[Question] Integrating this program into a selfhosted server

[thelittleblackbird]

Hi again,

After some succesfully test i would like to fully integrate this dav server into my selfhosted stack. But this leaves a lot of questions that i would like to know if there is recommended way to do:

• Is there any backup strategy or jsut the backup of the regular databases?
• can this services be integrated with a SSO proxy like authentik?
• is there a way to check the user disk usage or the user data?

and a few questions about the program that i am not able to understand the use case:

• what is the use of login with a user into http://192.168.178.7:9000/dav/?
• once you login, how do you disconnect the session?

and for finishing a suggestion:

• if you could make some variable for a default config like allowing TODOs and note into calendars, or how big the numbers of calendars/entries in the address book it would be super nice. and if you could do it reading some variables for the user from the LDAP then an extra few points for that.

regards and thanks

[tchapi]

Is there any backup strategy or jsut the backup of the regular databases?

I do backup the database and the files (webdav) (see here for my personal setup that includes Davis)

can this services be integrated with a SSO proxy like authentik?

So far no (You're talking about the admin part, right?)

is there a way to check the user disk usage or the user data?

Not now, but that would be a nice feature I guess (the disk usage). What do you mean by 'user data'?

what is the use of login with a user into http://192.168.178.7:9000/dav/?

It's just an UI, provided by SabreDAV, that allows to interact directly in the browser with the DAV implementation

once you login, how do you disconnect the session?

Admin: by login out in the menu
DAV: you don't "really" log out, it's HTTP Auth (so the credentials are sent by your browser with each request)

if you could make some variable for a default config like allowing TODOs and note into calendars

A variable that would allow or disallow the usage of VEVENT,VTODO,VJOURNAL for every calendar ?

, or how big the numbers of calendars/entries in the address book

Do you mean a limit to the number of calendars or entries that users can create ?

if you could do it reading some variables for the user from the LDAP then an extra few points for that.

The only limitation to this is that I'm pretty much a n00b in LDAP, but why not!

[thelittleblackbird]

Is there any backup strategy or jsut the backup of the regular databases?

I do backup the database and the files (webdav) (see here for my personal setup that includes Davis)

ok, got it. I have to admit that this would not be my preferred solution, because something like a database upgrade or switch to another infraestructure can be problematic if there is not any easy way to port the data.

can this services be integrated with a SSO proxy like authentik?

So far no (You're talking about the admin part, right?)

both parts, the admin and also the user part for the *dav protocols. I am having the feeling that it would be wise not to expose this service to internet without an extra security layer, and i was thinking into authentik with a sso as a solution.

are you exposing this service to internet? what is your feeling about that. Personally i am a bit worried about brute force attacks into an account.

is there a way to check the user disk usage or the user data?

Not now, but that would be a nice feature I guess (the disk usage). What do you mean by 'user data'?

the current data synchronized to the backend. The idea is to avoid abuse or even in case of the account is hacked to check if somebody is uploading tons of "not allowed" data to the account.

what is the use of login with a user into http://192.168.178.7:9000/dav/?

It's just an UI, provided by SabreDAV, that allows to interact directly in the browser with the DAV implementation

once you login, how do you disconnect the session?

Admin: by login out in the menu DAV: you don't "really" log out, it's HTTP Auth (so the credentials are sent by your browser with each request)

and when you log with a regualar user credential?

if you could make some variable for a default config like allowing TODOs and note into calendars

A variable that would allow or disallow the usage of VEVENT,VTODO,VJOURNAL for every calendar ?

at least a variable to set the default config.

, or how big the numbers of calendars/entries in the address book

Do you mean a limit to the number of calendars or entries that users can create ?

for example

if you could do it reading some variables for the user from the LDAP then an extra few points for that.

The only limitation to this is that I'm pretty much a n00b in LDAP, but why not!

i am asking those questions because in my use case i selfhost for my family and some friends (around 10 ligght users, not very tech savvy) and even if those numbers are not really high, it can easily became a burden the manual configuration / problem resolution for each of them. so i try automatize everything and i need to maintain always the idea of wrong password leaked into my concerns.

So thanks a lot for your answes

[tchapi]

are you exposing this service to internet? what is your feeling about that. Personally i am a bit worried about brute force attacks into an account.

I am, and I'm feeling ok. The security is strong enough (given you have strong passwords) to avoid the casual, passing-by hacker. If someone wants to target me personally, they would have far easier ways to do so from which I can't really protect myself, so I wouldn't be concerned by a simple, reasonably safe login form.

That being said, I'm currently investigating authelia (for other services), so I might add an option for that (ie: OIDC) on the admin part. For the regular user, the *dav protocol doesn't permit it, so 🤷🏼

The idea is to avoid abuse or even in case of the account is hacked to check if somebody is uploading tons of "not allowed" data to the account.

Got it. I might look into it, but it's not a priority. Happy to review a PR though.

and when you log with a regualar user credential?

That's what I said: you don't "really" log out, it's HTTP Auth (so the credentials are sent by your browser with each request). If you want to log out, clear your browser session I guess?

at least a variable to set the default config.

It'd be possible I guess, yes

Do you mean a limit to the number of calendars or entries that users can create ?

I'm not sure it makes sense. Calendars grow because past events are not deleted, so I wouldn't limit the number of events. Same for contacts. I don't really see what you'd be trying to mitigate here

[thelittleblackbird]

Do you mean a limit to the number of calendars or entries that users can create ?

I'm not sure it makes sense. Calendars grow because past events are not deleted, so I wouldn't limit the number of events. Same for contacts. I don't really see what you'd be trying to mitigate here

here i am more concerned about a calendar taking gigas of space because somebody is uploading files to the events. even if you limit the size of the attached files you only need to split the undesired file into pieces to bypass this soution.

In the end the most practical thing is to hard limit the space and/or add watchers for the space.

Dont know, perhaps i am bit too strict/paranoid here.

[tchapi]

I'm closing this in favor of the roadmap here: https://github.com/users/tchapi/projects/1/views/1 where I added the SSO auth and the default configuration as feature requests.

About the disk space: I don't see a robust way of limiting it in the application space and I think it would pose more problems than it would solve in fact