XMPP Service Operators - 2021-07-12

> Hello, are there any admins of the Tigase public xmpp server here? @emus 🙋‍♂️

Wojtek: Im gonna text you later! ☺

Anyone knows sure.im? > Establishing a secure connection from diebesban.de to sure.im failed. Certificate hash: d6a22d3a9d5cf8d5d6c7962313024144359f71cfc1073c2165825e5b26f2d1b4. Error with certificate 0: certificate has expired.

Martin, sure.im is a domain from Tigase, so Wojtek for example…

Biggest enemy of xmpp, non-autoupdating server certs

Wojtek, you might be interested in https://observe.jabber.network/ in order to get warned of such issues before they happen.

Don't y'all get emailed when your cert is a few weeks from expiring?

Харпер, most such services only monitor HTTPS, which is usually controlled by a different process than XMPP.

I get emails from let's encrypt

I guess if you had certbot update them but not copy them in place is the common issue?

Doesn't ejabbers have native acme support?

https://docs.ejabberd.im/admin/configuration/basic/#setting-up-acme

Not sure the Tigase people run ejabberd 🙂

Holger, Харпер: they could start :))

Харпер: yes, but it might not be viable https://github.com/processone/ejabberd/issues/3075 Eg. Even in my small instance's case I can't use it

erm, @all: * we do use certbot and the certs are updated automatically... there is some weird issue that cached cert is being loaded (sometimes during restart and I was doing just that right now) -- we are investigating it but it's kinda "haisenbug" and when we look it doesn't happen. * we are already on observer.jabber.network and I got single notification :-)

Just reboot your servers daily

I use certbot and run "ejabberdctl reload" after certbot updates.

With what I hope are the obvious caveats....

It takes 2-3 cycles (aka 4-9 months) in production to level out all the bugs of one cron line, we know :)) ✏

it wasn't cronjob line... but cronjob hook ;) it should be working from now on <fingers crossed>

WojtekIM: that's what you've said last time ¯\_(ツ)_/¯

that's life

Is it possible to disco a xmpp-server via curl and is somebody able to give an example how to do it ? This would mayne help some people to get the admin

curl uses HTTP, disco is performed via XMPP

If you have a Prosody server with mod_rest then you can use curl to disco though

Okay, was just an idea. I monitor my certs via open_ssl, maybe curl or netcat could help.

we could teach authbot to resolve contact info of XMPP servers which publish it

but I’m not sure if that’s something which is desirable

Mmm...

jonas’: "contact info" meaning like e-mail address for the domain admin or something?

Everyone should just do xmpp@domain.com

Which I think is an xep recommendation? Maybe not

I've got it for all my virtual hosts

I feel like..., if people wanted to be found like that then they'd advertise their info via any of the standard means like: * WHOIS * links on web pages * standard aliases like "postmaster", "hostmaster", etc....

https://datatracker.ietf.org/doc/html/rfc2142

Is there a MUC for Gajim? I looked around on the site and didn't notice one

Amolith: xmpp:gajim@conference.gajim.org?join

Licaon_Kter, thank you!

Hello everyone, new user here, evaluating jabber to see if i want to run an instance.

freemo: that's a good start

rozzin, Харпер: Sometimes SMTP and XMPP isn't offered by the same company/person admin@xmpp.foo.bar can't be reached if xmpp is down, therefor maybe an additional admin@reserve.bar or an additional xmpp@mail.foo.bar is named in admin-disco.

ernst.on.tour: granted. My thought was just that so many server operators seem to go out of their way to make their contact info altogether undiscoverable with things like obfuscated WHOIS etc., and the question of "_which_ specific contact info" seems pretty meaningless in those cases--basically because that question is made "unaskable".

I actually had someone I'd met at a conference call me at the phone number in the WHOIS listing for the domain of a project we'd talked about. It was quite a nice experience actually--made me feel like I'd made the right decision keeping the info in there.

I've always hidden mine in whois because it lists your home address

If I could just put email and phone I'd probably do that

Even just a VoIP number like jmp

rob: well, it lists *an* address.... Plenty of people get PO boxes to decouple their home address from their public mailing address.

PO boxes here are something like... $100/year?

ah

like $1000 in Canada

That's not like $100 US anymore, is it?

$100/*month* sounds incredibly expensive to me. Pretty sure there are USPS boxes available for rates like that here, but those would be the *really big* ones. Might cost more in bigger cities, maybe?

A small one is $173 annually in Canada

Sorry that's rural, $199 in cities

Like the size for regular letters

Small one in US is about 80 a year

Ya not bad, but I try to avoid any extra cost with self hosting. And all the standard email inboxes work fine for me, with xmpp@ included

rob: Are you a fox

Indeed