this post was submitted on 05 Jun 2025
30 points (89.5% liked)

Selfhosted

46677 readers
404 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
30
Safest CalDAV/CardDAV server [Choice Made] (feddit.org)
submitted 2 days ago* (last edited 2 days ago) by A_norny_mousse@feddit.org to c/selfhosted@lemmy.world
23 comments fedilink hide all child comments
 

After my previous server got hacked (presumably), I am now looking for new solutions to my needs. CalDAV/CardDAV is a big one.

So far I switched from a content management system (PHP) to a static site generator for my blog, and I'm not looking back.

I wonder if it makes sense to also step away from PHP wrt CalDAV/CardDAV.

As ever so often, this list has some nice info.

I'd like to keep dependencies low. Python would be a good choice because it's already installed on my Debian Stable system. But would it be safer?

Back when I started this compatibility with clients was an issue; but I don't use Android anymore. In any case, is this still an issue?

edit: no, I don't use a web based app; and I'd prefer the server doesn't require admin via web UI either.

Thanks for all your replies! I chose Radicale, already set it up. Only what is needed, simple config files. Very nice. It runs under an nginx reverse proxy and they communicate encrypted (and of course the outside is also encrypted and password-protected). And the web UI can be disabled.

The documentation is very tutorial-like and security conscious.

you are viewing a single comment's thread
view the rest of the comments
[–] doeknius_gloek@discuss.tchncs.de 11 points 2 days ago* (last edited 2 days ago)

Security in software is about implementation, not different programming languages. Security as a whole is also not something you can achieve just by installing "secure" software - every software has bugs and vulnerabilities. Some of them are known, others are unknown and not every one of them automatically poses a security risk to you, this depends on the bug, your usage and environment. You can try to harden your system, but you need to do this in layers and the application code is just one of them.

For example, you could geoblock IP addresses so their requests never even reach your application. This does not mean that you're automatically safe from attackers from e.g. Russia, but you make yourself a less easy target.

There are many other defense mechanisms like request limiting, dynamically blocking malicious requests with something like Fail2Ban, strong authentication, frequent patching, network segregation, virtualization, and so on. I hope you see where I'm going. Security is complex and depends a lot on your personal threat model.

That being said, if you need to know how secure the code of a given software is, you need to find something that has recently been audited or audit it yourself.