GNU/Linux | Setting Up a Shared Calendar on Debian Linux with Baïkal

I have been a long-time user of the Zimbra collaborative software, appreciating its web interface with email access and shared calendar features. Initially, there was a free and open-source version that served its purpose well, even if it became somewhat challenging to use and to update, it remained overall a good solution. However, with recent developments (since version 8.5) and various changes in ownership, the free edition has been completely abandoned. I therefore found myself looking for alternative solutions for the various modules (calendar, webmail, etc.).

This article will focus on setting up a shared calendar server. I'll show how to set up a shared calendar on GNU/Linux using the Baïkal server, which supports both CalDAV and CardDAV. Its web interface makes it easy to manage users, address books, and calendars.

The sqlite3 database is the perfect choice for a small amount of users.

Configuration:
- debian: 12 bookworm
- Baïkal: 0.10.0
- sqlite3: 3.40
- php: 8.2

And a big thank you to ByteHamster for making this product free and Open Source.

Baïkal Installation

Install prerequisites:

root@host:~# apt update && apt install apache2 php-fpm php-sqlite3 php-sabre-dav git sqlite3 unzip php libapache2-mod-php

Download the latest Baïkal release (check the official GitHub repository for the latest version https://github.com/sabre-io/Baikal/releases):

root@host:~# wget https://github.com/sabre-io/Baikal/releases/download/0.10.0/baikal-0.10.0.zip

Unzip and move the folder to /var/www/baikal/:

root@host:~# unzip baikal-0.10.0.zip
root@host:~# mv baikal /var/www/baikal

Set www-data as the owner of the folder:

root@host:~# chown -R www-data:www-data /var/www/baikal/

We will secure our connections with HTTPS, to do so we will need Let's Encrypt certificates or self signed certificates. Let's see how to do the second option:

root@host:~# mkdir /etc/apache2/ssl/

root@host:~# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/apache2/ssl/selfsigned.key -out /etc/apache2/ssl/selsigned.crt
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:The Elements Of A State
Locality Name (eg, city) []:City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:STD Corp
Organizational Unit Name (eg, section) []:STD Department
Common Name (e.g. server FQDN or YOUR name) []:baikal.std.rocks
Email Address []:baikal@std.rocks

root@host:~# cat /etc/apache2/ssl/selfsigned.key /etc/apache2/ssl/selsigned.crt > /etc/apache2/ssl/cert.pem

Enable apache2 rewrite and ssl modules:

root@host:~# a2enmod rewrite
root@host:~# a2enmod ssl

Edit the /etc/apache2/sites-available/000-default.conf configuration file:

<VirtualHost *:443>

    DocumentRoot /var/www/baikal/html
    ServerName baikal.std.rocks

    RewriteEngine On
    # Generally already set by global Apache configuration
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteRule /.well-known/carddav /dav.php [R=308,L]
    RewriteRule /.well-known/caldav  /dav.php [R=308,L]

    <Directory "/var/www/baikal/html">
        Options None
        # If you install cloning git repository, you may need the following
        Options +FollowSymlinks
        AllowOverride None
        # Configuration for apache-2.4:
        Require all granted
        # Configuration for apache-2.2:
        # Order allow,deny
        # Allow from all
    </Directory>

    <IfModule mod_expires.c>
        ExpiresActive Off
    </IfModule>

    SSLEngine On

    #AUTOGENERATE CERTIFICATES
    SSLCertificateFile    /etc/apache2/ssl/cert.pem
    SSLCertificateKeyFile /etc/apache2/ssl/selfsigned.key

    #LETS ENCRYPT CERTIFICATES
    #SSLCertificateFile /etc/letsencrypt/baikal.std.rocks/fullchain.pem
    #SSLCertificateKeyFile /etc/letsencrypt/baikal.std.rocks/privkey.pem
    #SSLCertificateChainFile /etc/letsencrypt/baikal.std.rocks/chain.pem
</VirtualHost>

Restart the apache2 service:

root@host:~# systemctl restart apache2

We can now move on to the Baïkal configuration.

Baïkal Configuration

Open a web browser and connect to the Baïkal web interface (https://IP_SERVER) to set the admin password:

Keep the default configuration and click Save changes:

Finally, click on Start using Baïkal:

The end of the Baïkal configuration wizard

Use the previously configured password and click Authenticate:

Baïkal web interface authentication access

To add users, click Users and Resources from the dashboard:

Then, click the Add User button:

Enter information for the new account and click Save changes:

The user is now created. Click on the Calendars button:

From here, you can add a calendar and obtain the URI information (which can be useful depending on the calendar client):

Calendar Clients Configuration

At this point, we have a working shared calendar server. Now, let's connect our clients. I'll demonstrate how to do it with Thunderbird, which has an integrated calendar, and the DAVx5 Android application, allowing synchronization with calendars on Android devices.

Thunderbird

Open Thunderbird and click the calendar button, then select New Calendar…:

Select On the Network and click the Next button:

Add the Username login and the URL https://IP_SERVER, then click Find Calendars:

Thunderbird create new calendar window with username and location text box

If you used a self-signed certificate, confirm the security exception:

Thunderbird Add security Exception window

Enter the password of the user previously created:

Thunderbird authentication required window

Finally, click on Subscribe to add the calendar:

Thunderbird Create New Calendar last step window

The shared calendar will appear:

Thunderbird main Calendar interface with shared calendar

DAVx5

Open the DAVx5 app and click on the plus symbol to add an account:

Select Connect with URL and enter the requested information:

As with Thunderbird, we will receive a warning about the certificate if it is self-signed. Just click Accept:

Finally, click on Create:

DAVx5 validate the account creation step

Upgrading Baïkal

Baïkal is a maintained software, so new versions become available as time goes by. Here, I'll explain how to update Baïkal while preserving user data. The first step, as usual for this kind of operation, will be to make a full backup of your system.

Stop the apache2 service:

root@host:~# systemctl stop apache2

Backup the sqlite3 database:

root@host:~# sqlite3 /var/www/baikal/Specific/db/db.sqlite ".backup 'backup.db.sqlite'"

Backup the baikal folder:

root@host:~# cp -a /var/www/baikal /var/www/$(date +%Y%m%d).baikal

Get the latest release (you can check here: https://github.com/sabre-io/Baikal/releases) of Baïkal and unzip it to /tmp/:

root@host:~# cd /tmp/ root@host:~# wget https://github.com/sabre-io/Baikal/releases/download/0.10.0/baikal-0.10.0.zip root@host:~# unzip baikal-0.10.0.zip

Copy the current config and Specific folders to /tmp/baikal:

root@host:~# cp -ra /var/www/baikal/config /tmp/baikal/ root@host:~# cp -ra /var/www/baikal/Specific /tmp/baikal/

Disable old baikal folder:

root@host:~# cd /var/www/ root@host:~# mv baikal baikal.OLD

Move the new version of baikal to /var/www/:

root@host:~# mv /tmp/baikal /var/www/

Restore www-data rights:

root@host:~# chown -R www-data:www-data /var/www/baikal/

Start apache service:

root@host:~# systemctl start apache2

Open the baikal web administration page (e.g. https://baikal.std.rocks/admin/install/) and click on Start the upgrade:

Baïkal upgrade wizard screen showing upgrade from version 0.9.5 to 0.10.0 with start upgrade and access admin buttons highlighted

Computing

Music

Misc

Setting Up a Shared Calendar on Debian Linux with Baïkal