Your own xmpp server with ejabberd on Debian 11 Bullseye

0. Intro

AOL, ICQ, Hangouts, Messenger, Whatsapp, ... it's been bothering for quite a long time to switch instant messaging (im) app every few years and share all my conversations with those third parties. I guess I must be one of the few who did not click agree on Whatsapp's latest terms and conditions -I'm not switching to google chats either! I expect to be kicked out any day soon \o/.
Anyway, this feels like a good time to choose a new im protocol, and stick to it. After doing quite some research, I decided to go with irc and jabber (XMPP). If you wonder why, read Solène on how to choose a communication protocol.
Additionally, it is interesting to know that whatsapp is based on XMPP! The WhatsApp Architecture Facebook Bought For $19 Billion. So I decided to install an XMPP server and ordered a vps (virtual private server) for a year. If you wonder why not running it at home, I'm preparing a post about self-hosting!

1. About XMPP Extension proposals (XEP)

As XMPP is an extensible protocol, many functionalities can be built on top of it. These come in the form of XEP, which are public proposals defined by a number (ie: XEP-0313 Message Archive Management - XEP-0384 OMEMO Encryption) and can be implemented by various server/client software once validated. This is nice, as the protocol is not stuck in stone and can evolve. You can check the list of XEP for yourself!
One postitive point about XMPP is the diversity of clients and available for many different platforms.
One sad side about XMPP is that support for different XEP can greatly vary depending on software (both clients and servers) - The one thing that universally works between all clients is simple, clear text messaging...

This is because:

• - Some clients are capabale of audio/video - while some don't - or do, but not with another program.
• - Some servers will help you connecting voip/video calls (stun/turn), some won't
• - Some clients support OMEMO (end to end encryption, while some don't
• - Some servers support muc (mutli user chatroom) - while some don't
• - Some servers support mam (Message Archive Management --> history for offline messages) - while some don't
• - ...

The situation is not as dire as it first sounds, but it is an important factor to take into account when testing and to be cautious about when setting up your own XMPP infrastructure.

2. Servers

• 2.1. Prosody

  I installed prosody on a debian 10 (buster) box, it was running in less than an hour.
  Then I tried to make voice calls, and discovered that I needed a stun/turn server.
  I installed coturn and got it running in less than an hour.
  What I never managed to do is to make them cooperate...
  It must be me, as many people are very happy with prosody, it seems to have a lot of modules, but after three weeks of unfortunate attempts, I decided to try another software.
  

• 2.2. Ejabberd

  In my reasearch, I saw somewhere that ejabberd was an xmpp server that came with included stun/turn capabilities (+sip) - so I decided to give it a try. Reinstalled the debian VM, this time upgraded to bullseye (which was released since). apt get ejabberd, get some config tutorial from the internet and...
  nothing... bloody service wouldn't even start.
  
  So I retook the original blank debian config and... asked for help \o/
  I reread a few usetull steps in setting up my server.
  A kind soul from #selfhosting on irc.tilde.chat pointed me to How to set up ejabberd video & voice calling
  Just applying those changes to the default debian conf (and dns servers) was the way to go!
  I also needed to set some certificates, for which I almost followed process one's guide on securing jabber with TLS
  Instead, to get certbot in bullseye, I did:

  
  apt install certbot
  and once that was done I did
  certbot certonly --webroot
  And once done I did a simple script to call with a cron job:
  certbotchat.sh
  /usr/bin/certbot renew
sleep 2
cat /etc/letsencrypt/live/your.doma.in/fullchain.pem /etc/letsencrypt/live/your.doma.in/privkey.pem > /etc/ejabberd/ejabberd.pem

systemctl restart ejabberd
  Warning If for any reason, ejabberd doesn't start, it will tell you to check "journalctl -xe" - but I found the following commands to be much more relevant:
  cat /vat/log/ejabberd/error.log
cat /vat/log/ejabberd/ejabberd.log
  
  
  
  
  

3. Clients

As you remember from point 1, client choice is not especially easy... These are a few experiments I made:

• - On Android, blabber.im and conversations work well (omemo, audio, video), and are intercompatible
• - On IOS, it seems that Siskin IM by Tigase inc is working well with omemo, as well as audio and video chats - maybe some failures in group chat omemo. Monal supports OMEMO, but not audio/video, while astrachat seemed to lag a bit behind...
• - On Linux and FreeBSD, Gajim and Dino work with omemo support, but no audio nor video chats.
• - There must be plenty more for many other platforms - but you must choose based on the XEP you require support for!

4. Config changes

I needed to configure/enable a few specific modules for ejabberd to meet my expectations, somewhere in the process of looking for howto's, I stumbled upon the ejabberd documentation archives. This page is a real goldmine, as it contains the correct syntax for the options for your specific version of ejabberd - as many tutorials on the internet point you in the right direction, all you need is to know how to implement the option in your specific version! The specific page linked is the one with all modules options for 21.01 (debian 11 default). Kudos to the ejabberd team for this well maintained documentation!!!

• - mod_proxy65: is the module that made sending pictures between mobiles work. It is a bit touchy - security wise, as you don't want spammers to use it, the solution is to have access: local - so that only registered members of your ejabberd can use it. A kind soul from #ejabberd on irc.libera.chat helped me understand the option.
    mod_proxy65:
    access: local
    max_connections: 10
    name: "File transfer proxy"
    ip: "ip.of.ser.ver"
    port: 7777

• - mod_mam : is the module that allows to keep messages on the server when a user is offline. Ideally, use mysql as backend persistent storage, as described in the ejabberd docs (again) - else just comment the line
    mod_mam:
    db_type: sql
    assume_mam_usage: true
    default: always

• - mod_muc : is the module that allows to have group chats. You can make public/private/password protected groups, have admins, bans, ...
    default_room_options:
    allow_subscription: true
    persistent: false
    mam: true


  I set persistent false as default, as only I am supposed to create permanent rooms on my server ^^

• - register : I made sure mod_register was disabled, this prevents spammers to use the server.
  just delete the lines relative to mod_register

5. A few commands

Once installed, not being a fan of web interfaces, I noted a few usefull commands here as a personal cheatsheet, but I can only recommend you to get more information from the very extensive and well maintained ejabberd documentation

Reload config without restarting service (without disconnecting users)

Backup

Backup internal mnesia database

List mnesia backups

Restore mnesia backup

Modules

List of modules to be updated

Update specific ejabberd module

Update all ejabberd modules

Users

Register a user

As we disabled mod_register, it means we will need to add our users by hand \o/

List registered users

Unregister a user

Rooms (muc - multi user chat)

Create room

or just enter new room with client ;p

List rooms

Destroy room

Get room options for roomname

Change an option for a room

Disable users to change room subject

Show full usernames in channel

Enable mam on muc channel

ejabberdctl create_room roomname conference.your.doma.in your.doma.in

Only members can join this channel

Hide room from public listing

Room is persistent

Won't disappear if everybody leaves

Room+user

Chane user affiliation to a channel

Affiliation can be one of: owner, admin, member, outcast, none

Invite a user to join a room

5. Where to go from here?

I realise I barely scratched the surface from XMPP and ejabberd capabilities, as I now just have "basic" XMPP functionality. On the one side, I would like to study XMPP a bit more, and configure some modules so that it does exactly what I want.
Ejabberd is also an MQTT broker and a SIP server: if you take into account that I have an asterisk and a domoticz server running, it opens the gates to a huge playground! Though it will take time to explore!
These two pages look like a promising start:

• Voice and xmpp integrating asterisk with ejabberd
• Domoticz MQTT wiki

6. Conclusion

It woooorks! I am sooo happy + I have a new playground... what else could I ask for! (the answer is more time to explore more things)
As always, the Open Source community has been key to reaching my goals - be it through software, forums, posts, IRC...
From here on, an important next step is to get some friends and family to use it - suddenly configuration looks like the easy part! 😅

Hope it helps ^^