NAME

       kopano-ical.cfg - The Kopano iCal/CalDAV gateway configuration file

SYNOPSIS

       ical.cfg

DESCRIPTION

       The ical.cfg is a configuration file for the Kopano iCal/CalDAV Gateway.  ical.cfg contains instructions
       for the software to set up the logging system and to enable or disable the normal or SSL part of the
       service.

FILE FORMAT

       The file consists of one big section, but parameters can be grouped by functionality.

       The parameters are written in the form:

       name = value

       The file is line-based. Each newline-terminated line represents either a comment, nothing, a parameter or
       a directive. A line beginning with `#' is considered a comment, and will be ignored by Kopano. Parameter
       names are case sensitive. Lines beginning with `!' are directives.

       Directives are written in the form:

       !directive [argument(s)]

       The following directives exist:

       include
           Include and process argument

           Example: !include common.cfg

EXPLANATION OF EACH PARAMETER

   ical_listen
       A space-separated list of address:port specifiers for where the server should listen for HTTP/CalDAV
       connections. IPv6 addresses need to be enclosed in brackets (as in [2001:db8::1]:236), and the asterisk
       is the multi-protocol address wildcard.

       Default: *:8080

   icals_listen
       A space-separated list of address:port spcifiers for implicit-SSL CalDAV/HTTPS connections, similar to
       ical_listen. Previous versions of ZCP/KC suggested port 8443.

       Default: (none)

   server_socket
       The http address of the storage server.

       Default: http://localhost:236/

       It is not advised to specify the UNIX socket here, but the http address instead. In default configuration
       the gateway will then be trusted by the storage server (as set in its local_admin_users configuration
       setting). Unless is run as an untrusted user, by specifying the run_as_user, the gateway always
       authenticates users even if they provide no or wrong credentials!

   run_as_user
       After correctly starting, the iCal/CalDAV gateway process will become this user, dropping root
       privileges. Note that the log file needs to be writeable by this user, and the directory too to create
       new logfiles after logrotation. This can also be achieved by setting the correct group and permissions.

       Default value is empty, not changing the user after starting.

   run_as_group
       After correctly starting, the iCal/CalDAV gateway process will become this group, dropping root
       privileges.

       Default value is empty, not changing the group after starting.

   pid_file
       Write the process ID number to this file. This is used by the init.d script to correctly stop/restart the
       service.

       Default: /var/run/kopano/ical.pid

   running_path
       Change directory to this path when running in daemonize mode. When using the -F switch to run in the
       foreground the directory will not be changed.

       Default: /

   coredump_enabled
       When a crash occurs or an assertion fails, a coredump file can be generated by the system for use with a
       crash report. For details, see the kopano-coredump(5) manpage.

       Default: systemdefault

   process_model
       You can change the process model between fork and thread. The forked model uses somewhat more resources,
       but if a crash is triggered, this will only affect one user. In the threaded model, a crash means all
       users are affected, and will not be able to use the service.

       Default: thread

   ssl_private_key_file
       The iCal/CalDAV gateway will use this file as private key for SSL TLS. This file can be created with:
       openssl genrsa -out /etc/kopano/ical/privkey.pem 2048.

       Default: /etc/kopano/ical/privkey.pem

   ssl_certificate_file
       The iCal/CalDAV gateway will use this file as certificate for SSL TLS. A self-signed certificate can be
       created with: openssl req -new -x509 -key /etc/kopano/ical/privkey.pem -out /etc/kopano/ical/cert.pem
       -days 1095.

       Default: /etc/kopano/ical/cert.pem

   ssl_verify_client
       Enable client certificate verification with value yes. All other values disable the verification.

       Default: no

   ssl_verify_file
       The file to verify the clients certificates with.

       Default: value not set.

   ssl_verify_path
       The path with the files to verify the clients certificates with.

       Default: value not set.

   ssl_protocols
       A space-separated list of disabled or enabled protocol names. Supported protocol names depend on the
       system's SSL library; depending on version, one or more of the following are available: TLSv1.3, TLSv1.2,
       TLSv1.1, SSLv3, SSLv2. To disable a protocol, prefix the name with an exclamation mark.

       Default: !SSLv2 !SSLv3 !TLSv1 !TLSv1.1

   ssl_ciphers
       A colon-separated list of disabled or enabled SSL/TLS ciphers. Supported cipher names depend on the
       system's SSL library, and are generally plentiful. To disable a cipher or cipher group, prefix the name
       with a minus or exclamation mark. Details and meaning of the syntax are described in ciphers(1).

       Default: DEFAULT:!LOW:!SSLv2:!SSLv3:!TLSv1.0:!TLSv1.1:!EXPORT:!DH:!PSK:!kRSA:!aDSS:!aNULL:+AES

   ssl_prefer_server_ciphers
       In SSLv3 and newer, the server side gets to make the ultimate cipher pick out of the set that both ends
       support. In doing so, it can either use the client preference list, or, if this directive is set to
       "yes", its own list (as determined by ssl_cipher).

       Default: yes

   ssl_curves
       ECDH curves to use for SSL

       Default: X25519:P-521:P-384:P-256

   log_method
       The method which should be used for logging. Valid values are:

       syslog Use  the  syslog  service.  Messages  will  be  sent  using  the  "mail"  facility  tag.  See also
              journald.conf(5) or syslog.conf(5).

       file   Log to a file. The filename will be specified in log_file.

       auto   Autoselect mode: If log_file is set, that will be used.  Else, syslog will be  used  if  it  looks
              like it is available.  Else, stderr.

       Default: auto

   log_file
       When logging to a file, specify the filename in this parameter. Use - (minus sign) for stderr output.

       Default: -

   log_level
       The level of output for logging in the range from 0 to 6. "0" means no logging, "1" for critical messages
       only,  "2"  for error or worse, "3" for warning or worse, "4" for notice or worse, "5" for info or worse,
       "6" debug.

       Default: 3

   log_timestamp
       Specify whether to prefix each log line with a timestamp in 'file' logging mode.

       Default: 1

   log_buffer_size
       Buffer logging in what sized blocks. The special value 0 selects line buffering.

       Default: 0

   enable_ical_get
       Enable the ical GET method to download an entire calendar. When set to 'yes', the GET method  is  enabled
       and  allowed. If not, then calendars can only be retrieved with the CalDAV PROPFIND method, which is much
       more efficient. This option allows you to force the use of CalDAV which lowers load on your server.

RELOADING

       The following options are reloadable by sending the kopano-ical process a HUP signal:

       log_level

FILES

       /etc/kopano/ical.cfg
           The Kopano iCal/CalDAV gateway configuration file.

AUTHOR

       Written by Kopano.

SEE ALSO

       kopano-ical(8)

Kopano 8                                          November 2016                               KOPANO-ICAL.CFG(5)