XMPP Service Operators - 2023-04-02

  1. msavoritias

    Is nixnet sever supposed to have maintainance? I get remote server timeout when trying to add a room from their server.

  2. Harper

    The certificate still hasn't been renewed/deployed

  3. Roi

    ernst.on.tour, yes, it was down. I upgraded the server os.

  4. ernst.on.tour

    Roi: Thanks for the information, but in the middle of the day, on weekend, without announcement ? 😕 Some members from openim.de ask me what is going on. First downtime because export of db, second downtime for import of db, third downtime for upgrade os, all without information from your side. Can' t tell them anything. Just a little "Server will go down for upgrade os between 14:00-16:00UTC" in this MUC could help. 😉

  5. Roi

    ernst.on.tour, I did not imagine that it will take that long. Sorry. I will announce next time. Hopefully not soon, but the next Debian major version is not far...

  6. Roi

    About openim.de users: I got a lot (really a lot!) log messages about "unsupported protocol". The old openim.de server ran TLS on port 5223. It seems that a lot of clients are set to this configuration. They won't be able to login again.

  7. Licaon_Kter

    Roi: you don't control SRVs? Old ones were set up differently?

  8. Roi

    Licaon_Kter, Sure I do. But openim.de is now a vhost of the Hot-Chilli server. I won't run a different instance (on a different IP and so on) just because the old server was not configured the standard way.

  9. jonas’

    XEP-0368 on 5223 is not *that* uncommon.

  10. Licaon_Kter

    Well, their clients should use the bestest connection....eventually?

  11. Roi

    jonas’, we run TLS on 5222 and 80, and SSL on 5223 and 443. 80 and 443 run on the second IP as these would interfere with the webserver.

  12. Roi

    Licaon_Kter, I thought, too. But it seems that some clients have a static manual setup here.

  13. jonas’

    SSL? surely you mean direct TLS.

  14. jonas’

    nobody should be running SSL these days :-)

  15. Roi

    Anyway, some clients are hammering the server. ;-) From the log activity, some clients a lot or many clients a bit.

  16. Roi

    jonas’, yes, sorry. We started the server in 2005... It was called SSL then and still in my head. ;-)

  17. Licaon_Kter

    Startup pressure is a known thing...

  18. Roi

    Anyway, I will not change the config, or other clients might have the same problem. And openim is in the minority of active users comparing to the rest.

  19. Roi

    Licaon_Kter, You mean after the server restarts? Yeah. But this is something different. It does not stop or gets less.

  20. Licaon_Kter


  21. Licaon_Kter

    You can pinpoint which Client does this?

  22. Roi

    Apr 02 18:57:33 c2s5626fad6d810 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s5626ee839ef0 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s562710b5e850 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s56271189c810 info Client disconnected: unsupported protocol

  23. Roi

    About 100 per second.

  24. Roi

    But no, not really. Would need to tcpdump or something like this. And then I have the IP. Then what? ;-)

  25. Licaon_Kter

    Better drop that IP for 24h or so

  26. Roi

    I do not have it.

  27. Roi

    And my guess is that it is not one IP but many.

  28. Licaon_Kter

    Drop them all, imho that's expected.

  29. Menel

    The old one had starttls on 5223 and people had to specify that in the client manually ?

  30. Menel

    Thats sad, and likely they now know not what the problem is, and think the server is down or something .

  31. Roi

    Menel, yepp that's the problem. Sure, they can check the website and will find the solution. I also mentioned it in the blog.

  32. msavoritias

    will they know to check the hot-chilli website though? and that the server they were has moved? i hope they have other accounts to check and ask

  33. moparisthebest

    Roi: you mean starttls on 5223 instead of direct TLS?

  34. moparisthebest

    You can run both on the same port with sslh or xmpp-proxy