I’m looking to try self-hosting an XMPP server for my family to use as a secure communication platform. I realize that end2end encryption with XMPP doesn’t seem as strong as something like Matrix but my self-hosted Matrix server has been very unreliable.
I’m looking for recommendations and resources. I’v considered running Prosody and Openfire but both of them look like a pretty involved installation process with plenty of room to fuck up. Does anyone know of something similar to matrix-ansible-install for an XMPP server? Should I be looking at something besides Prosody or Openfire?
Please, no YouTube tutorials. I prefer written instructions.
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result
For all the people about to downvote:
Decentralized communication protocol Matrix shifts to less-permissive AGPL open source license
Element, the company and core developer behind the decentralized communication protocol known as Matrix, has announced a notable license change that will make the open source project just that little bit less appealing for companies looking to build on top of it.
moving to AGPL is “less permissive” than the apache license they currently use? no. this is just plain wrong. the supposedly less-permissive part is the CLA they are asking contributors to sign so they can dual-license the software in some situations, but the CLA isn’t even written yet and they are actively listening to feedback from the community to determine how best to shape this license agreement so that all parties are happy.
moving to AGPL is “less permissive” than the apache license they currently use? no.
Oh yes, but it is.
Apache > You can do what you like with the software, as long as you include the required notices.
AGPL > You may do what you like BUT you need to track changes and provide the source code - this essentially kills any company trying to build a product around it.
We dont want a bunch of proprietary extensions to an open communications standard, do we? This is something positive.
That said, I dont have much hope for matrix.
Implemented in python with the initial goal of “bridging every chat platform in existence” is just bound to be a disaster.
Maintaining anything beyond a couple of hundred lines in python becomes tedious imo.
The rewrite in go has been spoken about since like 2018, and matrix.org still runs synapse iirc. Synapse should have been trashed immediately after MVP demonstration.
Theres also conduit, but to be honest, i feel like the lesson here is to avoid feature creep. Safe, fast and distributed dm text chat should have been the target functionality, with a lean, mean codebase.
Self hosting XMPP works well for most internal things. IMHO communication software that you’re relying on shouldn’t be hosted at home.
Both of those that you mentioned are great. I’ve used ejabberd in addition to that. I think prosody is better. Here’s a link to a list of more servers.
Another option since XMPP can do E2EE is use conversations.im it is my go to for XMPP hosting.
Being that this community is for self-hosting I prefer to keep all of my services self-hosted. I have seen that list from a Google search already but thank you anyway.
I’m wasn’t implying that you shouldn’t host it yourself at all. Just maybe use a VPS for hosting it yourself.
Getting buy in on the family & friends aspect is being able to match or exceed the popular free services. If there’s a perception that it’s not reliable then it’s highly unlikely they’ll keep using it. So the last thing you want is to have something happen to your internet connection, NAS, etc. At the end of the day it’s the pesky perception equals reality thing that dooms things like this and tanks the spouse approval factor.
You’re absolutely right about the perception. You make a good point. I’m not sure OP got that you’re not trying to talk them out of self hosting, but rather bring up the importance of reliability regardless of their setup. Thanks!
This isn’t meant to be used in case of emergency (not mission critical). I just want something to replace Google Hangouts, primary for my wife and myself.
That being said, I feel comfortable with the security and stability of my backend and I’m already hosting publicly accessible projects for myself and others. I don’t need you to try to talk me out of it.
Nobody told me this, it was just lack of information on my part. Matrix makes a big deal about end2end encryption but Prosody and Openfire don’t seem to put that point out front.
If you are using Snikket, use the Snikket app. It has OMEMO enabled by default. Otherwise I think Cheogram is good, see: https://joinjabber.org/docs/apps/#
Prosody and Openfire are servers while end-to-end encryption happens on the client side (that’s why it’s called end-to-end). It would be kind of strange if a server implementation talks about E2EE. The OMEMO protocol only needs server features which are widely implemented. Maybe there is an ancient XMPP server implementation out there that doesn’t support it, but you will be fine with Prosody, Snikket, ejabberd or anything else really.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
deleted by creator
Might it be easier to upgrade to Matrix 2.0? Haven’t tested it but it’s supposed to be like 80x faster and more reliable.
What about… just NO.
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result
For all the people about to downvote:
https://techcrunch.com/2023/11/06/decentralized-communication-protocol-matrix-shifts-to-less-permissive-agpl-open-source-license/
moving to AGPL is “less permissive” than the apache license they currently use? no. this is just plain wrong. the supposedly less-permissive part is the CLA they are asking contributors to sign so they can dual-license the software in some situations, but the CLA isn’t even written yet and they are actively listening to feedback from the community to determine how best to shape this license agreement so that all parties are happy.
this is FUD.
Oh yes, but it is.
Apache > You can do what you like with the software, as long as you include the required notices. AGPL > You may do what you like BUT you need to track changes and provide the source code - this essentially kills any company trying to build a product around it.
We dont want a bunch of proprietary extensions to an open communications standard, do we? This is something positive.
That said, I dont have much hope for matrix. Implemented in python with the initial goal of “bridging every chat platform in existence” is just bound to be a disaster.
Maintaining anything beyond a couple of hundred lines in python becomes tedious imo.
The rewrite in go has been spoken about since like 2018, and matrix.org still runs synapse iirc. Synapse should have been trashed immediately after MVP demonstration.
Theres also conduit, but to be honest, i feel like the lesson here is to avoid feature creep. Safe, fast and distributed dm text chat should have been the target functionality, with a lean, mean codebase.
Thanks for coming to my ted talk
Just like Chia, who on their right minds would do those things in Python.
The fact that the ccc uses matrix as their official chat “app” doesn’t imply that it is inherently insecure I would say.
I’m done with Matrix for now and I want to see if XMPP will work for me.
Fair enough. I’m not a big fan of Matrix anyway. Just thought it might be easier for you.
Self hosting XMPP works well for most internal things. IMHO communication software that you’re relying on shouldn’t be hosted at home.
Both of those that you mentioned are great. I’ve used ejabberd in addition to that. I think prosody is better. Here’s a link to a list of more servers.
Another option since XMPP can do E2EE is use conversations.im it is my go to for XMPP hosting.
Being that this community is for self-hosting I prefer to keep all of my services self-hosted. I have seen that list from a Google search already but thank you anyway.
I’m wasn’t implying that you shouldn’t host it yourself at all. Just maybe use a VPS for hosting it yourself.
Getting buy in on the family & friends aspect is being able to match or exceed the popular free services. If there’s a perception that it’s not reliable then it’s highly unlikely they’ll keep using it. So the last thing you want is to have something happen to your internet connection, NAS, etc. At the end of the day it’s the pesky perception equals reality thing that dooms things like this and tanks the spouse approval factor.
You’re absolutely right about the perception. You make a good point. I’m not sure OP got that you’re not trying to talk them out of self hosting, but rather bring up the importance of reliability regardless of their setup. Thanks!
This isn’t meant to be used in case of emergency (not mission critical). I just want something to replace Google Hangouts, primary for my wife and myself.
That being said, I feel comfortable with the security and stability of my backend and I’m already hosting publicly accessible projects for myself and others. I don’t need you to try to talk me out of it.
@stown@sedd.it take a look at #Snikket
Is a semplified Prosody-like server you can install with docker.
And OMEMO is a very good enryption protocol, same as Signal.
Thank you! I appreciate the tip. Install instructions already look much clearer.
Who told you this bit of misinformation? OMEMO e2ee on XMPP is significantly “stronger” than what Matrix does (which is a watered down version).
Snikket mentioned below is probably the easiest to get started with.
Nobody told me this, it was just lack of information on my part. Matrix makes a big deal about end2end encryption but Prosody and Openfire don’t seem to put that point out front.
Why would they? They are not selling snakeoil 😏
On a more serious note: e2ee is a client feature, so it makes little sense for server software to highlight it.
Is there a client for Android that you would recommend which implements OMEMO?
Conversations from F-Droid is pretty solid.
If you are using Snikket, use the Snikket app. It has OMEMO enabled by default. Otherwise I think Cheogram is good, see: https://joinjabber.org/docs/apps/#
You can use Snikket with other servers too, there is no restriction or special sauce. It’s mostly a fork of Conversations.
Prosody and Openfire are servers while end-to-end encryption happens on the client side (that’s why it’s called end-to-end). It would be kind of strange if a server implementation talks about E2EE. The OMEMO protocol only needs server features which are widely implemented. Maybe there is an ancient XMPP server implementation out there that doesn’t support it, but you will be fine with Prosody, Snikket, ejabberd or anything else really.
This isn’t true.