radicale and DAVdroid appeal to me. Let's try to make the whole thing work.
A self-signed SSL certificate
Update: use this method
instead, to avoid apache complaining that server certificate is a CA
certificate
.
Generating the certificate:
openssl req -nodes -x509 -newkey rsa:2048 -keyout cal-key.pem -out cal-cert.pem -days 3650 [...] Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Bologna Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:enricozini.org Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:cal.enricozini.org Email Address []:postmaster@enricozini.org
Installing it on my phone:
openssl x509 -in cal-cert.pem -outform DER -out cal-cert.crt adb push cal-cert.crt /mnt/sdcard/ enrico --follow-instructions http://davdroid.bitfire.at/faq/entry/importing-a-certificate
Installing radicale in my VPS
Update: there is already a new version of radicale available in Debian testing.
An updated radicale package, with this patch to make it work with DAVDroid:
apt-get source radicale # I reviewed 063f7de7a2c7c50de5fe3f8382358f9a1124fbb6 git clone https://github.com/Kozea/Radicale.git Move the python code from git to the Debian source dch -v 0.10~enrico-1 "Pulled in the not yet released 0.10 work from upstream" debuild -us -uc -rfakeroot
Install the package:
# dpkg -i python-radicale_0.10~enrico0-1_all.deb # dpkg -i radicale_0.10~enrico0-1_all.deb
Create a system user to run it:
# adduser --system --disabled-password radicale
Configure it (/etc/radicale/config
) for mod_wsgi
with auth done by Apache:
# For brevity, this is my config file with comments removed [storage] # Storage backend # Value: filesystem | multifilesystem | database | custom type = filesystem # Folder for storing local collections, created if not present filesystem_folder = /var/lib/radicale/collections [logging] config = /etc/radicale/logging
Create the wsgi file to run it:
# mkdir /srv/radicale # cat <<EOT > /srv/radicale/radicale.wsgi import radicale radicale.log.start() application = radicale.Application() EOT # chown radicale.radicale /srv/radicale/radicale.wsgi # chmod 0755 /srv/radicale/radicale.wsgi
Make radicale commit to git
# apt-get install python-dulwich # cd /var/lib/radicale/collections # git init # chown radicale.radicale -R /var/lib/radicale/collections/.git
Apache configuration
Add a new site to apache:
$ cat /etc/apache2/sites-available/cal.conf # For brevity, this is my config file with comments removed <IfModule mod_ssl.c> <VirtualHost *:443> ServerName cal.enricozini.org ServerAdmin enrico@enricozini.org Alias /robots.txt /srv/radicale/robots.txt Alias /favicon.ico /srv/radicale/favicon.ico WSGIDaemonProcess radicale user=radicale group=radicale threads=1 umask=0027 display-name=%{GROUP} WSGIProcessGroup radicale WSGIScriptAlias / /srv/radicale/radicale.wsgi <Directory /srv/radicale> # WSGIProcessGroup radicale # WSGIApplicationGroup radicale # WSGIPassAuthorization On AllowOverride None Require all granted </Directory> <Location /> AuthType basic AuthName "Enrico's Calendar" AuthBasicProvider file AuthUserFile /usr/local/etc/radicale/htpasswd Require user enrico </Location> ErrorLog{APACHE_LOG_DIR}/cal-enricozini-org-error.log LogLevel warn CustomLog{APACHE_LOG_DIR}/cal-enricozini-org-access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/cal.pem SSLCertificateKeyFile /etc/ssl/private/cal.key </VirtualHost> </IfModule>
Then enable it:
# a2ensite cal.conf # service apache2 reload
Create collections
DAVdroid seems to want to see existing collections on the server, so we create them:
$ apt-get install cadaver $ cat <<EOT > /tmp/empty.ics BEGIN:VCALENDAR VERSION:2.0 END:VCALENDAR EOT $ cat <<EOT > /tmp/empty.vcf BEGIN:VCARD VERSION:2.1 END:VCARD EOT $ cadaver https://cal.enricozini.org WARNING: Untrusted server certificate presented for `cal.enricozini.org': [...] Do you wish to accept the certificate? (y/n) y Authentication required for Enrico's Calendar on server `cal.enricozini.org': Username: enrico Password: **** dav:/> cd enrico/contacts.vcf/ dav:/> put /tmp/empty.vcf dav:/> cd ../calendar.ics/ dav:/> put /tmp/empty.ics dav:/enrico/calendar.ics/> ^D Connection to `cal.enricozini.org' closed.
DAVdroid configuration
- Add a new DAVdroid sync account
- Use server/username configuration
- For server, use https://
/ / - Add username and password
It should work.