OSX Contact and Calendar to function. Those apps try to locate the dav services through this location else you will end up with a CoreDAVHTTPStatusErrorDomain error 405 error message.

Now add the @radicale block

1
2
3
4
5
6
7
8
9
10
location @radicale {
auth_basic "Radicale";
auth_basic_user_file /etc/nginx/.radicale;
proxy_pass http://localhost:5232;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

Don’t forget to add a .radicale htpasswd file.

1
2
3
4
5
6
7
# package needed to use htpasswd on debian
apt-get install apache2-utils

htpasswd -c /etc/nginx/.radicale username

# reload nginx
service nginx reload

Step 3

Setting up your apps.
You will need the following URLs on your iPhone (and Manual entry in Contacts and Calendar on OSX)
CalDAV:
domainname:443/radicale/username/calendar.ics/
CardDAV:
domainname:443/radicale/username/contacts.vcf/
For the username you can use anything you like.
There is also a credentials username and password box, there you fill in the password and username used with htpasswd.

Done :)
Oh, don’t forget to change the ‘push’ settngs on iOS, you will need to set the CalDAV and CardDAV accounts to ‘fetch’ and specify a fetch-time.