XMPP Service Operators - 2024-02-03

  1. klaudie

    RHEL (and similar) users please consider configuring fapolicyd to deny execution of non-packaged executables for increased security If you have no 3rd party packages it is only 3 simple commands. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_blocking-and-allowing-applications-using-fapolicyd_security-hardening

  2. astriid

    Are srv records required for the muc component?

  3. Stefan

    hello astriid, as far as I know, not. but you should have a dns entry for "conference" for the subdomain, and a cert that contains that subdomain. I'm not really sure, if this is all correct, Hopefully somebody of the more experienced operators will confirm this information.

  4. jabbering-queer.net

    You will also want a SRV entry if you're using a nonstandard port

  5. astriid

    I have those and even an _xmpp-server srv record for it, but Dino is saying invalid server when joining muc

  6. astriid

    I can't reproduce it on another Dino install, same version so maybe DNS issue

  7. jabbering-queer.net

    The subdomain for the component can be anything, not just "conference". Generally you also want xmpps entries if using SRV entries

  8. Menel

    astriid: it's possible the srv record is wrongly configured. You can use tools like `xmpp-srv` or https://connect.xmpp.net/ and enter your muc (sub)domain. To see if it is generally reachable

  9. Menel

    You don't need srv records if you use the standard port, but then you need A/AAAA records for it

  10. Menel

    (if the website gives an error like `unable to test`, then just retest, sometimes it has hiccups.)

  11. astriid

    Oh neat tool, but it gives all green except for s2s direct tls

  12. jabbering-queer.net

    Okay, now I'm at a keyboard so I can type this up real quick. XMPP servers I've setup the past couple of years use A and AAAA records for the primary domain, CNAME for the file sharing subdomain, and SRV records for everything else. So for example, the SRV entries look something like: ``` srv-host=_xmpp-client._tcp.example.org,example.org,5222,0,5 srv-host=_xmpp-server._tcp.conference.example.org,example.org,5269,0,5 srv-host=_xmpp-server._tcp.example.org,example.org,5269,0,5 srv-host=_xmpps-client._tcp.example.org,example.org,5223,0,5 srv-host=_xmpps-server._tcp.conference.example.org,example.org,5270,0,5 srv-host=_xmpps-server._tcp.example.org,example.org,5270,0,5 ```

  13. astriid