After the arrest of Pavel Durov, I wanted to move from Telegram to something end-to-end encrypted. I know Signal is pretty good, but I think it is better to have our messages in my own server.

I have already looked in XMPP, but it required SSL certs and I did not have the mood to configure them.

Do you know any other selfhosted messaging service for a group of 4-5 friends, or an easy way to configure an XMPP server? Or shall I use Signal after all (I don’t really care that much about being selfhosted, I just thought it would be more privacy friendly)?

UPDATE: I managed to set up an XMPP server using prosody with the SSL certs. We have been testing it with my friend and it seems to go well.

  • @[email protected]
    link
    fedilink
    English
    32 months ago

    Can confirm, I do this as well for my local services (especially important for Jellyfin), I just point my local DNS server at my local IP and everything works perfectly.

    • @[email protected]
      link
      fedilink
      English
      12 months ago

      Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.

      • @[email protected]
        link
        fedilink
        English
        12 months ago

        I suppose, but then you’re kind of screwed if you want to access Jellyfin outside of your network. I suppose you could use a VPN, but it’s probably easier to just not use the Chromecast (or just accept that it’s going to hit the WAN regardless).

        • @[email protected]
          link
          fedilink
          English
          12 months ago

          Yeah I don’t expose Jellyfin over the Internet, so it doesn’t matter for me, and wouldn’t work at all over WAN (unless VPN’d to home network).

          Also, it’s all reverse proxied, and there’s nothing preventing having two Jellyfin hostnames, e.g., jf-local.mydomain.com and jf-public.mydomain.com.

          • @[email protected]
            link
            fedilink
            English
            22 months ago

            Then you’re all clear.

            I personally want my Jellyfin to be on the WAN, and I have certain devices on my internal network VPN’d to my VPS, which exposes the services I want to access remotely. But if you don’t need that, using the local addr in your DNS config totally works. Getting TLS certs will be complicated, but you don’t need that anyway if everything is local or over a VPN.

            • @[email protected]
              link
              fedilink
              English
              22 months ago

              Getting TLS certs will be complicated

              I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)