Hosting with Docker¶
You can use docker
and docker compose
to host the Open Web Calendar.
Build the Image¶
First, clone the repository:
git clone https://github.com/niccokunzmann/open-web-calendar
cd open-web-calendar
To build the container yourself, run:
docker build --tag niccokunzmann/open-web-calendar .
This will create the image niccokunzmann/open-web-calendar
.
Run the Docker Image¶
You can use the existing image: niccokunzmann/open-web-calendar.
docker run -d --rm -p 5000:80 --name open-web-calendar niccokunzmann/open-web-calendar
Then, you should see your service running at http://localhost:5000.
This way, you can stop the service:
docker stop open-web-calendar
Container Tags¶
The container niccokunzmann/open-web-calendar:latest
contains the latest release.
Containers are also tagged with the version from the changelog, e.g.
niccokunzmann/open-web-calendar:v1.10
.
If you wish to run the latest development version, use niccokunzmann/open-web-calendar:master
.
This includes unchecked translations.
Docker Compose¶
Use the pre-build Dockerhub image with docker compose
:
version: '3'
services:
open-web-calendar:
image: niccokunzmann/open-web-calendar
ports:
- '80:80'
environment:
- ALLOWED_HOSTS=
restart: unless-stopped
To deploy the Open Web Calendar with docker compose
, follow these steps:
- Copy the
docker-compose.yml
file to the directory from where you want to run the container. - If needed change the port mapping and environment variables.
-
Start the container:
docker compose up -d
-
The container will be pulled automatically from Dockerhub and then starts.
Important Note: If you use this service, consider setting up log rotation as it is very talkative.
Update pre-build image with Docker Compose¶
If you want to update your image with the latest version from Dockerhub run this:
docker compose pull
Note: You need to restart the container after pulling in order for the update to apply:
docker compose up -d
Preventing SSRF attacks using a Tor proxy¶
The Open Web Calendar can be configured to use a proxy to request .ics
and other files. The following example shows the usage of a Tor proxy.
You can try it out at
tor.open-web-calendar.hosted.quelltext.eu.
version: '3'
services:
tor-open-web-calendar:
image: niccokunzmann/open-web-calendar:master
restart: unless-stopped
environment:
# use socks5h for *.onion
# see https://stackoverflow.com/a/42972942/1320237
- HTTP_PROXY=socks5h://tor-socks-proxy:9150
- HTTPS_PROXY=socks5h://tor-socks-proxy:9150
- ALL_PROXY=socks5h://tor-socks-proxy:9150
- ALLOWED_HOSTS=
# optional: create a private network so OWC cannot access the Internet directly
networks:
- no-internet-only-tor
# from https://hub.docker.com/r/peterdavehello/tor-socks-proxy/
tor-socks-proxy:
image: peterdavehello/tor-socks-proxy # use :test for arm64
restart: unless-stopped
# optional: allow access to OWC and the Internet
networks:
- default
- no-internet-only-tor
networks:
default:
ipam:
driver: default
no-internet-only-tor: # see https://stackoverflow.com/a/51964169/1320237
driver: bridge
internal: true
The configuration above prevents access to the internal network as the
requests are sent over the Tor network.
A bonus feature is that calendars can be accessed and hosted as a
Tor Hidden Service using an .onion
address.
E.g. a calendar file can be served from a Raspberry Pi behind a home
network’s firewall.
This example calendar uses this onion address.
See also:
Automatic Updates¶
If you have not fixed your version but you use the latest
or master
tag,
you can automatically update all the services required.
Create an update.sh
file next to your docker-compose.yml
file and add this content:
#!/bin/bash
#
# update the services
#
cd "`dirname \"$0\"`"
docker compose pull
docker compose create
docker compose up -d --remove-orphans
# clean up
# see https://stackoverflow.com/a/46159681/1320237
docker system prune -a -f
docker rm -v $(docker ps -a -q -f status=exited)
docker rmi -f $(docker images -f "dangling=true" -q)
docker volume ls -qf dangling=true | xargs -r docker volume rm
Make update.sh
executable.
chmod +x update.sh
Add a cron job to update everything at 3am daily (when there is an update).
Run this as the user who has access to the docker
command:
crontab -e
And add this line:
3 * * * * /path/to/update.sh 1> /path/to/update.sh.log 2> /path/to/update.sh.log
Further Configuration¶
After you have set up your own server, you can configure the behavior.