Hosting your own CalDAV and CardDAV server using Baïkal Server

Setting up Baïkal server on Mavericks

This tip will show you how to host your own CardDAV and CalDAV server on your personal Mac. You can "sync" your contacts and calendars "locally." No need to use Apple's or any other third-party "cloud."

Credits

This user tip was created using Jérôme Schneider's Baïkal Server.

If you find this useful, throw a bone to Jerome using the Donate button at the bottom of his website page.

Caveats

• You must do this as an “admin” user on Mavericks.
• These instructions assume you are not already running an Apache2 Web Server on your Mac. If you are running a web server, you should be able to install this without my help. These instructions will install the web server as the main web server for your Mac.
• These instructions are for the client version of Mavericks. If you have OS X Server running, you should be able to do this much simpler.
• I use TextWrangler for editing the configuration files. You don’t need to use TextWrangler, but it makes some things much simpler. You must use the version on the Bare Bones website, not the version on the App Store. It will allow you to elevate your privileges to modify the necessary system files from within TextWrangler. Other text editors will not do this and you will have to set the privileges in the Finder. I am not going to tell you how to do this, so download TextWrangler and use it.

Considerations

• Your "server's" IP address may be changed by your router.

Almost all routers can be configured to provide a static IP address to your attached devices. You should set up your router to provide a static IP address to the Mac that is acting as the server. Instead of the IP address, you can use the name given to your Mac. It can be found on the Sharing System Preferences under the computer name. It ends in .local. This will avoid the necessity to set up the router.

• Someone might create the same exact server as yours (IP address, Port, username/passwords).

I would imagine the odds of this are rare, but it still could happen. To reduce the odds, use an IP address towards the middle of your allocation and/or change the port used (8443) to something that will not conflict with the Well known TCP and UDP ports used by Apple software products.

Instructions

• In this tip I will ask you to perform some commands in the Terminal. The commands will look like this:

unix command line

• You can triple-click those lines to select all, then copy the line and paste it into Terminal. If it doesn't run immediately indicated by a new line with the command prompt ending in '$', hit return and it will run the command.
• If the command starts with 'sudo', the first time it will likely warn you about using sudo, then ask for your password. You will not see anything when you type the password. Just type it in and hit return. 'sudo' temporarily elevates your privileges so that you can perform tasks as the root user. If you do several sudo commands within a short period of one-another, it won't ask for the password.
• Sometimes, I will offer two ways to perform the same action. You only have to perform one of the alternatives.

Installing the Server Code

1. Download the Baïkal server from here: http://baikal-server.com. Choose the regular package.
2. Open your downloads folder and double-click the downloaded tar file. For example: baikal-regular-0.2.6.tar
It will expand into a folder. Mine was named baikal-regular.Inside that folder is a file called INSTALL.md. That is the primary source for this tip. This tip starts with section 3.2 - Installing Baïkal on a dedicated host.
3. Move the Baïkal server folder to the WebServer folder.
   1. In Terminal,

   sudo mv ~/Downloads/baikal-regular /Library/WebServer/Documents/dav.baikal-server

   If the folder is not called, "baikal-regular", then you will have to change it in the above command before running it.

   2. Or if using the Finder,
      1. Move the “baikal-regular” folder into this folder: /Library/WebServer/Documents
      It will ask you to “Authenticate” to make the move. Enter your admin user name and password.
      2. Rename the folder. Again, it will ask you to authenticate.
      I am going to use dav.baikal-server. If you use that, you can copy and paste the examples as given.If not, you'll have to modify the editing to reflect the name of your server folder.Whatever you choose, note the name as you will need it later, and stay away from special characters.
4. Create the "ENABLE_INSTALL" file in the Specific subfolder by using this command:

sudo touch /Library/WebServer/Documents/dav.baikal-server/Specific/ENABLE_INSTALL

5. Change the permissions on the baikal server folder by running this command in Terminal:

sudo chown -Rf www:www /Library/WebServer/Documents/dav.baikal-server

You can check that the command worked correctly by viewing the permissions with this command:

ls -l /Library/WebServer/Documents/dav.baikal-server/

The result will look like this (note the _www _www entries):

-rw-r--r--@ 1 _www _www 106 Jul 7 09:56 ChangeLog.md

drwxr-xr-x@ 5 _www _www 170 Jul 7 16:38 Core

-rwxr-xr-x@ 1 _www _www 9223 Jul 7 09:41 INSTALL.md

-rwxr-xr-x@ 1 _www _www 35135 Jul 7 09:29 LICENSE.txt

-rwxr-xr-x@ 1 _www _www 1688 Jul 7 09:43 README.md

drwxr-xr-x@ 6 _www _www 204 Jul 7 16:38 Specific

-rwxr-xr-x@ 1 _www _www 2635 Jul 7 09:29 TROUBLESHOOTING.md

-rwxr-xr-x@ 1 _www _www 1062 Jul 7 09:29 UPGRADE.md

drwxr-xr-x@ 8 _www _www 272 Jul 7 16:38 html

drwxr-xr-x@ 6 _www _www 204 Jul 7 16:38 vendor

Set up the Web Server

1. Open the web server configuration file (/etc/apache2/httpd.config):
   1. In Terminal,

   open -a TextWrangler.app /etc/apache2/httpd.conf

   2. Or, open directly from TextWrangler.
      1. File menu, Open
      2. Check the Show hidden items checkbox
      3. Navigate to Macintosh HD > etc > apache2 folder and open httpd.conf
   When you begin to edit the file, TextWrangler will ask if you want to unlock the file. Choose Unlock.
2. Edit the configuration file.
   1. At approximately line 118, remove the # symbol from this line:

   LoadModule php5_module libexec/apache2/libphp5.so

   2. At approximately line 154, you can add your email address if you want, but nobody is going to see it.
   3. At approximately line 163, remove the # symbol and set the server name to:

   ServerName localhost:80

   4. At Approximately line 478, remove the # symbol from the front of this line:

   Include /private/etc/apache2/extra/httpd-vhosts.conf

   5. At Approximately line 492, remove the # symbol from the front of this line:

   Include /private/etc/apache2/extra/httpd-ssl.conf

   6. Save the file and close. Authenticate when requested.
3. Open the Virtual Hosts config file:
   1. In Terminal,

   open -a TextWrangler.app /etc/apache2/extra/httpd-vhosts.conf

   2. Or, Open With… TextWrangler.
      1. File menu, Open
      2. Check the Show hidden items checkbox
      3. Navigate to Macintosh HD > etc > apache2 > extra folder and open httpd-vhosts.conf
   Choose Unlock when requested.
4. Edit the Virtual Hosts Configuration File
   1. Comment out the NameVirtualHost *:80 line by putting a # character in front of it.
   2. Add another that looks like this (but don't comment it out):

   NameVirtualHost *:8443

   3. Add the following at the end of the file:

   <VirtualHost *:8443>

   SSLEngine on

   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

   SSLCertificateFile /private/etc/apache2/ssl/ssl.crt

   SSLCertificateKeyFile /private/etc/apache2/ssl/ssl.key

   ServerName dav.baikal-server

   DocumentRoot "/Library/WebServer/Documents/dav.baikal-server/html"

   </VirtualHost>

   4. Change dav.baikal-server (note that it appears twice) to whatever you chose in step 3. of Installing the Server Code.
5. Save the file and close; authenticate when requested.
6. Open the SSL config file:
   1. In Terminal,

   open -a TextWrangler.app /etc/apache2/extra/httpd-ssl.conf

   2. Or, Open With… TextWrangler.
      1. File menu, Open
      2. Check the Show hidden items checkbox
      3. Navigate to Macintosh HD > etc > apache2 > extra folder and open httpd-ssl.conf
   Choose Unlock when requested.
7. Edit the SSL Configuration File
   1. Approximately line 37, set the Listen line to:

   Listen 8443

   2. At approximately line 78-79, set your server name (you can make up your own as you won't be serving it out to the internet) and email (optional):

   ServerAdmin

   3. At approximately line 117, change the SSLCertificate file to:

   SSLCertificateFile "/private/etc/apache2/ssl/ssl.crt"

   4. At approximately line 125, change the SSLCertificate file to:

   SSLCertificateKeyFile "/private/etc/apache2/ssl/ssl.key"

8. Save the file and close; authenticate when requested.

Create Self-signed SSL Certificates

A self-signed certificate will be sufficient for this server as it will only be accessed by you. It will be valid for 365 days. You can repeat these steps to create a new one each year.

1. Run the following commands in this order in Terminal:

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

openssl rsa -passin pass:x -in server.pass.key -out server.key

rm server.pass.key

openssl req -new -key server.key -out server.csr

This last command will ask for information to place in the certificate. Here are examples:

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:Florida

Locality Name (eg, city) []:Miami

Organization Name (eg, company) [Internet Widgits Pty Ltd]:My House

Organizational Unit Name (eg, section) []:room

Common Name (e.g. server FQDN or YOUR name) []:www.myHouse.org

Email Address []:my.name@isp.com

Just hit return for challenge password and company name

2. Create the certificate and key with this command:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

3. Make a directory for the SSL certificate. In Terminal, run this command:

sudo mkdir /etc/apache2/ssl

4. Copy the certificate and key to the ssl folder using these commands:

sudo cp server.crt /etc/apache2/ssl/ssl.crt

sudo cp server.key /etc/apache2/ssl/ssl.key

After copying the key and certificate to your ssl folder, you can delete the files created in your home folder (server.crt, server.key, server.key.org, server.csr).

Start the Web Server (and your new CardDAV and CalDAV servers)

1. In the Terminal, run this command:

apachectl configtest

If you do not get Syntax OK, it will state where there is a problem by file and line number. Fix them as per the instructions.

2. After fixing any problems, run this command:

sudo apachectl start

Your server should now be running. Go to your browser and enter this address: https://localhost:8443

The browser should warn you that it cannot verify the identity of the server. You can view the certificate and see that it is yours. You can choose to trust it if you want.

You should be presented with the Baïkal Initialization Wizard page.

Initialize the Server

1. Set the Time Zone and create an Admin password, then Save Changes.
2. Leave the default database settings and click Save Changes.
3. Click Start using Baïkal.

Add Users

1. You should be on the Dashboard. Click the Users and resources link at the top of the page.
2. Click the +Add user button
3. Fill in the info and click Save changes
4. Add additional users as desired.

Edit Calendars and Address Books

1. Calendars
   1. In the Users list, select Calendars next to the user you want to edit.
   2. There is a default calendar created. You can change the name of it with the Edit button.
   3. You can also enable or disable Todos (Reminders).
   4. Click Save changes to save the Calendar.
2. Contacts
   1. In the Users list, Select Address Books next to the user you want to edit.
   2. Edit the name and description as desired.
   3. Click Save changes to save the Address Book.

You can add additional Calendars and Address Books in each of the Edit pages.

Adding the Calendars and Address Books to your Mac

Note that these instructions are also in the INSTALL.md file in the Baïkal server folder.

1. Open Internet Accounts System Preferences.
2. Click on Add Other Account…

For Calendars:

1. Select Add a CalDAV account and click Create…
2. Set Account Type to Manual
3. Enter the Username and Password that you added to Baïkal
4. In the Server Address enter:

https://localhost/cal.php/principals/username

Change username to the name you created for the Baïkal user account.

5. Click Create.

Click Continue when it warns that it cannot verify the identity of the server.

6. Edit the Description (this will show up in the sidebar).
7. Check the Reminders box if desired (and available).

For Contacts:

1. Select Add a CardDAV account and click Create…
2. Enter the Username and Password that you added to Baïkal
3. In the Server Address enter:

https://localhost/card.php/principals/username

Change username to the name you created for the Baïkal user account.

4. Click Create.

Click Continue when it warns that it cannot verify the identity of the server.

5. Edit the Description (this will show up in the sidebar).

I found that after creating the account, I would get constant requests for password on the Internet Accounts System Prefs. It never works, just click Cancel and press on. You can still use the account.

Adding the Calendars and Address Books to your iOS devices

Note that these instructions are also in the INSTALL.md file in the Baïkal server folder. However, the Contacts for iOS devices must be modified slightly.

These instructions were written with iOS 7. I don't have an iOS 6 device to create the step-by-step instructions.

1. Note the IP address or network name of your Mac that is hosting the Server.
   1. Using IP Address,
      1. Open Network System preferences.
      2. Select WiFi.

      On the main page it will state:

      Wi-Fi is connected to <your WiFi network name> and has the IP address <IP Address>.

      Your IP Address will be in the form: 000.000.000.000. For example, 192.168.1.3.

   2. Using network name, Open Sharing System Preferences

      Below the computer name field it will state:

      Computers on your local network can access your computer at: which will be followed by the network name.

      It will be in the form: Joes-Macbook-Pro.local

In the remaining steps replace <ip address> with either the IP Address or network name found in step 1.

2. On your iOS device, Open Settings
3. Select Mail, Contacts, Calendars
4. Select Add Account
5. Select Other

For Calendars:

1. Select Add CalDAV account
2. Set the server to:

https://<ip address>/cal.php/principals/username

3. Enter the username and password for the account you created.
4. Enter a useful description.
5. Touch Next
6. It should verify and have Calendars and Reminders set on.
7. Touch Save

For Contacts:

1. Select Add CardDAV account
2. Set the server to:

<ip address>/card.php

Note that there is no https:// and nothing after card.php

3. Enter the username and password for the account you created.
4. Enter a useful description.
5. Touch Next
6. Touch Cancel when it states that it cannot use SSL.
7. Touch OK
8. Click Advanced Settings
9. Set the Account URL to:

https://<ip address>:8443/card.php/principals/username

10. Touch the Back button, then Next.

It will again warn that it can't use SSL. Touch Cancel, then OK

11. Touch Save, and Save again.

You should now be able to add contacts, calendar events, and reminders on all of your devices.