-
zcyph
I read about DNS SRV for XMPP, if the server is xmpp.example.com to get usernames to appear as user@example.com or something along those lines. Has anyone been able to do that?
-
rob
Yes
-
rob
Prosody for example https://prosody.im/doc/dns
-
rob
But the DNS works the same for other servers
-
rob
I have a number of domains that all have srv records pointing at a server on another subdomain
-
rob
But it works for the same domain as in your example
-
zcyph
I've never been able to get it to work, so I'm not sure if I'm configuring it wrong or just misunderstanding. Set correctly I should then be able to log in with client apps using user@example.com and other users will be able to find me that way too, even though the server actually is at xmpp.example.com right?
-
rob
Yes, if you give me the domains I'm happy to tell you what DNS you need
-
rob
This assumes you control the server, it didn't work if you want a custom username@domain but your account is on someone else's server
-
rob
The server has to know about the domain, called a virtual host
-
zcyph
Awesome thanks, I'm trying to get chat.sendly.cc and xmpp.zcyph.cc to sendly.cc and zcyph.cc respectively
-
moparisthebest
And you need the right certificate, ie for example.com and not xmpp.example.com
-
rob
But then you would at least get a certificate error?
-
zcyph
Right certificate?
-
moparisthebest
I didn't check these I just mean in general
-
rob
zcyph: so in the doc for prosody, replace example.com and xmpp.example.com with sendly.cc and chat.sendly.cc and the same for zcyph.cc and xmpp.zcyph.cc
-
rob
You need both client and server records for each domain
-
rob
And the port needs to be the configured port on your server, which might not be what is in the doc
-
rob
zcyph: what server and how did you set it up? Did you follow a guide or use the documentation?
-
rob
And by server I meant what server software, prosody or ejabberd etc
-
zcyph
I used Snikket (https://snikket.org/service/quickstart/) behind Nginx (https://github.com/snikket-im/snikket-server/blob/master/docs/advanced/reverse_proxy.md)
-
moparisthebest
That's trickier, I think Snikket doesn't support it out of the box because then it's impossible to get the proper certificates I mentioned without even more setup
-
zcyph
damn, am i just better off installing prosody instead
-
rob
Ah could be, snikket is meant to just work. But doesn't really support advanced configuration. At that point you should consider running prosody itself
-
rob
You can still use the invites modules and conversejs if those appeal to you
-
rob
As an example https://git.loranger.xyz/rob/gists/src/branch/mistress/prosody-config
-
zcyph
their docs say they use 5222 (client ot server) and 5269 (server to server) - aren't those the standard ones
-
rob
They are, but you need certificates for both example.com and xmpp.example.com
-
rob
There is a snikket chat which might be of more help as we are only assuming
-
rob
This one is specific to custom installs xmpp:unofficial@channels.snikket.org?join
-
zcyph
thank you
-
rob
No problem
-
zcyph
I found this in their FAQ: "Sometimes we get asked if it is possible to have a different address for users, such as user@example.com. Technically XMPP supports this (by adding custom SRV records in DNS), but it’s made complex by the requirement for certificates for that domain. Snikket would need certificates for example.com, which is quite tricky unless the A record for that domain is also pointing at Snikket - Let’s Encrypt does not follow SRV records"
-
zcyph
That sounds like if I already have a website on a different machine using up example.com that i'm just outta luck for this
-
zcyph
but this certificate issue wouldn't be an issue with Prosody?
-
rob
Well you still need the certificate, so the server the software runs on needs a valid certificate for the domain
-
rob
In my case, I run my webserver and xmpp server on the same machine so it's not too hard
-
rob
You could get fancy, and use DNS challenges to get the certificate on the second machine. That way the a record isn't needed and can point at the web server
-
rob
But likely not for snikket
-
moparisthebest
zcyph: if you set up prosody directly, and your own method of getting certificates like acme.sh you could use the DNS challenge to get the right certs
-
moparisthebest
But now you see why Snikket doesn't support this...
-
rob
It's just too much for an easy to setup implementation
-
zcyph
ah
-
zcyph
Makes a bit more sense now, thanks
-
moparisthebest
One day DNSSEC might save us from this nightmare
-
moparisthebest
If something else doesn't save us first...
-
rob
There's always another nightmare 😶
-
junaid
so it seems like dismail.de is offline atm. if anyone knows the owner then please consider passing on the message.
-
MattJ
zcyph, there are many solutions to the certificate issue when deploying XMPP, so it's not that you're out of luck. It just requires you to pick a solution and set it up. For Snikket we're planning to add support for delegated DNS challenges, you can track progress on that at https://github.com/snikket-im/snikket-server/issues/60