Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##### Install dependencies for Radicale
- ServerUSER@Server:~$ sudo apt-get install python3-pip
- ##### Install dependencies for bcrypt encryption method
- ServerUSER@Server:~$ sudo python3 -m pip install --upgrade passlib bcrypt
- ##### -H flag uses root's home rather than USER's home
- ServerUSER@Server:~$ sudo -H python3 -m pip install --upgrade radicale
- ##### Put user "fakeuser" in a new "users" file
- ServerUSER@SERVER:~$ sudo htpasswd -B -c /etc/radicale/users fakeuser
- New password:
- Re-type new password:
- ##### Add another user
- ServerUSER@SERVER:~$ sudo htpasswd -B /etc/radicale/users user2
- New password:
- Re-type new password:
- ##### Install dependencies for bcrypt encryption method
- ServerUSER@SERVER:~$ sudo python3 -m pip install --upgrade passlib bcrypt
- ServerUSER@SERVER:~$ sudo nano /etc/radicale/config
- ##### Add these lines under relevant portions of [auth] section
- type = htpasswd
- htpasswd_filename = /etc/radicale/users
- # encryption method used in the htpasswd file
- htpasswd_encryption = bcrypt
- ##### Add these lines under relevant portions of [server] section
- max_connections = 20
- # 1 Megabyte
- max_content_length = 10000000
- # 10 seconds
- timeout = 10
- ##### Add these lines under relevant portions of [auth] section
- # Average delay after failed login attempts in seconds
- delay = 1
- ##### Add these lines under relevant portions of [server] section
- hosts = 0.0.0.0:5232
- ##### By setting ssl = True, Radicale no longer responds to HTTP requests.
- ssl = True
- certificate = /etc/ssl/radicale.cert.pem
- key = /etc/ssl/radicale.key.pem
- ##### You can hit enter as an answer to all the questions to set the default except this one:
- ##### "Common Name (eg, YOUR name) []:" where you will enter your domain name or dns record
- ##### used for your development server, or in case of wildcard certificates,
- ##### use an astrisk, like this: *.mycompany.com
- ##### By using a self-signed certificate, your browser should warn you of this fact.
- ##### Confirm exception as you wish, but this exception is necessary to visit page.
- ServerUSER@Server:~$ openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/radicale.key.pem -out /etc/ssl/radicale.cert.pem -x509 -days 365
- Common Name (eg, YOUR name) []: developmentserver12345
- ##### Create "radicale" user and group for Radicale service
- ServerUSER@Server:~$ sudo useradd --system --home-dir / --shell /sbin/nologin radicale
- ##### Make storage folder writable by user "radicale"
- ServerUSER@Server:~$ sudo mkdir -p /var/lib/radicale/collections
- ServerUSER@Server:~$ sudo chown -R radicale:radicale /var/lib/radicale/collections
- ##### Make storage folder non-readable by others
- ServerUSER@Server:~$ sudo chmod -R o= /var/lib/radicale/collections
- ServerUSER@Server:~$ sudo nano /etc/systemd/system/radicale.service
- [Unit]
- Description=A simple CalDAV (calendar) and CardDAV (contact) server
- After=network.target
- Requires=network.target
- [Service]
- ExecStart=/usr/bin/env python3 -m radicale
- Restart=on-failure
- User=radicale
- # Deny other users access to the calendar data
- UMask=0027
- # Optional security settings
- PrivateTmp=true
- ProtectSystem=strict
- ProtectHome=true
- PrivateDevices=true
- ProtectKernelTunables=true
- ProtectKernelModules=true
- ProtectControlGroups=true
- NoNewPrivileges=true
- ReadWritePaths=/var/lib/radicale/collections
- [Install]
- WantedBy=multi-user.target
- # Enable the service
- ServerUSER@Server:~$ sudo systemctl enable radicale
- # Start the service
- ServerUSER@Server:~$ sudo systemctl start radicale
- # Check the status of the service
- ServerUSER@Server:~$ sudo systemctl status radicale
- # View all log messages
- ServerUSER@Server:~$ sudo journalctl --unit radicale.service
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement