top | item 47035922

(no title)

yosamino | 13 days ago

I've run an XMPP server in various states of professionalism for around 20 years now. From mom's basement all the way to a colocated server with a similar setup that's described in the post.

The only caveat I have not been able to solve is hosting an xmpp server for a different domain, like it's possible with email.

A client connecting the account joe.doe@example.ORG will find the server it wants to connect to via SRV to be , e.g., xmpp14.example.COM and expect a TLS certificate for "example.ORG" which that server does not have (nor can/should easily get) - which makes sense in a lot of ways, but limits the ways one can offer hosting services.

If anyone has creative solutions I'm all ears.

discuss

singpolyma3|13 days ago

You need a certificate for the domain you are going to serve of course. You can get one with ACME DNS challenges pretty easily (I have my clients set up a CNAME for the _acme-challenge subdomain of their domain).

yosamino|13 days ago

I worded that poorly.

Yes, that is of course correct. But that means that your clients have to trust you without technical safeguards, that you will not use this to get for certificates for purposes other than XMPP.

Which, in my mind, is a problem if the domain is not used just for XMPP, but lets say for a website as well.

nicoco|13 days ago

I know at least two services that offer hosting with your own domain: https://my.snikket.org/ and https://account.conversations.im/domain/ so I suppose it is not that complex to setup.

yosamino|13 days ago

Correct, but that means you cannot share that domain securely with, let's say, a website. No ?

fluoridation|13 days ago

I've always just used self-signed certificates. On first connect, the client will ask the user to trust your CA. There's no real difference in terms of security.