rss logo

Setting Up a Shared Calendar on Debian Linux with Baïkal

Baikal Logo Debian Logo Calendar Logo

I have been a long-time user of the Zimbra collaborative software, appreciating its web interface with email access and shared calendar features. Initially, there was a free and open-source version that served its purpose well, even if it became somewhat challenging to use and to update, it remained overall a good solution. However, with recent developments (since version 8.5) and various changes in ownership, the free edition has been completely abandoned. I therefore found myself looking for alternative solutions for the various modules (calendar, webmail, etc.).

This article will focus on setting up a shared calendar server. I'll show how to set up a shared calendar on GNU/Linux using the Baïkal server, which supports both CalDAV and CardDAV. Its web interface makes it easy to manage users, address books, and calendars.

The sqlite3 database is the perfect choice for a small amount of users.

  • Configuration:
    • debian: 12 bookworm
    • Baïkal: 0.9.5
    • sqlite3: 3.40
    • php: 8.2

And a big thank you to ByteHamster for making this product free and Open Source.

Baïkal Installation

  • Install prerequisites:
root@host:~# apt update && apt install apache2 php-fpm php-sqlite3 php-sabre-dav git sqlite3 unzip php libapache2-mod-php root@host:~# wget
  • Unzip and move the folder to /var/www/baikal/:
root@host:~# unzip root@host:~# mv baikal /var/www/baikal
  • Set www-data as the owner of the folder:
root@host:~# chown -R www-data:www-data /var/www/baikal/
  • We will secure our connections with HTTPS, to do so we will need Let's Encrypt certificates or autogenerate certificates. Let's see how to do the second option:
root@host:~# mkdir /etc/apache2/ssl/ root@host:~# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/apache2/ssl/selfsigned.key -out /etc/apache2/ssl/selsigned.crt ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]:The Elements Of A State Locality Name (eg, city) []:City Organization Name (eg, company) [Internet Widgits Pty Ltd]:STD Corp Organizational Unit Name (eg, section) []:STD Department Common Name (e.g. server FQDN or YOUR name) [] Email Address [] root@host:~# cat /etc/apache2/ssl/selfsigned.key /etc/apache2/ssl/selsigned.crt > /etc/apache2/ssl/cert.pem
  • Enable apache2 rewrite and ssl modules:
root@host:~# a2enmod rewrite root@host:~# a2enmod ssl
  • Edit the /etc/apache2/sites-available/000-default.conf configuration file:
<VirtualHost *:443> DocumentRoot /var/www/baikal/html ServerName RewriteEngine On # Generally already set by global Apache configuration #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule /.well-known/carddav /dav.php [R=308,L] RewriteRule /.well-known/caldav /dav.php [R=308,L] <Directory "/var/www/baikal/html"> Options None # If you install cloning git repository, you may need the following Options +FollowSymlinks AllowOverride None # Configuration for apache-2.4: Require all granted # Configuration for apache-2.2: # Order allow,deny # Allow from all </Directory> <IfModule mod_expires.c> ExpiresActive Off </IfModule> SSLEngine On #AUTOGENERATE CERTIFICATES SSLCertificateFile /etc/apache2/ssl/cert.pem SSLCertificateKeyFile /etc/apache2/ssl/selfsigned.key #LETS ENCRYPT CERTIFICATES #SSLCertificateFile /etc/letsencrypt/ #SSLCertificateKeyFile /etc/letsencrypt/ #SSLCertificateChainFile /etc/letsencrypt/ </VirtualHost>
  • Restart the apache2 service:
root@host:~# systemctl restart apache2

We can now move on to the Baïkal configuration.

Baïkal Configuration

  • Open a web browser and connect to the Baïkal web interface (https://IP_SERVER) to set the admin password:
The Baïkal initialization wizard page.
  • Keep the default configuration and click Save changes:
The Baïkal database setup web page
  • Finally, click on Start using Baïkal:
The end of the Baïkal configuration wizard
  • Use the previously configured password and click Authenticate:
Baïkal web interface authentication access
  • To add users, click Users and Resources from the dashboard:
Baïkal web interface dashboard page
  • Then, click the Add User button:
Baïkal web interface add users page
  • Enter information for the new account and click Save changes:
Baïkal web user creation page
  • The user is now created. Click on the Calendars button:
Baïkal web user creation page
  • From here, you can add a calendar and obtain the URI information (which can be useful depending on the calendar client):
Baïkal web user creation page

Calendar Clients Configuration

At this point, we have a working shared calendar server. Now, let's connect our clients. I'll demonstrate how to do it with Thunderbird, which has an integrated calendar, and the DAVx5 Android application, allowing synchronization with calendars on Android devices.


  • Open Thunderbird and click the calendar button, then select New Calendar…:
Thunderbird calendar main interface
  • Select On the Network and click the Next button:
Thunderbird create new calendar window
  • Add the Username login and the URL https://IP_SERVER, then click Find Calendars:
Thunderbird create new calendar window with username and location text box
  • If you used a self-signed certificate, confirm the security exception:
Thunderbird Add security Exception window
  • Enter the password of the user previously created:
Thunderbird authentication required window
  • Finally, click on Subscribe to add the calendar:
Thunderbird Create New Calendar last step window
  • The shared calendar will appear:
Thunderbird main Calendar interface with shared calendar


  • Open the DAVx5 app and click on the plus symbol to add an account:
DAVx5 Main interface
  • Select Connect with URL and enter the requested information:
DAVx5 add account interface
  • As with Thunderbird, we will receive a warning about the certificate if it is self-signed. Just click Accept:
DAVx5 certificate warning
  • Finally, click on Create:
DAVx5 validate the account creation step