Why buy a domain name? Better XMPP.

Up to now, I have been using a free domain name from Dyn. All was well, so why would I change anything?

After a first answer in the form of a post about emails, then another about the web, I will now talk about Jabber, which is about more than just chat, all the more when you own a “real” domain name.

Cet article est aussi disponible en français.

As in the post about initial DNS setup, I will call “new.example” the new domain name. When it comes to DNS configuration, I will always show the expected input (web form), and then the result using the DNS syntax.

XMPP

XMPP is an extensible and open protocol, that is being used most notably by Google and Facebook (internally), with the purpose of enabling instant messaging. For this simple result (text, voice, and video), a free domain name is enough. But XMPP allows way more than that.

XMPP enables the creation of free and distributed social networks (in order to avoid depending on a big and commercial central server). Such social networks already exist (the first two of the list are interoperable):

  • Jappix runs in the web browser and offers features reminiscent of Facebook, even though the former is not actually based on the latter.
  • Movim also runs in the web browser, and offers a different look-and-feel, as well as a different organisation of screens.
  • Salut-à-Toi runs in the web browser, or as a desktop application, or even as a command-line tool; it dives into XMPP versatility much more than the others do (games, little programs, integration with alternative communication methods…).

Other social network tools exist, but I know less about those…

Being light on computing resources, and distributed too, the XMPP protocol is a perfect fit for self-hosting (whether at home or on a rent server); several free XMPP servers of good quality exist, although the last one in the following list is a bit harder to install and configure:

  • Prosody is the best compromise between installation ease (part of Debian Linux), light weight, and features, even though package-based installation in Debian requires an x86 server.
  • Metronome is a fork of Prosody, that is just as light weight and packs more features; it is however less present in Linux distributions’ software repositories. It was born from the need to support the features needed by Jappix.
  • eJabberD is the oldest of the three, heavier on resources and more complex; more complete too but this difference got smaller recently. It still is a very reliable server software, proven to support a lot of users simultaneously.

Just like an email address is about someone@somewhere, a JID (Jabber ID, the XMPP equivalent to the email address) is written as someone@somewhere. This “somewhere” may be a public server (resulting in a JID like someone@jappix.com for example). By using your own XMPP server, you get to use a custom JID based on your own domain name, the same way you get to use custom email addresses when you run your own email server; the email address and the JID may even be exactly the same ;-) This is how I chose to set up things.

Free and secure social network

The good side of a free and distributed social network is better privacy; it is even possible, if you use your own XMPP server, to make sure that your personal data remains on your personal server, instead of being uploaded to a third-party server with less-than-adequate usage conditions…

In order to completely participate in a free social network like Jappix, at least two sub-domains have to be enabled on the XMPP server (one for the “PubSub” extension, which lets you “follow” other people, the other for the “multi-user chat” extension); that in itself is easier to do if you own a domain name, but it can still be done freely, thanks to services like FreeDNS.

In short, these are the DNS records that I add for XMPP (for example):

New SRV record
Domain    : _xmpp-client._tcp.new.example
Priority  : 0
Weight    : 0
Port      : 5222
Target    : new.example
TTL       : 86400
⇓
_xmpp-client._tcp.new.example.	86400	IN	SRV	0 0 5222 new.example.

New SRV record
Domain    : _xmpp-server._tcp.new.example
Priority  : 0
Weight    : 0
Port      : 5269
Target    : new.example
TTL       : 86400
⇓
_xmpp-server._tcp.new.example.	86400	IN	SRV	0 0 5269 new.example.

New TXT record
Name      : _xmppconnect.new.example
Text data : _xmpp-client-xbosh=http://new.example:5280/http-bind
TTL       : 86400
⇓
_xmppconnect.new.example.	86400	IN	TXT	"_xmpp-client-xbosh=http://new.example:5280/http-bind"

New CNAME record
Name      : pubsub.new.example
Hostname  : new.example
TTL       : 86400
⇓
pubsub.new.example.	86400	IN	CNAME	new.example.

New CNAME record
Name      : muc.new.example
Hostname  : new.example
TTL       : 86400
⇓
muc.new.example.	86400	IN	CNAME	new.example.

Which means that:

  • XMPP instant messaging software should connect to my server on port 5222 (this is the standard port, which makes this record optional);
  • other XMPP servers should connect to mine on port 5269 (this is the standard port, which makes this record optional);
  • in case the standard ports are blocked by a firewall, a BOSH server (using the Prosody module, for example) is listening at the address listed after the = sign;
  • the “PubSub” extension is enabled and listening on the pubsub sub-domain, which is on the same host than (and in fact managed by) the main XMPP server;
  • the “multi-user chat” extension is enabled and listening on the muc domain, which is on the same host than (and in fact managed by) the main XMPP server.

A note about the BOSH server: the above example is simplistic; a better configuration would use Nginx or Apache as a proxy to BOSH so that standard ports can be used (80 for HTTP, 443 for HTTPS).

If you want your XMPP services to be secure, you need a valid certificate for each of the fore-mentioned sub-domains. This can be done easily and freely, provided you own your own domain name: go to StartSSL and create a Web certificate that will be valid for the first sub-domain, and then a Jabber certificate that will be valid for the other sub-domain. Prosody, for instance, can use certificates of either kind; in this case, it will use both kinds at the same time ;-)

Now, you need to get yourself some contacts on this network, in which much less people participate than in Facebook or Tweeter, of course… But you can already communicate with all your GoogleMail contacts, and that is a good start!

Ajouter un commentaire

Le code HTML est affiché comme du texte et les adresses web sont automatiquement transformées.

La discussion continue ailleurs

URL de rétrolien : http://yalis.fr/cms/index.php/trackback/44

Fil des commentaires de ce billet