[Improvement] Documentation for using radicale

[mirtouf]

Bonsoir,

the use of radicale with its own embedded web server (for version < 2.0) is not reliable because of its technological limitation (no support of http 1.1, limitation on ciphers, etc.) and it is better to use a proxy server like nginx.
I suggest to add on the documentation of radicale extension:

1. Stop of radicale service and disabling the service
2. Editing the following files:

config of radicale (most important parts) for radicale 1.1.1 (debian stretch)

[auth]

# Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
type = IMAP

# IMAP Configuration
imap_hostname = localhost
imap_port = 143
imap_ssl = False

[rights]

# Rights backend
# Value: None | authenticated | owner_only | owner_write | from_file | custom
type = from_file

# Custom rights handler
#custom_handler =

# File for rights management from_file
file = /etc/radicale/rights

/etc/uwsgi/apps-enabled/radicale.ini

[uwsgi]
plugins = http, python
uid = radicale
gid = www-data
wsgi-file = /home/modoboa/radicale/radicale.wsgi

wsgi file

#!/usr/bin/env python

import radicale

radicale.log.start()
application = radicale.Application()

nginx config file

server {
    listen         80;
    server_name    dav.mondomaine.tld;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443 ssl http2;
    server_name     dav.mondomaine.tld;
    root            /home/modoboa/radicale/;
    index           index.html index.htm;

    ssl on;
    ssl_certificate      /etc/ssl/certificat.crt;
    ssl_certificate_key  /etc/ssl/domaine.key;

    add_header      X-Frame-Options deny;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
    }
}

3. Adjusting modoboa setup accordingly for generating the rights file.

It is a quick & dirty setup but at least it seems to work flawlessly and was already foreseen:
http://librelist.com/browser//radicale/2015/6/22/radicale-authentication-behind-nginx/#895151c553a959a0473b97932d8a944c

By the way, is modoboa compatible with radicale > 2.0 ? The recommended usage for these versions is using a web proxy and radicale content was modularized (IMAP support is not out of the box).

[tonioo]

@mirtouf I'm currently working on a new version of the radicale plugin (with an embedded calendar within modoboa) which relies on Radicale2. Once done, I'll complete the installer to make it setup Radicale like you said and maybe add some documentation too. Check the https://github.com/modoboa/modoboa-radicale/tree/feature/user_calendar branch for more information.

[mirtouf]

Hi,
Is it possible to have a list of modules to be installed for radicale (or the proper manual way for enabling the calendar) ?
I am struggling to find the reason for my 403 error in radicale (debug is not very useful) or error 500 with modoboa as I get the inspiration through the modoboa installer.

[tonioo]

@mirtouf Sure. First, you need Radicale > 2 (python3 only). Then, we use a specific storage backend and a specific authentication backend. Finally, make sure the cron job which generates the rights file is active. (see config template here)

[mirtouf]

I installed radicale and the backends through Pypi, can it be the cause of failures ?
Would you mind giving me also the permissions and ownership of the collection files ?

[tonioo]

Sorry, you need to install the storage backend from the github repository. The collections belong to the radicale user and there is nothing special about the permission. Have you checked your rights file?

…

On 09/04/2018 14:37, mirtouf wrote: I installed the backends through Pypi, can it be the cause of failures ? Would you mind giving me also the permissions and ownership of the collection files ? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#16 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAgc7lwYMXc5k4BtAI9ShyCJzoXLSYwXks5tm1X6gaJpZM4P8i8V>.

[mirtouf]

I will check the rights file but I am using modoboa's cronjob for generating the file with no other change.
What is the way for installing the storage backend without Pypi ?
Thanks for the information.

[tonioo]

pip install -e git+https://github.com/tonioo/RadicaleStorageByIndex#egg=radicale-storage-by-index

[mirtouf]

Is the modified version installable for the whole system or did I miss something with pip3 ?

pip3 install -I --target=/usr/local/lib/python3.5/dist-packages -e git+https://github.com/tonioo/RadicaleStorageByIndex#egg=radicale-storage-by-index
Obtaining radicale-storage-by-index from git+https://github.com/tonioo/RadicaleStorageByIndex#egg=radicale-storage-by-index
  Cloning https://github.com/tonioo/RadicaleStorageByIndex to ./src/radicale-storage-by-index
Collecting radicale (from radicale-storage-by-index)
Collecting vobject (from radicale->radicale-storage-by-index)
Collecting python-dateutil>=2.4.0 (from vobject->radicale->radicale-storage-by-index)
  Using cached python_dateutil-2.7.2-py2.py3-none-any.whl
Collecting six>=1.5 (from python-dateutil>=2.4.0->vobject->radicale->radicale-storage-by-index)
  Using cached six-1.11.0-py2.py3-none-any.whl
Installing collected packages: six, python-dateutil, vobject, radicale, radicale-storage-by-index
  Running setup.py develop for radicale-storage-by-index
    Complete output from command /usr/bin/python3 -c "import setuptools, tokenize;__file__='/root/src/radicale-storage-by-index/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" develop --no-deps --home=/tmp/tmpm5i_f0fo:
    usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
       or: -c --help [cmd1 cmd2 ...]
       or: -c --help-commands
       or: -c cmd --help
    
    error: option --home not recognized
    
    ----------------------------------------
Command "/usr/bin/python3 -c "import setuptools, tokenize;__file__='/root/src/radicale-storage-by-index/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" develop --no-deps --home=/tmp/tmpm5i_f0fo" failed with error code 1 in /root/src/radicale-storage-by-index/

In case I want to debug the error 500 I get when trying to create a calendar ( api/v1/user-calendars/ ), what should I check first ?

radicale user is running the self-named process and in 10-master.conf of dovecot I have:

  unix_listener /run/dovecot/auth-radicale {
   mode = 0666
   user = radicale
   group = radicale
  }

[mirtouf]

After increasing verbosity of radicale, it seems the rights file is not being updated as it should.
May I have an example ?
Is this section correct ?

# Read/Write permission for calendar owners
[owners-access]
user = .+
collection = %(login)s(/.*)?
permission = rw

the radicale log contains:

DEBUG: Rule 'mirtouf@mirtouf.fr':'' doesn't match '.+':'mirtouf\\@mirtouf\\.fr(/.*)?' from section 'owners-access'

modoboa and its modules are up to date.