summaryrefslogtreecommitdiff
path: root/src/_posts/2016-11-24-freebsd-mailserver-calendars-and-contacts.md
blob: 0e7d953b509a5bde63c0df72b9f04c259ac78589 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
---
title: "FreeBSD email server - Part +: Calendars and contacts"
date: 2016-11-24 08:26:09
tags: Tutorial FreeBSD Email CalDAV CardDAV
layout: post
---

This guide is an addition to the [FreeBSD email server series][tutorial-email].
It is not required for your email server to operate properly, but it is often
considered a very important feature for those who want to switch from a third
party email provider to their own solution. It does build upon the completed
series, so be sure to work through that before starting on this.

## Install required packages
{% highlight sh %}
pkg install py27-radicale
{% endhighlight %}

## Configure Radicale
### /usr/local/etc/radicale/config
Open up the `/usr/local/etc/radicale/config` file, and update each `[block]`.

#### [server]
The server is binding to `localhost` only. This way it is not accessible on
`:5232` from outside the server. Outside access will be provided through an
nginx reverse proxy instead.

{% highlight ini %}
hosts = 127.1:5232
daemon = True

dns_lookup = True

base_prefix = /
can_skip_base_prefix = False

realm = Radicale - Password required
{% endhighlight %}

#### [encoding]
{% highlight ini %}
request = utf-8
stock = utf-8
{% endhighlight %}

#### [auth]
{% highlight ini %}
type = IMAP

imap_hostname = localhost
imap_port = 143
imap_ssl = False
{% endhighlight %}

#### [storage]
{% highlight ini %}
type = filesystem
filesystem_folder = /usr/local/share/radicale
{% endhighlight %}

#### [logging]
{% highlight ini %}
config = /usr/local/etc/radicale/logging
{% endhighlight %}

### /usr/local/etc/radicale/logging
This file is fine on the defaults in FreeBSD 11. This saves you from
configuring a little bit.

## Configure Dovecot
### Enable imap
This option was disabled in the [IMAP server tutorial][tutorial-email],
however, if we want to auth using the same credentials as the mailserver, this
option is needed again. Bind it to `localhost`, so it can only be used
internally. In `/usr/local/etc/dovecont/conf.d/10-master.conf`, enable the
`imap` port again:

```
...
service imap-login {
    inet_listener imap {
        address = 127.1
        port = 143
    }
    ...
}
...
```

## Configure nginx
To make using the service easier, you can setup [nginx][nginx] to act as a
reverse proxy. If you followed the [webserver tutorial][tutorial-webserver],
you already have the basics for this set up. I do recommend you check this out,
as I will only explain how to configure a virtual host to deal with the reverse
proxy here.

### Setup a reverse proxy
Assuming you have taken the crash-course in setting up the nginx webserver, you
can attain a reverse proxy using the following config block. Note that this block
only does HTTPS, as I use HTTP only to redirect to HTTPS.

{% highlight nginx %}
# static HTTPS
server {
    # listeners
    listen       443 ssl;
    server_name  radicale.domain.tld;

    # enable HSTS
    add_header  Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

    # keys
    ssl_certificate      /usr/local/etc/letsencrypt/live/domain.tld/fullchain.pem;
    ssl_certificate_key  /usr/local/etc/letsencrypt/live/domain.tld/privkey.pem;

    # / handler
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.1:5232;
    }
}
{% endhighlight %}

## Enable the service at startup
{% highlight sh %}
echo 'radicale_enable="YES"' >> /etc/rc.conf.local
{% endhighlight %}

## Start the server
{% highlight sh %}
service radicale start
{% endhighlight %}

[nginx]: https://www.nginx.com/
[tutorial-email]: {{ "/post/2016/10/31/freebsd-mailserver-part-1-preparations/" | prepend: site.baseurl }}
[tutorial-webserver]: {{ "/post/2016/10/25/setup-nginx-with-lets-encrypt-ssl/" | prepend: site.baseurl }}