Skip to content

Server Configuration

If you want to change the Open Web Calendar to serve your needs, this is well possible. You can choose to

  • Change how the default calendar looks.
  • Change how the server works.

Configuring the Default Calendar

The configuration of all calendars is rooted in the default_specification.yml. All those values can be changed through a copy of this file hosted on the web through the calendar parameter specification_url. Each parameter should be documented in default_specification.yml.

If you modify the default specification, you modify all calendars that are hosted at your instance. Calendars still override some values for their configuration. Those which they do not override are affected. Not all values are exposed to the configuration page to be changed. Those values can still be changed in the default_specification.yml and the query parameters.

You might want to change the following values.


The title of your website.


This is the default language. You might want to change this to serve the configuration page better to a local audience.


This is a link to the website icon.


If you made changes, you are legally required to disclose them to visitors. Please adjust the link or contribute them back to the main project.


If you want to redirect to contribute to your project.


If you host this service yourself, you can use the default privacy policy.

If for some reason you decide to collect data i.e. in the HTTPS proxy or log IP-addresses, then you need to create your own privacy policy. You can link to the one of this project.

More Values

There are loads more values that can be changed. Please refer to the default_specification.yml. These values are all documented.

See also:

Configuring the Server

Environment variables only influence the running of the server. These environment variables can be used to configure the service:


default empty

The hosts divided by comma that the Open Web Calendar permits. This is required to mitigate the Host Header Injection vulnerability.
You will see this text if the host is not allowed:

Forbidden: You don’t have the permission to access the requested resource. It is either read-protected or not readable by the server.*


  • permit one host: ALLOWED_HOSTS=localhost
  • permit several hosts:,
  • permit all hosts (vulnerable): ALLOWED_HOSTS=


default 5000, default 80 in the Docker container

The port that the service is running on.


  • Serve on HTTP port: PORT=80


default 4, only for the Docker container

The number of parallel workers to handle requests.


  • Only use one worker: WORKERS=1


default 600

Seconds to cache the calendar files that get downloaded to reduce bandwidth and delay.




default true, values true or false, always false in the Docker container

Set the debug flag for the app.

Further Configuration

The Open Web Calendar uses libraries whose behavior can be further customized.

SSRF Protection with a Proxy Server

The Open Web Calendar can be used to access the local network behind a firewall, see Issue 250. This free access is intended to show calendars from everywhere. Since requests is used by the Open Web Calender, it can use a proxy as described in the requests documentation. The proxy can then handle the filtering.

export HTTP_PROXY=""
export HTTPS_PROXY=""
export ALL_PROXY="socks5://"

See also: