Setup Contact and Calendar (dav)sync using Radicale and Docker compose.

I have been looking for a solution to sync my contacts across devices. Etesync seemed great for this, but it seems the IOS app is no longer maintained.

And then I found Radicale, a lightweight and easy to setup server for Caldav/Cardav syncing, and in true FarisZR fashion, I’m going to install it with docker compose.

Now radicale doesn’t seem to have an official docker image, but luckily for us tomesquest did the hard part for us and created a docker image for Radiacle.

docker-compose.yml

*Note that this uses an external network called web to connect the service to the reverse proxy, you could just expose the ports directly.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
networks:
  web:
    external: true

services:
  radicale:
    image: tomsquest/docker-radicale:latest
    container_name: radicale
    # ports:
    #   - 127.0.0.1:5232:5232
    init: true
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - SETGID
      - CHOWN
      - KILL
    deploy:
      resources:
        limits:
          memory: 256M
          pids: 50
    healthcheck:
      test: curl -f http://127.0.0.1:5232 || exit 1
      interval: 30s
      retries: 3
    restart: unless-stopped
    volumes:
      - ./data:/data
      - ./config:/config
    networks:
      - web

config

There’s a template config file for the docker image, we still need to change something to be able to set up htpasswd auth.

Create a file named config inside the mounted config directory with the raw content of the config file from github

and modify it to your liking, if you want to change the data directory, make sure to adjust the mount points in docker compose accordingly.

Auth

We need to adjust the auth section to enable authentication with a password, here’s an example:

1
2
3
4
[auth]
type = htpasswd
htpasswd_filename = /config/users
htpasswd_encryption = bcrypt

Hashing your password with bcrypt

Now, as you probably noticed, htpasswd encryption is set to bcrypt, which means we need to hash the password in bcrypt format.

1
echo -n "your password" | mkpasswd --method=bcrypt

Then create a file called users in the mounted config directory. It should be formatted like this:

1
john:$2a$10$l1Se4qIaRlfOnaC1pGt32uNe/Dr61r4JrZQCNnY.kTx2KgJ70GPSm

and now it should be ready to run!

Caddy reverse proxy

1
2
3
4
sync.example.com {
	reverse_proxy radicale:5232
	encode zstd gzip
}

Importing data

For me, importing data from the web UI didn’t work, I just re-imported my contacts on my phone and it worked.