Hey All, I am just getting started in my journey. Part of my goals is to de-google my life and am looking to start with my calendar. I want to to sync with my laptop and my phone. I was going to start reading about nextcould because it seems like it would have the stuff I need and more. My question is what does the community use, so that I can read and research about it. No technical questions yet.


Edit: Not sure why I cannot see the replies when signed in (visible when logged out). Will be checking out your suggestions. Thanks Self Hosted community!

  • lemmyvore
    link
    fedilink
    English
    68 months ago

    Radicale on the server, exposed publicly on a “secret” subdomain.

    InfCloud as a web app.

    Calengoo on the phone and it also has clients for desktop (Windows, Linux, Mac).

    CalDAV-Sync / CardDAV-Sync to sync on Android (although Calengoo can also connect directly to Radicale).

    I tried DAVx5 for Android sync but it had issues with large calendars and would choke sometimes when it lost connectivity.

      • lemmyvore
        link
        fedilink
        English
        28 months ago

        Not if you get a wildcard certificate, then the CT logs only show *.example.com. The bad guys also can’t get subdomains from the DNS server without breaking into it because nowadays DNS servers don’t do public zone transfer.

        You can also use a wildcard CNAME on the DNS too, just to be extra safe. That way the subdomain names only live in your reverse proxy and on your devices, effectively acting as an additional auth factor (see below though). But it only works if you don’t need to define any explicit subdomain; typically clashes with email stuff because a CNAME on *.example.com won’t allow you to also have MX on *.example.com or TXT on _dmarc.example.com.

        It’s true that subdomains are not a super secret auth factor right now because of SNI (Server Name Indication) which transmits them in clear outside TLS connections, so that reverse proxies can do host-based routing. So the subdomain can be intercepted anywhere on routers, by ISP etc. It will also be freely given away to any DNS server you use to resolve them (but you can mitigate that by using DoH or DoT with a privacy-pledged DNS server). You also can’t afford to share links to your subdomain with anybody so it’s best kept for services used only by a select number of trusted people.

        The SNI issue is being worked on btw, we now have Encrypted Hello (ECH) which uses DoH keys to encrypt the domain name outside TLS, but ECH is still being adopted.