Konfiguracija servera

Ako želiš prilagoditi „Otvoreni web kalendar” tvojim potrebama, možeš

• Promijeni zadani izgled kalendara.
• Promijeniti način rada servera.

Konfiguriranje zadanog kalendara

The configuration of all calendars is rooted in the default_specification. All those values can be changed through a copy of this file hosted on the web through the calendar parameter specification_url. Each parameter should be documented in default_specification.

To modify all calendars hosted on your instance, use the OWC_SPECIFICATION environment variable. Calendars still override some values for their configuration. Those which they do not override are affected by the default specification. Not all values are exposed to the configuration page to be changed. Those values can still be changed in the specification_url and the query parameters.

Možda ćeš htjeti promijeniti sljedeće vrijednosti.

title

Naslov tvoje web stranice.

language

Ovo je zadani jezik. Ovo možeš promijeniti kako bi lokalna publika bolje koristila stranicu konfiguracije.

favicon

Ovo je poveznica na ikonu web stranice.

source_code

Ako si napravio/la promjene, po zakonu moraš posjetitelje o tome obavijestiti. Prilagodi poveznicu ili ih vrati natrag u glavni projekt.

contributing

Ako želiš preusmjeriti za doprinešenje tvom projektu.

privacy_policy

If you host this service yourself, you can use the default privacy policy.

If for some reason you decide to collect data i.e. in the HTTPS proxy or log IP-addresses, then you need to create your own privacy policy. You can link to the one of this project.

Više vrijednosti

There are loads more values that can be changed. Please refer to the default_specification. These values are all documented. Please use the OWC_SPECIFICATION environment variable to change them.

Također pogledaj:

• API

Konfiguriranje servera

Varijable okruženja utječu samo na pokretanje servera. Ove varijable okruženja se mogu koristiti za konfiguriranje usluge:

ALLOWED_HOSTS

zadana vrijednost je prazna

Zarezima odvojeni klijenti koji smiju pristupiti otvorenom web kalendaru. Vidjet ćeš ovaj tekst ako pokušaš pristupiti usluzi kada ti nije dozvoljeno:

Forbidden: You don’t have the permission to access the requested resource. It is either read-protected or not readable by the server.*

Primjeri:

• dozvoli samo isto računalo: ALLOWED_HOSTS=localhost
• dozvoli nekolicini servera: ALLOWED_HOSTS=192.168.0.1,192.168.2,api.myserver.com
• dozvoli svima pristup serveru (zadano): ALLOWED_HOSTS= ili ALLOWED_HOSTS=*

Ovu funkcionalnost pruža flask-allowed-hosts.

PORT

zadano je 5000, zadano je 80 u Docker kontejneru

Priključak na kojem se usluga pokreće.

Primjeri:

• Koristi HTTP priključak: PORT=80

OWC_SPECIFICATION

OWC_SPECIFICATION je opcionalna varijabla okruženja.

• Može biti staza do datoteke koja sadrži ispravan YAML ili JSON.
• Može biti znakovni niz koji sadrži ispravan YAML ili JSON.

Postavljanje OWC_SPECIFICATION dozvoljava mijenjanje zadanih vrijednosti za sve kalendare.

Napomena

Nove verzije aplikacije „Otvoreni web kalendar” mogu dodati nove parametre konfiguracije. Postavljanje vlastitih promjena u ovu varijablu umjesto mijenjanja datoteke default_specification će osigurati da „Otvoreni web kalendar” radi u budućoj verziji.

U sljedećem primjeru, naslov će se promijeniti za sve kalendare koji ne postavljaju vlastiti naslov.

OWC_SPECIFICATION='{"title": "calendar"}' gunicorn open_web_calendar:app

Također pogledaj:

• OWC_SPECIFICATION in the API

WORKERS

zadano je 4, samo za Docker kontejnere

Broj paralelnih izvršitelja (workers) za obradu zahtjeva.

Primjeri:

• Koristi samo jednog izvršitelja: WORKERS=1

CACHE_REQUESTED_URLS_FOR_SECONDS

standardno je 600

Broj sekundi za predmemoriranje datoteka kalendara koje se preuzimaju kako bi se smanjila propusnost i kašnjenje.

Primjeri:

• Brzo aktualiziranje: CACHE_REQUESTED_URLS_FOR_SECONDS=10

APP_DEBUG

default false, values true or false, always false in the Docker container

Postavi oznaku za otklanjanje grešaka za aplikaciju.

OWC_ENCRYPTION_KEYS

zadana vrijednost je prazna

This is a comma separated list of encryption keys. These can be used to hide sensitive information of URLs.

Primjeri:

• Disable encryption (default): OWC_ENCRYPTION_KEYS=
• Use one key: OWC_ENCRYPTION_KEYS='Pj...48='
• Use multiple keys: OWC_ENCRYPTION_KEYS='Pj...48=,cx...Fw=' If you use multiple keys, only the first one encrypts the data. The others are only used to decrypt the data.

You can generate a new key by visiting your instance of the Open Web Calendar on the page /new-key or by running this command:

python3 -m open_web_calendar.new_key

Također pogledaj:

• Fernet

Daljnja konfiguracija

Otvoreni web kalendar koristi biblioteke za dodatno prilagođavanje.

• Flask has more environment variables available to configure how the application serves content.
• Requests is used the get the .ics files. You can configure a proxy.

The Open Web Calendar relies on proxy servers for these features:

• Access Control and Users To restrict who can use the Open Web Calendar, you can use nginx or apache as a reverse proxy in front of it. YuNoHost is another self-hosting option to restrict access.
• HTTPS Encryption This can be done by nginx, apache or caddy.
• More Advanced Caching Basic caching is handeled by the Open Web Calendar. For more advanced cache configuration, use a proxy server like squid. Have a look in the documentation below on how to make the Open Web Calendar access the web only through a proxy.
• Restricting Access to Calendars By default, the Open Web Calendar does not restrict which calendars to show. Use the proxy server to filter the calendars. If you run the Open Web Calendar behind a firewall with other web services, setting up a proxy is necessary to protect from SSRF attacks.

SSRF zaštita s proxy serverom

The Open Web Calendar can be used to access the local network behind a firewall, see Issue 250. This free access is intended to show calendars from everywhere. Since requests is used by the Open Web Calendar, it can use a proxy as described in the requests documentation. The proxy can then handle the filtering.

export HTTP_PROXY="http://10.10.1.10:3128"
export HTTPS_PROXY="http://10.10.1.10:1080"
export ALL_PROXY="socks5://10.10.1.10:3434"

Također pogledaj:

• Spriječi SSRF pomoću Tor proxya

Squid as a Proxy Server

The Squid Proxy and Cache is flexible and configurable. You can use it in front of the Open Web Calendar to configure access and customize caching.

Operating System

Squid is avaiable for all major platforms. For the commands and paths of this tutorial, we assume you run Squid on Debain/Ubuntu. The commands might work on other systems, but that is not tested.

After you have installed the Squid Proxy, add this file into the conf.d directory. Squid will load it automatically then.

In Linux, create /etc/squid/conf.d/open-web-calendar.conf:

## Example rule to deny access to your local networks.
## Adapt to list your (internal) IP networks from where browsing
## should be allowed
acl owc_forbidden dst 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl owc_forbidden dst 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl owc_forbidden dst 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl owc_forbidden dst 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl owc_forbidden dst 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl owc_forbidden dst 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl owc_forbidden dst fc00::/7               # RFC 4193 local private network range
acl owc_forbidden dst fe80::/10              # RFC 4291 link-local (directly plugged) machines

## If the Open Web Calendar runs on another machine, not localhost (127.0.0.1),
## fill in the network or IP of that machine here and allow access from it.
acl owc_host src 127.0.0.1           # Allow Access to Squid from localhost (default)
# acl owc_host src 172.16.0.0/12     # Uncomment if you run the Open Web Calendar as a docker service

## Access from owc_host is allowed to all but forbidden networks
http_access allow owc_host !owc_forbidden

## Use IPv4 for DNS
## See https://superuser.com/a/1443889
dns_v4_first on

The list above denies the Open Web Calendar access to all known local/internal networks. If you have your own local network (IPv4 or IPv6), add it to the list above to be sure.

On Linux, you can install the file with this command:

sudo wget -O /etc/squid/conf.d/open-web-calendar.conf https://raw.githubusercontent.com/niccokunzmann/open-web-calendar/master/docs/snippets/squid/open-web-calendar.conf

Then, restart the squid proxy.

sudo service squid reload

Set the environment variables to tell the Open Web Calendar to use the Squid proxy installed on localhost. Setting this variable changes depending on how you run the Open Web Calendar.

If you use the Python Setup, you can set the environment variables for the server like this:

export HTTP_PROXY="http://localhost:3128"
export HTTPS_PROXY="http://localhost:3128"
export ALL_PROXY="http://localhost:3128"
gunicorn open_web_calendar:app

When you try to access a forbidden calendar with the local open-web-calendar, e.q. http://172.16.0.1/calendar.ics, you will see this error message:

403 Client Error: Forbidden for url: http://172.16.0.1/calendar.ics