HTTP modules¶
About http module support¶
This assumes you already have the relevant modules enabled in your Cyrus installation, either via packages, or through a manual installation.
CalDAV, CardDAV and WebDAV all provide their functionality through an http server. Cyrus HTTP is NOT a general purpose HTTP server (such as Apache httpd). Its feature set is limited to:
- Calendaring (CalDAV)
Acts as a calendar and scheduling server by using IMAP mailboxes as calendar collections and RFC 5322 messages to store iCalendar data.
Allows non-CalDAV/remote calendar clients to query freebusy information of Cyrus CalDAV users via freebusy URLs.
Allows scheduling transactions between separate calendaring and scheduling systems via the iSchedule protocol (currently only used within a Cyrus Murder).
Acts as a Time Zone Distribution Service by serving iCalendar (VTIMEZONE) data to client systems.
- Contacts (CardDAV)
Acts as a contacts server by using IMAP mailboxes as addressbook collections and RFC 5322 messages to store vCard data.
- File Storage (WebDAV)
Acts as a remote storage server server by using IMAP mailboxes as collections and RFC 5322 message to store files.
- Other (RSS, static content)
Serves static content (such as the RSS feed list template and the CalDAV/CardDAV web GUIs ).
Serves IMAP mailboxes as RSS feeds.
HTTPD Configuration¶
General configuration¶
The Cyrus httpd service is configured using options in imapd.conf(5).
The support for RSS, CalDAV, and CardDAV is divided into separate modules which
run as part of the Cyrus httpd service. Selection of which module(s) are enabled
is done by setting the httpmodules
option. By default, no modules
are enabled.
Cyrus httpd also can serve static content, the location of which is set by the
httpdocroot
option. Any content contained in the specified directory (including
sub-directories) will be served as static content only. Cyrus httpd does NOT
have the ability to execute any server-side scripts.
Authentication¶
As with other Cyrus services, the Cyrus httpd service uses Cyrus SASL to perform its authentication. Cyrus supports the following HTTP authentication schemes: Basic, Digest, Negotiate (Kerberos only), and NTLM. While Basic and NTLM are available in all versions of SASL, the remaining schemes are only available in Cyrus SASL 2.1.16 (and higher).
Similar to plaintext login commands supported by the other Cyrus services (IMAP
LOGIN, POP3 USER/PASS), the Cyrus httpd service determines whether to advertise
the HTTP Basic authentication scheme based on the allowplaintext
option and
whether the client has connected over a TLS protected connection (HTTPS).
The availability of the other HTTP authentication schemes is controlled by the SASL mech_list option option. For Cyrus httpd the DIGEST-MD5, GSS-SPNEGO, and NTLM SASL plugins support the Digest, Negotiate, and NTLM authentication schemes respectively, provided that these plugins are installed on the server.
Module-specific information¶
For end users¶
Some information must be passed on to your end users so that they know how to configure their clients in order to access their data on Cyrus. The list below needs to be customized to your specific hostnames.
- CalDAV
Many clients find calendars automatically if you provide the correct server, username and password.
Otherwise, use the direct URL:
https://<servername>/dav/calendars/user/<userid>/<calendar>/
- Freebusy
https://<servername>/freebusy/user/<userid>
- considers all CalDAV collections of the userhttps://<servername>/freebusy/user/<userid>/<collection-name>
- considers a single CalDAV collectionQuery parameters can be added to the URL per Section 4 of Freebusy Read URL.
- CardDAV
Many clients find addressbooks automatically if you provide the correct server, username and password.
Otherwise, use the direct URL:
https://<servername>/dav/addressbooks/<userid>/<addressbook>
The address book(s) are automatically filtered based on the username and password supplied.
- WebDAV
https://<servername>/dav/drive/user/<userid>
- RSS
https://<servername>/rss/
Serves up all mailboxes (read-only) that the authenticated user has access to.