Setup Radicale on OpenBSD

— 335 words — 2 min

#openbsd 

Radicale lets you synchronize your calendar, contacts and tasks between multiple devices that support CalDAV and CardDAV. It’s written in Python.

On OpenBSD you can install the radicale with a simple

pkg_add radicale

Adjust the configuration file in /etc/radicale/config.

[server]
hosts = 127.0.0.1:5232
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt

Generate a password for user1 (run as root).

htpasswd /etc/radicale/users user1

Adjust permissions so that user of the _radicale group can read the file containing the users.

cd /etc/radicale
chown root:_radicale users
chmod 640 users

I’m using nginx here to proxy the relevant requests to radicale. You can also configure radicale to listen on 0.0.0.0 and configure a certificates and key for TLS; or configure it to listen on an internal network address when you’re already running your own VPN.

Adjust the nginx configuration to proxy requests to the radicale service in /etc/nginx/nginx.conf.

server {
    listen 443 ssl;
    [...]

    location /radicale/ {
        proxy_pass        http://localhost:5232/; # The / is important!
        proxy_set_header  X-Script-Name /radicale;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass_header Authorization;
    }
}

For an Apache configuration or managing radicale users with the reverse proxy take a look at the official documentation.

Replacing httpd with Nginx

If you’re replacing httpd on OpenBSD with nginx, you might want to adjust the logrotate configuration, too. Adjust the configuration in /etc/newsyslog.conf.

Replace these two lines

/var/www/logs/access.log       644  4     *    $W0   Z "pkill -USR1 -u root -U root -x httpd"
/var/www/logs/error.log        644  7     250  *     Z "pkill -USR1 -u root -U root -x httpd"

with

/var/www/logs/access.log        644  4     *    $W0   Z /var/run/nginx.pid SIGUSR1
/var/www/logs/error.log         644  7     250  *     Z /var/run/nginx.pid SIGUSR1

If you use nginx you should—definitely—read the pitfalls and common mistakes page.

Articles from blogs I follow around the net

tweet

Prepare your “no” and keep it handy: https://sive.rs/n0

via Derek Sivers May 14, 2026

Resetting Mutt's terminal after OAuth2 / GPG

A quick fix for how to get mutt's terminal reset after shelling out to GPG during the OAuth2 flow.

via Signs of Triviality March 31, 2026

Status update, February 2026

Hi all! Lars has contributed an implementation independent test suite for the scfg configuration file format. This is quite nice for implementors, they get a base test suite for free. I’ve added support for it for libscfg, the C implementation. I’ve spent some…

via emersion February 22, 2026

Generated by openring