Radicale is the GOAT and supports authentication. Or you can just run it on a LAN behind a firewall.
this post was submitted on 06 Mar 2025
12 points (92.9% liked)
Selfhosted
43312 readers
446 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
VPN is the way to go if you're not sharing it with a bunch of people
I think the general consensus for homelabbers is a mesh network -- Tailscale and Netbird are the two most popular options
Related question, what CalDAV server are you using? Been looking for something lightweight
I run nextcloud on my machine. If there's a crack, there would be one in their hosted instance as well. There's nothing really I can do about security of it.
I do not expose Nextcloud to the internet. I use dnsmasq to give LAN clients the private IP. If I need to access NC from elsewhere, there's VPN for that.
Sounds like a good solution as well
mTLS with a reverse proxy!
What caldav clients supports that?
I’d recommend the Tailscale style approach. MTLS is a pain imo without infrastructure and especially on the app layers
Tailscale is simpler but when you're accessing from devices behind VPNs like I do mTLS is a lifesaver.
I use DAVx⁵ for caldav (supports mTLS)
I find mTLS cool too :P
In terms of being a pain it's not that bad with nginx in my opinion. I can just build my own certificate for each service I expose or you use a common one, giving read only access to the key for my nginx containers and in two lines in the .conf it's sorted.
This is the first time I’ve heard of mTLS. Sounds interesting, any tutorial recs?
Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.
There are quite a few guides out there, so choose one for your reverse proxy of choice!
Who do you want to have access to said calendar?
Just myself, but I would like to keep it synced between my phone and my laptop while also keeping a backup.
Then you should really look into setting up a personal VPN. After that what you use to do calendar becomes irrelevant in terms of access.
Could you set up a Cloudflare tunnel and make sure the security rules are tight enough to keep others out?