Gmail Carddav Settings
A while back I wrote a post about paranoia in which I was considering allowing Google or Apple to manage things like my calendar and contacts. Since then, I have reequipped my paranoia hat. This week I setup my own WebDAV, CalDAV, and CardDAV servers and secured them behind an nginx proxy which provides SSL encryption and HTTP authentication.
Notes:
The quick and dirty fix is probably to simply remove your Gmail account completely from Mail, Contacts & Calendar, restart your device, and then start over. If you don't want to do that, and suspect that the problem started when you started using Authenticator, then why not change your settings and revert temporarily to using SMS on the phone? Wait as the system removes your account data from your iPhone or iPad. Repeat the process to remove multiple accounts, if necessary. For example, some people may have separate CardDAV, CalDAV. I am seeing a problem with syncing contacts between BB10 phones (Z30, Z10) and Gmail. These problems are occurring with more than one Gmail account. In two cases when a new sync was attempted, only 140 out of 1200 contacts were brought into a Z30 from Gmail. On a Z10, with a different Gmail account, I am getting the message: An unexpected problem occurred with CardDav:Gmail. For instance, if the address book of a Gmail account needs to be synchronized via CardDAV (Gmail features a CardDAV server implementation) to be available in Outlook, the following steps need to be taken: Install a CardDAV plug-in for Outlook, for example, CalDav Synchronizer or cFOS Outlook DAV. Outlook needs to be closed during this process.
This blog post was written with Radicale 2. I’ve since been UNABLE to update it to Radicale 3, as I cannot get the new rights management system working.
I would like to sync my google contacts into roundcube. I already installed 2 plugins (calendar sync with caldav is working like a charm with url, user and password) but I cant find the correct url for the carddav service. Does anyone knows it? Thank you Moritz.
Radicale 2 contains a bug causing it to ignore umask
, so you probably want a cronjob that fixes the permissions with chown
and chmod
on all your calendar files instead.
Comparing servers
The most important feature I want in a server is the ability to actually serve the clients I use (shocking, I am sure). For CalDAV, my primary client is my iPhone. I access my reminders and calendar through my iPhone, so I need a CalDAV server that works with the iPhone. For CardDAV, my primary client is mutt, which I use to send most of my email. I need something I can integrate with mutt, but that will also work on my iPhone. For WebDAV, my primary client is Notability, which uses WebDAV to backup my notes. I do not really use WebDAV for much else, and I have a separate setup I use to syncing assorted files, but maybe WebDAV will soon replace it.
The secondary features that I want in a server are simplicity and low resource uses. I want something that does one thing well, because that is just how I am. My VPS has few resources—1 core, 1 GB of RAM, and 24 GB of harddrive space—so I want something the uses little additional resources.
WebDAV: nginx
I settled on nginx extended with a secondary module for my WebDAV server.
I already use nginx as my web server, so it has already passed my secondary considerations—nginx is relatively simple and makes efficient use of resources.
Unfortunately, nginx’s default WebDAV module does not pass my first requirement—that it must work with my primary client. The built-in support for WebDAV in nginx is limited, perhaps because it already subscribes to the “do one thing well” philosophy. Thankfully, nginx is modular and someone has written a module that provides the necessary extensions.
{Card,Cal}DAV: radicale
I settled on radicale for the CalDAV and CardDAV servers.
Radicale provides both a CalDAV and CardDAV server. The radicale project documents many of the client it supports, and the list includes the iPhone. After a little experimenting, I find it also support the pycarddav client, a command line CardDAV client which can provide mutt with CardDAV support.
Radicale is written in Python, which is already installed on my server. The entire server only takes up an extra .10MB of disk space. The radicale project explain it believes in the “do one thing well” philosophy, and the server is pretty simple to use and configure. It does not require complicated database back ends. Configuring the server is quite simple, and although it does provide unnecessary features like SSL and authentication support—which are unnecessary insofar as they are better provided by nginx acting as a proxy—it does so through existing Python modules and not new code.
Alternatives considered
Gmail Carddav Settings Email
I did not consider very many other WebDAV servers, since I already have nginx installed and respect the project a great deal. However, I did consider many other {Card,Cal}DAV servers. I will explain a little about why I did not like them.
DAViCal
DAViCal seems to better support many CalDAV clients. It is under more active development and lots of documentation compared to radicale. Unlike radicale, the project is much more concerned with faithfully implementing CalDAV, and supporting lots of fancy features. Radicale is much more concerned with simplicity and supporting clients as they act in practice, and less concerned with the CalDAV protocol and advanced features.
However, DAViCal requires PHP and PostgreSQL. I am opposed to PHP as a language, so that is one strike against it. I also do not have PHP or PostgreSQL installed, so DAViCal would increases the disk usage of my server by a lot.
Baïkal
Baïkal is a very lightweight (2MB codebase) {Cal,Card}DAV server with slick web-based configuration. It seems to be under more active development compared to radicale. It supports all the clients I care about.
However, it requires PHP and MySQL, so I had to reject it for similar reasons to DAViCal.
SabreDAV
SabreDAV is single server that provides WebDAV, CalDAV and CardDAV—among other—protocols. It seems to provide much better support for protocols than other servers. It has a plugin architecture with plugins for more advanced features. It even has a web based administration page, although less slick than Baïkal. This all makes it a great choice except…
It requires PHP. It does not even require a database, but I am still not willing to budge on this PHP thing.
ownCloud
ownCloud is a very cool project. It seems to aim to give the average computer user the ability to setup their own “cloud”, complete with WebDAV, CalDAV, CardDAV, online videos, online PDF viewing, music sharing, among about 100 other features. It has very slick web interfaces and services.
It seems to support all the right clients, but it is an incredibly complex (large) project. It has tons of features I do not need or want. Therefore, I never looked into actually installing it. I am sure it requires at least a database.
WebDAV: nginx
Setting up the server
You need nginx with two modules. The first module is included in the nginx codebase. You can build support for it by compiling nginx with --with-http_dav_module
. The second module, http_dav_ext_methods, adds support for two important requests that clients seem to require. You have to build this module from source separately, and compile nginx with --add-module=<path-to-module>
.
After compiling nginx, you can easily enable WebDAV in nginx.conf
using the following snippet. This snippet also enables SSL support and HTTP basic authentication. All WebDAV files are stored under /www/webdav/data
. The autoindex on
enables viewing all files in /www/webdav/data
directory even from a web browser. This snippet serves the WebDAV server only on the webdav.williamjbowman.com
subdomain. This can be quite handy for remembering the server address, although this can cause problems if your server uses HSTS and your SSL certificate does not include the subdomain.
nginx.conf
You can also serve through a subdirectory instead of a subdomain:
nginx.conf
Setting up clients
You can easily view the files in a browser by simply going to, e.g., https://webdav.williamjbowman.com/
. Of course, it requires authentication if you follow my snippet.
I also access WebDAV through thunar, my file manager, with the help of davfs2, which provides a FUSE filesystem for WebDAV. The only trick to this is thunar requires navigating to the completely intuitive URI davs://<username>@webdav.williamjbowman.com/
.
Notability just requires giving the url, https://webdav.williamjbowman.com
, the username, and password.
If you serve the WebDAV through a subdirectory rather than a subdomain, that works fine too. In this case, if using the example snippet above, the relevant addresses would be https://williamjbowman.com/webdav
or davs://<username>@williamjbowman.com/webdav
.
CalDAV and CardDAV: radicale via nginx proxy
Setting up the server
Installing radicale is quite simple. You can do so through your favorite package manage, e.g., yaourt -Sradicale
, or through Python’s package manager, or by unzipping the package.
The configuration file for my radicale
server is stored in /etc/radicale/config
and all the files for the server live in /srv/radicale/
.
My radicale server is configured with no rights management, no SSL, and no authentication, but only listens on localhost
. The server is publically accessible with SSL and authentication through an nginx proxy. The relevant configuration snippets are below.
/etc/radicale/config
The nginx proxy is simple to setup:
nginx.conf
Setting up clients
iPhone
Radicale provides instructions for setting up the iPhone, but I found that using a subdomain and a proxy simplified the procedure a bit, particularly for CardDAV. There was also one step I found necessary that is missing from the CardDAV instructions.
To setup CalDAV, simply go to the “Mail, Contacts, and Calendars” page under “Setting”, click “Add Account”, click “Other”, and click “Add CalDAV Account”. Enter the URL to the CalDAV server, followed by the username and a calendar name, then enter the username and password. For example, https://caldav.williamjbowman/user/private.ics/
. The trailing slash is important, although the “https”, username, and calendar name seem less important. It seems to “just work” without them when using a subdomain, but not when using a subdirectory.
To setup CardDAV, I had to to manually create the address book on the server first: touch /srv/radicale/user/contacts.vcf
. Then on your iPhone, go to “Mail, Contacts, and Calendars”, click “Add Account”, click “Other”, and click “Add CardDAV account”. Enter the URL, e.g., carddav.williamjbowman.com
, the username, and the password. Things just seem to work after this, contrary to the radicale documentation.
pycarddav
pycarddav provides pretty good documentation, but I want to point out that you need the write_support
option set if you actually want to modify the address book locally and sync to CardDAV server. This was not obvious to me from the documentation (despite being quite well documented) and causes some strange errors. Obviously from the value you must use, this feature is dangerous and experimental, so do not use it. I also have to disable SSL verification because my SSL certificate does not include the carddav
subdomain yet. However, you should never do this because this enables man-in-the-middle attacks.
~/.config/pycard/pycard.conf
Conclusion and Future Work
Gmail Carddav Settings Download
Now you can replace Google or Apple and manage your contacts, calendars, and reminders yourself. In the future, I need to figure out how to encrypt all these on disk in such a way that data is only decrypted when a user tries to access them, and without storing a key or password on the server. I also plan to add some scripts to enables new features for reminders, like dependencies between reminders, and enable reminders from a particular list to become due randomly.
Google Carddav Settings
You might just be correct about using exchange for gmail. I used to have my
gmail account set up as an exchange account, but for some time now kept
getting a message 'Connection to the Server Failed'. I had removed my
account since I am not really using it anyways, but on the last Today in iOS
episode a caller asked for instruction on how to sync his Google contacts as
well. One caller had provided instructions on how to set it up as a CardDAV
account, but another caller called in and explained that one could set it up
as an Exchange account and provided the settings, m.google.com for the
server and google.com for the domain. Then of course your gmail email and
password. So I just tried to set up my account again using those settings
and while the account was created without a hitch, once I opened Mail and
went into my gmail Inbox I received the same 'Connection to the Server
Failed' message. I guess this is another good reason why it is much simpler
to use Outlook.com. I consider Exchange and Exchange Active Sync to be much
better than IMAP which only does mail.