Running My Own XMPP Server » Danny Notes from setting up Prosody in Docker for federated messaging, with file sharing, voice calls, and end-to-end encryption. About a year ago I moved my personal messaging to Signal as part of a broader push to take ownership of my digital life. That went well. Most of my contacts made the switch, and I’m now at roughly 95% Signal for day-to-day conversations. But Signal is still one company running one service. If they shut down tomorrow or change direction, I’m back to square one. XMPP fixes that. It’s federated, meaning your server talks to other XMPP servers automatically and you’re never locked into a single provider. Your messages live on your hardware. The protocol has been around since 1999 and it’s not going anywhere. I’d tried XMPP years ago and bounced off it, but the clients have come a long way since then. Monal and Conversations are genuinely nice to use now. This post covers everything I did to get a fully working XMPP server running with Prosody in Docker, from DNS records through to voice calls. Prerequisites A server with Docker and Docker Compose A domain you control TLS certificates (Let’s Encrypt works well) DNS records XMPP uses SRV records to let clients and other servers find yours. You’ll need these in your DNS: _xmpp-client._tcp.xmpp.example.com SRV 0 5 5222 xmpp.example.com. _xmpp-server._tcp.xmpp.example.com SRV 0 5 5269 xmpp.example.com. Port 5222 is for client connections, 5269 is for server-to-server federation. You’ll also want an A record pointing xmpp.example.com to your server’s IP. If you want HTTP file uploads (I’d recommend it), add a CNAME or A record for upload.xmpp.example.com pointing to the same server. Same for conference.xmpp.example.com if you want group chats with a clean subdomain, though Prosody handles this internally either way. TLS certificates Prosody won’t start without certificates. I use Let’s Encrypt with the Cloudflare DNS challenge so I don’t need to expose port 80: docker run –rm \ -v ~/docker/xmpp/certs:/etc/letsencrypt \ -v ~/docker/xmpp/cloudflare.ini:/etc/cloudflare.ini:ro \ certbot/dns-cloudflare certonly \ –dns-cloudflare \ –dns-cloudflare-credentials /etc/cloudflare.ini \ -d xmpp.example.com The cloudflare.ini file contains your API token: dns_cloudflare_api_token = your-cloudflare-api-token After certbot runs, fix the permissions so Prosody can read the certs: chmod -R 755 ~/docker/xmpp/certs/live/ ~/docker/xmpp/certs/archive/ chmod 644 ~/docker/xmpp/certs/archive/xmpp.example.com/*.pem Set up a cron to renew monthly: 0 3 1 * * docker run –rm -v ~/docker/xmpp/certs:/etc/letsencrypt \ -v ~/docker/xmpp/cloudflare.ini:/etc/cloudflare.ini:ro \ certbot/dns-cloudflare renew \ –dns-cloudflare-credentials /etc/cloudflare.ini \ && docker restart xmpp The Docker setup The docker-compose.yml : services : prosody : image : prosodyim/prosody: 13.0 container_name : xmpp restart : unless-stopped ports : – “5222:5222” – “5269:5269” volumes : – prosody-data:

Source: Hacker News | Original Link