Publishing iCal

Server configuration

You'll need a version of apache with mod_dav enabled. If you're compiling apache yourself you should add the --enable-dav option to configure in order to build DAV support. Otherwise consult your vendor to find out how to get a DAV-aware apache for your system.

The DAV database

apache needs write access to a directory to hold its DAV data. This directory should be off-limits to other system users. To create the directory you need to know what user ID apache is running as. The User directive in your configuration file (usually httpd.conf) determines this.

In my case apache is running as user www. Other common choices are nobody and apache.

Create a directory somewhere and make it accessible only to the apache user. I chose /opt/apache/tmp.

# mkdir /opt/apache/tmp
# chown www /opt/apache/tmp
# chmod 700 /opt/apache/tmp

The directory

The DocumentRoot for the calendar needs to be writable to the user running apache. On my system the www user is in group www so this is easily achieved.

# chgrp www /www/iain/
# chmod g+rwx /www/iain/

The password file

You don't want just anyone putting files on your server. You might not want to allow open access to subscribe to your published calendar but for the purposes of this discussion I will assume that you're happy to allow anyone to subscribe.

Access control is handled by apache in the usual way. This means you should create a password file outside your DocumentRoot with the usernames and passwords allowed. Let's say that I wanted to put my passwords in /opt/apache/passwords/calendar. The file can be set up with a password for the user iain like so:

# htpasswd -c /opt/apache/passwords/calendar iain
New password: 
Re-type new password: 
Adding password for user iain

Access control

DAV setup and access control have to be done in the main httpd.conf as the configuration directives involved aren't allowed in .htaccess. The following example allows publishing to /wwww/iain/ with the database and password file defined above.

<IfModule mod_dav.c>
  DavLockDB /opt/apache/tmp/davlock

  <Directory /www/iain/>
    Dav filesystem
    AllowOverride None
    Options Indexes
    AuthName "Calendar"
    AuthType Basic
    AuthUserFile /opt/apache/passwords/calendar
    <LimitExcept GET OPTIONS>
      require user iain

Fairly self-explanatory. The IfModule block hides the rest of the stuff in the case where mod_dav isn't available, so your server won't barf if you forgot to install it. The LimitExcept line blocks out require user iain for requests other than GET and OPTIONS, which means that anyone can read the calendar but only iain can publish it. Incidentally the request types to write to the calendar are PUT and DELETE.

Now to configure iCal.

Jump to a section

intro | part 1: Server configuration | part 2: Client configuration | part 3: Gotcha!