XMPP Service Operators - 2023-04-02

Is nixnet sever supposed to have maintainance? I get remote server timeout when trying to add a room from their server.

The certificate still hasn't been renewed/deployed

ernst.on.tour, yes, it was down. I upgraded the server os.

Roi: Thanks for the information, but in the middle of the day, on weekend, without announcement ? 😕 Some members from openim.de ask me what is going on. First downtime because export of db, second downtime for import of db, third downtime for upgrade os, all without information from your side. Can' t tell them anything. Just a little "Server will go down for upgrade os between 14:00-16:00UTC" in this MUC could help. 😉

ernst.on.tour, I did not imagine that it will take that long. Sorry. I will announce next time. Hopefully not soon, but the next Debian major version is not far...

About openim.de users: I got a lot (really a lot!) log messages about "unsupported protocol". The old openim.de server ran TLS on port 5223. It seems that a lot of clients are set to this configuration. They won't be able to login again.

Roi: you don't control SRVs? Old ones were set up differently?

Licaon_Kter, Sure I do. But openim.de is now a vhost of the Hot-Chilli server. I won't run a different instance (on a different IP and so on) just because the old server was not configured the standard way.

XEP-0368 on 5223 is not *that* uncommon.

Well, their clients should use the bestest connection....eventually?

jonas’, we run TLS on 5222 and 80, and SSL on 5223 and 443. 80 and 443 run on the second IP as these would interfere with the webserver.

Licaon_Kter, I thought, too. But it seems that some clients have a static manual setup here.

SSL? surely you mean direct TLS.

nobody should be running SSL these days :-)

Anyway, some clients are hammering the server. ;-) From the log activity, some clients a lot or many clients a bit.

jonas’, yes, sorry. We started the server in 2005... It was called SSL then and still in my head. ;-)

Startup pressure is a known thing...

Anyway, I will not change the config, or other clients might have the same problem. And openim is in the minority of active users comparing to the rest.

Licaon_Kter, You mean after the server restarts? Yeah. But this is something different. It does not stop or gets less.

Odd

You can pinpoint which Client does this?

Apr 02 18:57:33 c2s5626fad6d810 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s5626ee839ef0 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s562710b5e850 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s56271189c810 info Client disconnected: unsupported protocol

About 100 per second.

But no, not really. Would need to tcpdump or something like this. And then I have the IP. Then what? ;-)

Better drop that IP for 24h or so

I do not have it.

And my guess is that it is not one IP but many.

Drop them all, imho that's expected.

The old one had starttls on 5223 and people had to specify that in the client manually ?

Thats sad, and likely they now know not what the problem is, and think the server is down or something .

Menel, yepp that's the problem. Sure, they can check the website and will find the solution. I also mentioned it in the blog.

will they know to check the hot-chilli website though? and that the server they were has moved? i hope they have other accounts to check and ask

Roi: you mean starttls on 5223 instead of direct TLS?

You can run both on the same port with sslh or xmpp-proxy