Configuración del servidor

Si deseas cambiar el Calendario Web Abierto para satisfacer tus necesidades, se puede hacer. Puedes elegir

• Cambiar la apariencia del calendario predeterminado.
• Cambiar el funcionamiento del servidor.

Configurar el calendario predeterminado

The configuration of all calendars is rooted in the default_specification. All those values can be changed through a copy of this file hosted on the web through the calendar parameter specification_url. Each parameter should be documented in default_specification.

To modify all calendars hosted on your instance, use the OWC_SPECIFICATION environment variable. Calendars still override some values for their configuration. Those which they do not override are affected by the default specification. Not all values are exposed to the configuration page to be changed. Those values can still be changed in the specification_url and the query parameters.

Es posible que quieras cambiar los siguientes valores.

title

El título de tu página web.

language

Este es el idioma predeterminado. Es posible que desees cambiarlo para ofrecer una mejor configuración a una audiencia local.

favicon

Este es el favicon de la página web.

source_code

Si ha realizado cambios, está legalmente obligado a revelarlos a los visitantes. Le rogamos que adapte el enlace o los aporte de nuevo al proyecto principal.

contributing

Si quieres redirigir a otro lugar, para que ayuden en tu proyecto.

privacy_policy

Si alojas este servicio tu mismo, puedes utilizar la política de privacidad predeterminada.

Si por alguna razón decides recoger datos, por ejemplo, en el proxy HTTPS o registrar direcciones IP, entonces necesitas crear tu propia política de privacidad. Puedes enlazar con la de este proyecto.

Más valores

There are loads more values that can be changed. Please refer to the default_specification. These values are all documented. Please use the OWC_SPECIFICATION environment variable to change them.

Ver también:

• API

Configurando el servidor

Las variables de entorno solo influyen en el funcionamiento del servidor. Estas variables del entorno se pueden utilizar para configurar el servicio:

ALLOWED_HOSTS

vacío predeterminado

Los clientes separados por comas que tienen permiso para acceder al Open Web Calendar. Verá este texto si intenta acceder al servicio y no tiene permisos:

Forbidden: You don’t have the permission to access the requested resource. It is either read-protected or not readable by the server.*

Examples:

• permitir solo al mismo ordenador: ALLOWED_HOSTS=localhost
• permitir varios hosts: ALLOWED_HOSTS=192.168.0.1,192.168.2,api.myserver.com
• permitir a todo el mundo el acceso al servidor (por defecto): ALLOWED_HOSTS= o ALLOWED_HOSTS=*

This functionality is provided by flask-allowed-hosts.

PORT

por defecto5000 , predeterminado80 en el contenedor Docker

El puerto en el que se ejecuta el servicio.

Examples:

• Servir en el puerto HTTP:PUERTO=80

OWC_SPECIFICATION

OWC_SPECIFICATION is an optional environment variable.

• It can be a path to a file containing valid YAML or JSON.
• It can be a string containing valid YAML or JSON.

Setting OWC_SPECIFICATION allows you to replace default values for all calendars.

Note

New versions of the Open Web Calendar can add new configuration parameters. Placing your changes in this variable instead of changing the default_specification file will ensure that you do not break the Open Web Calendar in a future version.

In following example, the title for all calendars that do not set their own title will be changed.

OWC_SPECIFICATION='{"title": "calendar"}' gunicorn open_web_calendar:app

Ver también:

• OWC_SPECIFICATION in the API

WORKERS

por defecto 4 , solo para el contenedor Docker

El número de trabajadores paralelos para gestionar las peticiones.

Examples:

• Utilice sólo un trabajador: WORKERS=1

CACHE_REQUESTED_URLS_FOR_SECONDS

por defecto 600

Segundos para almacenar en la caché los archivos del calendario que se descargan para reducir el ancho de banda y las demoras.

Examples:

• Actualización rápida: CACHE_REQUESTED_URLS_FOR_SECONDS=10

APP_DEBUG

default false, values true or false, always false in the Docker container

Establecer el indicador de depuración para la aplicación.

OWC_ENCRYPTION_KEYS

vacío predeterminado

This is a comma separated list of encryption keys. These can be used to hide sensitive information of URLs.

Examples:

• Disable encryption (default): OWC_ENCRYPTION_KEYS=
• Use one key: OWC_ENCRYPTION_KEYS='Pj...48='
• Use multiple keys: OWC_ENCRYPTION_KEYS='Pj...48=,cx...Fw=' If you use multiple keys, only the first one encrypts the data. The others are only used to decrypt the data.

You can generate a new key by visiting your instance of the Open Web Calendar on the page /new-key or by running this command:

python3 -m open_web_calendar.new_key

Ver también:

• Fernet

Further Configuration

Calendario web abierto utiliza bibliotecas cuyo comportamiento se puede personalizar aún más.

• Flask tiene más variables de entorno disponibles para configurar cómo la aplicación entrega el contenido.
• ** Peticiones** se utiliza para obtener el .ics archivos. Puede configurar un proxy.

The Open Web Calendar relies on proxy servers for these features:

• Access Control and Users To restrict who can use the Open Web Calendar, you can use nginx or apache as a reverse proxy in front of it. YuNoHost is another self-hosting option to restrict access.
• HTTPS Encryption This can be done by nginx, apache or caddy.
• More Advanced Caching Basic caching is handeled by the Open Web Calendar. For more advanced cache configuration, use a proxy server like squid. Have a look in the documentation below on how to make the Open Web Calendar access the web only through a proxy.
• Restricting Access to Calendars By default, the Open Web Calendar does not restrict which calendars to show. Use the proxy server to filter the calendars. If you run the Open Web Calendar behind a firewall with other web services, setting up a proxy is necessary to protect from SSRF attacks.

Protección SSRF a través de un proxy

The Open Web Calendar can be used to access the local network behind a firewall, see Issue 250. This free access is intended to show calendars from everywhere. Since requests is used by the Open Web Calendar, it can use a proxy as described in the requests documentation. The proxy can then handle the filtering.

export HTTP_PROXY="http://10.10.1.10:3128"
export HTTPS_PROXY="http://10.10.1.10:1080"
export ALL_PROXY="socks5://10.10.1.10:3434"

Ver también:

• Prevenir SSRF usando un proxy Tor

Squid as a Proxy Server

The Squid Proxy and Cache is flexible and configurable. You can use it in front of the Open Web Calendar to configure access and customize caching.

Operating System

Squid is avaiable for all major platforms. For the commands and paths of this tutorial, we assume you run Squid on Debain/Ubuntu. The commands might work on other systems, but that is not tested.

After you have installed the Squid Proxy, add this file into the conf.d directory. Squid will load it automatically then.

In Linux, create /etc/squid/conf.d/open-web-calendar.conf:

## Example rule to deny access to your local networks.
## Adapt to list your (internal) IP networks from where browsing
## should be allowed
acl owc_forbidden dst 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl owc_forbidden dst 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl owc_forbidden dst 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl owc_forbidden dst 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl owc_forbidden dst 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl owc_forbidden dst 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl owc_forbidden dst fc00::/7               # RFC 4193 local private network range
acl owc_forbidden dst fe80::/10              # RFC 4291 link-local (directly plugged) machines

## If the Open Web Calendar runs on another machine, not localhost (127.0.0.1),
## fill in the network or IP of that machine here and allow access from it.
acl owc_host src 127.0.0.1           # Allow Access to Squid from localhost (default)
# acl owc_host src 172.16.0.0/12     # Uncomment if you run the Open Web Calendar as a docker service

## Access from owc_host is allowed to all but forbidden networks
http_access allow owc_host !owc_forbidden

## Use IPv4 for DNS
## See https://superuser.com/a/1443889
dns_v4_first on

The list above denies the Open Web Calendar access to all known local/internal networks. If you have your own local network (IPv4 or IPv6), add it to the list above to be sure.

On Linux, you can install the file with this command:

sudo wget -O /etc/squid/conf.d/open-web-calendar.conf https://raw.githubusercontent.com/niccokunzmann/open-web-calendar/master/docs/snippets/squid/open-web-calendar.conf

Then, restart the squid proxy.

sudo service squid reload

Set the environment variables to tell the Open Web Calendar to use the Squid proxy installed on localhost. Setting this variable changes depending on how you run the Open Web Calendar.

If you use the Python Setup, you can set the environment variables for the server like this:

export HTTP_PROXY="http://localhost:3128"
export HTTPS_PROXY="http://localhost:3128"
export ALL_PROXY="http://localhost:3128"
gunicorn open_web_calendar:app

When you try to access a forbidden calendar with the local open-web-calendar, e.q. http://172.16.0.1/calendar.ics, you will see this error message:

403 Client Error: Forbidden for url: http://172.16.0.1/calendar.ics