Hosting your own CalDAV and CardDAV server using Baïkal Server
Setting up Baïkal server on Mavericks
This tip will show you how to host your own CardDAV and CalDAV server on your personal Mac. You can "sync" your contacts and calendars "locally." No need to use Apple's or any other third-party "cloud."
Credits
This user tip was created using Jérôme Schneider's Baïkal Server.
If you find this useful, throw a bone to Jerome using the Donate button at the bottom of his website page.
Caveats
- You must do this as an “admin” user on Mavericks.
- These instructions assume you are not already running an Apache2 Web Server on your Mac. If you are running a web server, you should be able to install this without my help. These instructions will install the web server as the main web server for your Mac.
- These instructions are for the client version of Mavericks. If you have OS X Server running, you should be able to do this much simpler.
- I use TextWrangler for editing the configuration files. You don’t need to use TextWrangler, but it makes some things much simpler. You must use the version on the Bare Bones website, not the version on the App Store. It will allow you to elevate your privileges to modify the necessary system files from within TextWrangler. Other text editors will not do this and you will have to set the privileges in the Finder. I am not going to tell you how to do this, so download TextWrangler and use it.
Considerations
- Your "server's" IP address may be changed by your router.
- Someone might create the same exact server as yours (IP address, Port, username/passwords).
Almost all routers can be configured to provide a static IP address to your attached devices. You should set up your router to provide a static IP address to the Mac that is acting as the server. Instead of the IP address, you can use the name given to your Mac. It can be found on the Sharing System Preferences under the computer name. It ends in .local. This will avoid the necessity to set up the router.
I would imagine the odds of this are rare, but it still could happen. To reduce the odds, use an IP address towards the middle of your allocation and/or change the port used (8443) to something that will not conflict with the Well known TCP and UDP ports used by Apple software products.
Instructions
- In this tip I will ask you to perform some commands in the Terminal. The commands will look like this:
unix command line
Installing the Server Code
- Download the Baïkal server from here: http://baikal-server.com. Choose the regular package.
- Open your downloads folder and double-click the downloaded tar file. For example: baikal-regular-0.2.6.tar It will expand into a folder. Mine was named baikal-regular.Inside that folder is a file called INSTALL.md. That is the primary source for this tip. This tip starts with section 3.2 - Installing Baïkal on a dedicated host.
- Move the Baïkal server folder to the WebServer folder.
- In Terminal,
- Or if using the Finder,
- Move the “baikal-regular” folder into this folder: /Library/WebServer/Documents It will ask you to “Authenticate” to make the move. Enter your admin user name and password.
- Rename the folder. Again, it will ask you to authenticate. I am going to use dav.baikal-server. If you use that, you can copy and paste the examples as given.If not, you'll have to modify the editing to reflect the name of your server folder.Whatever you choose, note the name as you will need it later, and stay away from special characters.
sudo mv ~/Downloads/baikal-regular /Library/WebServer/Documents/dav.baikal-server
If the folder is not called, "baikal-regular", then you will have to change it in the above command before running it.
- Create the "ENABLE_INSTALL" file in the Specific subfolder by using this command:
- Change the permissions on the baikal server folder by running this command in Terminal:
sudo touch /Library/WebServer/Documents/dav.baikal-server/Specific/ENABLE_INSTALL
sudo chown -Rf www:www /Library/WebServer/Documents/dav.baikal-server
You can check that the command worked correctly by viewing the permissions with this command:
ls -l /Library/WebServer/Documents/dav.baikal-server/
The result will look like this (note the _www _www entries):
-rw-r--r--@ 1 _www _www 106 Jul 7 09:56 ChangeLog.md
drwxr-xr-x@ 5 _www _www 170 Jul 7 16:38 Core
-rwxr-xr-x@ 1 _www _www 9223 Jul 7 09:41 INSTALL.md
-rwxr-xr-x@ 1 _www _www 35135 Jul 7 09:29 LICENSE.txt
-rwxr-xr-x@ 1 _www _www 1688 Jul 7 09:43 README.md
drwxr-xr-x@ 6 _www _www 204 Jul 7 16:38 Specific
-rwxr-xr-x@ 1 _www _www 2635 Jul 7 09:29 TROUBLESHOOTING.md
-rwxr-xr-x@ 1 _www _www 1062 Jul 7 09:29 UPGRADE.md
drwxr-xr-x@ 8 _www _www 272 Jul 7 16:38 html
drwxr-xr-x@ 6 _www _www 204 Jul 7 16:38 vendor
Set up the Web Server
- Open the web server configuration file (/etc/apache2/httpd.config):
- In Terminal,
- Or, open directly from TextWrangler.
- File menu, Open
- Check the Show hidden items checkbox
- Navigate to Macintosh HD > etc > apache2 folder and open httpd.conf
When you begin to edit the file, TextWrangler will ask if you want to unlock the file. Choose Unlock.
open -a TextWrangler.app /etc/apache2/httpd.conf
- Edit the configuration file.
- At approximately line 118, remove the # symbol from this line:
- At approximately line 154, you can add your email address if you want, but nobody is going to see it.
- At approximately line 163, remove the # symbol and set the server name to:
- At Approximately line 478, remove the # symbol from the front of this line:
- At Approximately line 492, remove the # symbol from the front of this line:
- Save the file and close. Authenticate when requested.
LoadModule php5_module libexec/apache2/libphp5.so
ServerName localhost:80
Include /private/etc/apache2/extra/httpd-vhosts.conf
Include /private/etc/apache2/extra/httpd-ssl.conf
- Open the Virtual Hosts config file:
- In Terminal,
- Or, Open With… TextWrangler.
- File menu, Open
- Check the Show hidden items checkbox
- Navigate to Macintosh HD > etc > apache2 > extra folder and open httpd-vhosts.conf
Choose Unlock when requested.
open -a TextWrangler.app /etc/apache2/extra/httpd-vhosts.conf
- Edit the Virtual Hosts Configuration File
- Comment out the NameVirtualHost *:80 line by putting a # character in front of it.
- Add another that looks like this (but don't comment it out):
- Add the following at the end of the file:
- Change dav.baikal-server (note that it appears twice) to whatever you chose in step 3. of Installing the Server Code.
NameVirtualHost *:8443
<VirtualHost *:8443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /private/etc/apache2/ssl/ssl.crt
SSLCertificateKeyFile /private/etc/apache2/ssl/ssl.key
ServerName dav.baikal-server
DocumentRoot "/Library/WebServer/Documents/dav.baikal-server/html"
</VirtualHost>
- Save the file and close; authenticate when requested.
- Open the SSL config file:
- In Terminal,
- Or, Open With… TextWrangler.
- File menu, Open
- Check the Show hidden items checkbox
- Navigate to Macintosh HD > etc > apache2 > extra folder and open httpd-ssl.conf
Choose Unlock when requested.
open -a TextWrangler.app /etc/apache2/extra/httpd-ssl.conf
- Edit the SSL Configuration File
- Approximately line 37, set the Listen line to:
- At approximately line 78-79, set your server name (you can make up your own as you won't be serving it out to the internet) and email (optional):
- At approximately line 117, change the SSLCertificate file to:
- At approximately line 125, change the SSLCertificate file to:
Listen 8443
ServerAdmin
SSLCertificateFile "/private/etc/apache2/ssl/ssl.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/ssl.key"
- Save the file and close; authenticate when requested.
Create Self-signed SSL Certificates
A self-signed certificate will be sufficient for this server as it will only be accessed by you. It will be valid for 365 days. You can repeat these steps to create a new one each year.
- Run the following commands in this order in Terminal:
- Create the certificate and key with this command:
- Make a directory for the SSL certificate. In Terminal, run this command:
- Copy the certificate and key to the ssl folder using these commands:
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr
This last command will ask for information to place in the certificate. Here are examples:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Florida
Locality Name (eg, city) []:Miami
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My House
Organizational Unit Name (eg, section) []:room
Common Name (e.g. server FQDN or YOUR name) []:www.myHouse.org
Email Address []:my.name@isp.com
Just hit return for challenge password and company name
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo mkdir /etc/apache2/ssl
sudo cp server.crt /etc/apache2/ssl/ssl.crt
sudo cp server.key /etc/apache2/ssl/ssl.key
After copying the key and certificate to your ssl folder, you can delete the files created in your home folder (server.crt, server.key, server.key.org, server.csr).
Start the Web Server (and your new CardDAV and CalDAV servers)
- In the Terminal, run this command:
- After fixing any problems, run this command:
apachectl configtest
If you do not get Syntax OK, it will state where there is a problem by file and line number. Fix them as per the instructions.
sudo apachectl start
Your server should now be running. Go to your browser and enter this address: https://localhost:8443
The browser should warn you that it cannot verify the identity of the server. You can view the certificate and see that it is yours. You can choose to trust it if you want.
You should be presented with the Baïkal Initialization Wizard page.
Initialize the Server
- Set the Time Zone and create an Admin password, then Save Changes.
- Leave the default database settings and click Save Changes.
- Click Start using Baïkal.
Add Users
- You should be on the Dashboard. Click the Users and resources link at the top of the page.
- Click the +Add user button
- Fill in the info and click Save changes
- Add additional users as desired.
Edit Calendars and Address Books
- Calendars
- In the Users list, select Calendars next to the user you want to edit.
- There is a default calendar created. You can change the name of it with the Edit button.
- You can also enable or disable Todos (Reminders).
- Click Save changes to save the Calendar.
- Contacts
- In the Users list, Select Address Books next to the user you want to edit.
- Edit the name and description as desired.
- Click Save changes to save the Address Book.
You can add additional Calendars and Address Books in each of the Edit pages.
Adding the Calendars and Address Books to your Mac
- Open Internet Accounts System Preferences.
- Click on Add Other Account…
- Select Add a CalDAV account and click Create…
- Set Account Type to Manual
- Enter the Username and Password that you added to Baïkal
- In the Server Address enter:
- Click Create.
- Edit the Description (this will show up in the sidebar).
- Check the Reminders box if desired (and available).
- Select Add a CardDAV account and click Create…
- Enter the Username and Password that you added to Baïkal
- In the Server Address enter:
- Click Create.
- Edit the Description (this will show up in the sidebar).
Note that these instructions are also in the INSTALL.md file in the Baïkal server folder.
For Calendars:
https://localhost/cal.php/principals/username
Change username to the name you created for the Baïkal user account.
Click Continue when it warns that it cannot verify the identity of the server.
For Contacts:
https://localhost/card.php/principals/username
Change username to the name you created for the Baïkal user account.
Click Continue when it warns that it cannot verify the identity of the server.
I found that after creating the account, I would get constant requests for password on the Internet Accounts System Prefs. It never works, just click Cancel and press on. You can still use the account.
Adding the Calendars and Address Books to your iOS devices
- Note the IP address or network name of your Mac that is hosting the Server.
- Using IP Address,
- Open Network System preferences.
- Select WiFi.
On the main page it will state:
Wi-Fi is connected to <your WiFi network name> and has the IP address <IP Address>.
Your IP Address will be in the form: 000.000.000.000. For example, 192.168.1.3.
- Using network name, Open Sharing System Preferences
Below the computer name field it will state:
Computers on your local network can access your computer at: which will be followed by the network name.
It will be in the form: Joes-Macbook-Pro.local
- Using IP Address,
- On your iOS device, Open Settings
- Select Mail, Contacts, Calendars
- Select Add Account
- Select Other
- Select Add CalDAV account
- Set the server to:
- Enter the username and password for the account you created.
- Enter a useful description.
- Touch Next
- It should verify and have Calendars and Reminders set on.
- Touch Save
- Select Add CardDAV account
- Set the server to:
- Enter the username and password for the account you created.
- Enter a useful description.
- Touch Next
- Touch Cancel when it states that it cannot use SSL.
- Touch OK
- Click Advanced Settings
- Set the Account URL to:
- Touch the Back button, then Next.
- Touch Save, and Save again.
Note that these instructions are also in the INSTALL.md file in the Baïkal server folder. However, the Contacts for iOS devices must be modified slightly.
These instructions were written with iOS 7. I don't have an iOS 6 device to create the step-by-step instructions.
In the remaining steps replace <ip address> with either the IP Address or network name found in step 1.
For Calendars:
https://<ip address>/cal.php/principals/username
For Contacts:
<ip address>/card.php
Note that there is no https:// and nothing after card.php
https://<ip address>:8443/card.php/principals/username
It will again warn that it can't use SSL. Touch Cancel, then OK
You should now be able to add contacts, calendar events, and reminders on all of your devices.