cardDAV and calDAV server
Access on android clients with DAVx5, linux with pimsync
Relevant config with htpasswd auth
/etc/radicale/config
[auth] type = htpasswd htpasswd_filename = /etc/radicale/users htpasswd_encryption = autodetect cache_logins = true cache_successful_logins_expiry = 30 [rights] type = from_file file = /etc/radicale/rights [storage] filesystem_folder = /var/lib/radicale/collections
Create a new htpasswd file with the user “user1” using SHA-512 as hash method
htpasswd -B -c /path/to/users user1
Add another user
htpasswd -B /path/to/users user2
Reverse proxy with mTLS (client certificate) auth
server { listen 443 ssl; listen [::]:443 ssl; server_name dav.ctq.ro; client_max_body_size 100M; log_not_found on; ## "well-known" redirect rewrite ^/.well-known/carddav /radicale/ redirect; rewrite ^/.well-known/caldav /radicale/ redirect; ## Base URI: /radicale/ location /radicale/ { if ($ssl_client_verify != SUCCESS) { return 418; } proxy_pass http://localhost:5232; proxy_set_header X-Script-Name /radicale; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_pass_header Authorization; } # client certificate ssl_client_certificate /etc/ssl/orion-ca/ca.crt; ssl_verify_client optional; # orion config set include orion/orion.conf; ssl_certificate /etc/letsencrypt/live/ctq.ro/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/ctq.ro/privkey.pem; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot }
Alternative auth method
Untested
login through PAM with python3-pampy, need to add radicale to shadow with usermod -aG radicale shadow