Konfigurácia servera¶
Ak chcete zmeniť Open Web Calendar slúžiť vašim potrebám, je to dobre možné. Môžete si vybrať
- Zmeniť, ako vyzerá predvolený kalendár.
- Zmeniť, ako funguje server.
Konfigurácia kalendára Default¶
The configuration of all calendars is rooted in the default_specification. All those values can be changed through a copy of this file hosted on the web through the calendar parameter specification_url. Each parameter should be documented in default_specification.
To modify all calendars hosted on your instance, use the OWC_SPECIFICATION environment variable. Calendars still override some values for their configuration. Those which they do not override are affected by the default specification. Not all values are exposed to the configuration page to be changed. Those values can still be changed in the specification_url and the query parameters.
You might want to change the following values.
title¶
The title of your website.
language¶
This is the default language. You might want to change this to serve the configuration page better to a local audience.
favicon¶
This is a link to the website icon.
source_code¶
If you made changes, you are legally required to disclose them to visitors. Please adjust the link or contribute them back to the main project.
contributing¶
If you want to redirect to contribute to your project.
privacy_policy¶
If you host this service yourself, you can use the default privacy policy.
If for some reason you decide to collect data i.e. in the HTTPS proxy or log IP-addresses, then you need to create your own privacy policy. You can link to the one of this project.
More Values¶
There are loads more values that can be changed. Please refer to the default_specification. These values are all documented. Please use the OWC_SPECIFICATION environment variable to change them.
See also:
Konfigurácia servera¶
Premenné prostredia ovplyvňujú iba chod servera. Tieto premenné prostredia môžu byť použité na konfiguráciu služby:
ALLOWED_HOSTS¶
predvolené prázdne
The clients divided by comma that are allowed to access the Open Web Calendar. You will see this text if you try to access the service and you are not allowed:
Forbidden: You don’t have the permission to access the requested resource. It is either read-protected or not readable by the server.*
Examples:
- permit only the same computer:
ALLOWED_HOSTS=localhost - permit several hosts:
ALLOWED_HOSTS=192.168.0.1,192.168.2,api.myserver.com - permit everyone to access the server (default):
ALLOWED_HOSTS=orALLOWED_HOSTS=*
This functionality is provided by flask-allowed-hosts.
APP_DEBUG¶
default false, values true or false, always false in the Docker container
Nastaviť debug vlajku pre aplikáciu.
CACHE_DIRECTORY¶
default is a temporary directory (e.g. in /tmp/)
The Open Web Calendar caches files needed to display calendars in this directory to speed up loading. If the directory does not exist, it will be created.
CACHE_FILE_SIZE¶
default 20 (MB)
This is the maximum size of one file in the cache. When the cache is full, the least recently used file is removed.
Examples:
- Allow only small files of 4KB:
CACHE_FILE_SIZE=0.004 - Allow any size:
CACHE_FILE_SIZE="$CACHE_SIZE" - Disable caching:
CACHE_FILE_SIZE=0
CACHE_SIZE¶
default 200 (MB)
This is the maximum cache size in megabytes. This size is limited to 200MB in order to mitigate the cache filling the file system or in case of /tmp/ the RAM.
Examples:
- Use 1 GB for caching:
CACHE_SIZE=1024 - Unlimited cache:
CACHE_SIZE=unlimited - Disable caching:
CACHE_SIZE=0
CACHE_REQUESTED_URLS_FOR_SECONDS¶
default 600 (seconds)
Po druhé vyrovnávanie kalendárových súborov, ktoré sa stiahli na zníženie šírky pásma a oneskorenie.
Examples:
- Obnoviť rýchlo:
CACHE_RESTED_URLS_FOR_SECONDS=10 - Disable caching:
CACHE_REQUESTED_URLS_FOR_SECONDS=0
OWC_ENCRYPTION_KEYS¶
predvolené prázdne
This is a comma separated list of encryption keys. These can be used to hide sensitive information of URLs.
Examples:
- Disable encryption (default):
OWC_ENCRYPTION_KEYS= - Use one key:
OWC_ENCRYPTION_KEYS='Pj...48=' - Use multiple keys:
OWC_ENCRYPTION_KEYS='Pj...48=,cx...Fw='If you use multiple keys, only the first one encrypts the data. The others are only used to decrypt the data.
You can generate a new key by visiting your instance of the Open Web Calendar on the page /new-key or by running this command:
python3 -m open_web_calendar.new_key
See also:
OWC_SPECIFICATION¶
OWC_SPECIFICATION is an optional environment variable.
- It can be a path to a file containing valid YAML or JSON.
- It can be a string containing valid YAML or JSON.
Setting OWC_SPECIFICATION allows you to replace default values for all calendars.
Note
New versions of the Open Web Calendar can add new configuration parameters.
Placing your changes in this variable instead of changing the default_specification file
will ensure that you do not break the Open Web Calendar in a future version.
In following example, the title for all calendars that do not set their own title will be changed.
OWC_SPECIFICATION='{"title": "calendar"}' gunicorn open_web_calendar:app
See also:
PORT¶
predvolené 5000, predvolené 80 v kontajneri Docker
Prístav, na ktorom funguje služba.
Examples:
- Slúžiť na HTTP port:
PORT=80
WORKERS¶
predvolené 4, len pre kontajner Docker
Počet paralelných pracovníkov na spracovanie požiadaviek.
Examples:
- Používajte iba jedného pracovníka:
WORKERS=1
Further Configuration¶
Open Web Calendar používa knižnice, ktorých správanie môže byť ďalej prispôsobené.
- Flask má **Viac premenných prostredia ** k dispozícii na konfiguráciu, ako aplikácia slúži obsahu.
- Requests sa používa dostať
.icssúbory. Môžete configure a proxy.
The Open Web Calendar relies on proxy servers for these features:
- Access Control and Users To restrict who can use the Open Web Calendar, you can use
nginxorapacheas a reverse proxy in front of it. YuNoHost is another self-hosting option to restrict access. - HTTPS Encryption This can be done by
nginx,apacheorcaddy. - More Advanced Caching Basic caching is handeled by the Open Web Calendar. For more advanced cache configuration, use a proxy server like
squid. Have a look in the documentation below on how to make the Open Web Calendar access the web only through a proxy. - Restricting Access to Calendars By default, the Open Web Calendar does not restrict which calendars to show. Use the proxy server to filter the calendars. If you run the Open Web Calendar behind a firewall with other web services, setting up a proxy is necessary to protect from SSRF attacks.
Ochrana SSRF so serverom Proxy¶
The Open Web Calendar can be used to access the local network behind a firewall, see Issue 250. This free access is intended to show calendars from everywhere. Since requests is used by the Open Web Calendar, it can use a proxy as described in the requests documentation. The proxy can then handle the filtering.
export HTTP_PROXY="http://10.10.1.10:3128"
export HTTPS_PROXY="http://10.10.1.10:1080"
export ALL_PROXY="socks5://10.10.1.10:3434"
See also:
Squid as a Proxy Server¶
The Squid Proxy and Cache is flexible and configurable. You can use it in front of the Open Web Calendar to configure access and customize caching.
Operating System
Squid is avaiable for all major platforms. For the commands and paths of this tutorial, we assume you run Squid on Debain/Ubuntu. The commands might work on other systems, but that is not tested.
After you have installed the Squid Proxy, add this file into the conf.d directory. Squid will load it automatically then.
In Linux, create /etc/squid/conf.d/open-web-calendar.conf:
## Example rule to deny access to your local networks.
## Adapt to list your (internal) IP networks from where browsing
## should be allowed
acl owc_forbidden dst 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl owc_forbidden dst 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl owc_forbidden dst 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl owc_forbidden dst 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl owc_forbidden dst 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl owc_forbidden dst 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl owc_forbidden dst fc00::/7 # RFC 4193 local private network range
acl owc_forbidden dst fe80::/10 # RFC 4291 link-local (directly plugged) machines
## If the Open Web Calendar runs on another machine, not localhost (127.0.0.1),
## fill in the network or IP of that machine here and allow access from it.
acl owc_host src 127.0.0.1 # Allow Access to Squid from localhost (default)
# acl owc_host src 172.16.0.0/12 # Uncomment if you run the Open Web Calendar as a docker service
## Access from owc_host is allowed to all but forbidden networks
http_access allow owc_host !owc_forbidden
## Use IPv4 for DNS
## See https://superuser.com/a/1443889
dns_v4_first on
The list above denies the Open Web Calendar access to all known local/internal networks. If you have your own local network (IPv4 or IPv6), add it to the list above to be sure.
On Linux, you can install the file with this command:
sudo wget -O /etc/squid/conf.d/open-web-calendar.conf https://raw.githubusercontent.com/niccokunzmann/open-web-calendar/master/docs/snippets/squid/open-web-calendar.conf
Then, restart the squid proxy.
sudo service squid reload
Set the environment variables to tell the Open Web Calendar to use the Squid proxy installed on localhost. Setting this variable changes depending on how you run the Open Web Calendar.
If you use the Python Setup, you can set the environment variables for the server like this:
export HTTP_PROXY="http://localhost:3128"
export HTTPS_PROXY="http://localhost:3128"
export ALL_PROXY="http://localhost:3128"
gunicorn open_web_calendar:app
When you try to access a forbidden calendar with the local open-web-calendar, e.q. http://172.16.0.1/calendar.ics, you will see this error message:
403 Client Error: Forbidden for url: http://172.16.0.1/calendar.ics