Why buy a domain name? Better XMPP.
Par Yves le jeudi 20 février 2014, 13:36 - Lien permanent
Up to now, I have been using a free domain name from Dyn. All was well, so why would I change anything?
After a first answer in the form of a post about emails, then another about the web, I will now talk about Jabber, which is about more than just chat, all the more when you own a “real” domain name.
As in the post about initial DNS setup, I will call “new.example
” the new domain name. When it comes to DNS configuration, I will
always show the expected input (web form), and then the result using
the DNS syntax.
XMPP
XMPP is an extensible and open protocol, that is being used most notably by Google and Facebook (internally), with the purpose of enabling instant messaging. For this simple result (text, voice, and video), a free domain name is enough. But XMPP allows way more than that.
XMPP enables the creation of free and distributed social networks (in order to avoid depending on a big and commercial central server). Such social networks already exist (the first two of the list are interoperable):
- Jappix runs in the web browser and offers features reminiscent of Facebook, even though the former is not actually based on the latter.
- Movim also runs in the web browser, and offers a different look-and-feel, as well as a different organisation of screens.
- Salut-à-Toi runs in the web browser, or as a desktop application, or even as a command-line tool; it dives into XMPP versatility much more than the others do (games, little programs, integration with alternative communication methods…).
Other social network tools exist, but I know less about those…
Being light on computing resources, and distributed too, the XMPP protocol is a perfect fit for self-hosting (whether at home or on a rent server); several free XMPP servers of good quality exist, although the last one in the following list is a bit harder to install and configure:
- Prosody is the best compromise between installation ease (part of Debian Linux), light weight, and features, even though package-based installation in Debian requires an x86 server.
- Metronome is a fork of Prosody, that is just as light weight and packs more features; it is however less present in Linux distributions’ software repositories. It was born from the need to support the features needed by Jappix.
- eJabberD is the oldest of the three, heavier on resources and more complex; more complete too but this difference got smaller recently. It still is a very reliable server software, proven to support a lot of users simultaneously.
Just like an email address is about someone@somewhere
, a JID (Jabber ID, the XMPP equivalent to the email address) is written as someone@somewhere
. This “somewhere
” may be a public server (resulting in a JID like someone@jappix.com
for example). By using your own XMPP server, you get to use a custom JID based on your own domain name, the same way you get to use custom email addresses when you run your own email server; the email address and the JID may even be exactly the same ;-)
This is how I chose to set up things.
Free and secure social network
The good side of a free and distributed social network is better privacy; it is even possible, if you use your own XMPP server, to make sure that your personal data remains on your personal server, instead of being uploaded to a third-party server with less-than-adequate usage conditions…
In order to completely participate in a free social network like Jappix, at least two sub-domains have to be enabled on the XMPP server (one for the “PubSub” extension, which lets you “follow” other people, the other for the “multi-user chat” extension); that in itself is easier to do if you own a domain name, but it can still be done freely, thanks to services like FreeDNS.
In short, these are the DNS records that I add for XMPP (for example):
New SRV record Domain : _xmpp-client._tcp.new.example Priority : 0 Weight : 0 Port : 5222 Target : new.example TTL : 86400 ⇓ _xmpp-client._tcp.new.example. 86400 IN SRV 0 0 5222 new.example. New SRV record Domain : _xmpp-server._tcp.new.example Priority : 0 Weight : 0 Port : 5269 Target : new.example TTL : 86400 ⇓ _xmpp-server._tcp.new.example. 86400 IN SRV 0 0 5269 new.example. New TXT record Name : _xmppconnect.new.example Text data : _xmpp-client-xbosh=http://new.example:5280/http-bind TTL : 86400 ⇓ _xmppconnect.new.example. 86400 IN TXT "_xmpp-client-xbosh=http://new.example:5280/http-bind" New CNAME record Name : pubsub.new.example Hostname : new.example TTL : 86400 ⇓ pubsub.new.example. 86400 IN CNAME new.example. New CNAME record Name : muc.new.example Hostname : new.example TTL : 86400 ⇓ muc.new.example. 86400 IN CNAME new.example.
Which means that:
- XMPP instant messaging software should connect to my server on port
5222
(this is the standard port, which makes this record optional); - other XMPP servers should connect to mine on port
5269
(this is the standard port, which makes this record optional); - in case the standard ports are blocked by a firewall, a BOSH server (using the Prosody module, for example) is listening at the address listed after the
=
sign; - the “PubSub” extension is enabled and listening on the
pubsub
sub-domain, which is on the same host than (and in fact managed by) the main XMPP server; - the “multi-user chat” extension is enabled and listening on the
muc
domain, which is on the same host than (and in fact managed by) the main XMPP server.
A note about the BOSH server: the above example is simplistic; a better configuration would use Nginx or Apache as a proxy to BOSH
so that standard ports can be used (80
for HTTP, 443
for HTTPS).
If you want your XMPP services to be secure, you need a valid certificate for each of the fore-mentioned sub-domains. This can be done easily and freely, provided you own your own domain name: go to StartSSL and create a Web certificate
that will be valid for the first sub-domain, and then a Jabber certificate that will be valid for the other sub-domain. Prosody, for instance, can use certificates of either kind; in this case, it will use both kinds at the same time ;-)
Now, you need to get yourself some contacts on this network, in which much less people participate than in Facebook or Tweeter, of course… But you can already communicate with all your GoogleMail contacts, and that is a good start!