Disroot/Disroot-Project
Disroot
/
Disroot-Project
16
31
Fork 0
Code Issues 128 Pull Requests Projects 7 Releases Activity

[XMPP] - Enable custom domain #319

New Issue
Open
opened 2022-09-07 16:19:41 +02:00 by muppeth · 7 comments
muppeth commented 2022-09-07 16:19:41 +02:00
Owner
Copy Link

tbd

tbd
muppeth added the
administration
xmpp
 labels 2022-09-07 16:19:41 +02:00
meaz commented 2023-10-01 09:52:01 +02:00
Owner
Copy Link

this is done, right? We can close this @muppeth I think, can't we?

this is done, right? We can close this @muppeth I think, can't we?
muppeth commented 2023-10-01 14:46:31 +02:00
Author
Owner
Copy Link

As mentioned on last meeting. This is kind of done but not properly implemented. So I said last time it's something I wanted to focus on this milestone and finalize it.

As mentioned on last meeting. This is kind of done but not properly implemented. So I said last time it's something I wanted to focus on this milestone and finalize it.
muppeth added this to the 23.10 - October milestone 2023-10-01 14:46:34 +02:00
muppeth commented 2023-11-03 12:30:10 +01:00
Author
Owner
Copy Link

The problem I have with the custom domain on xmpp is this:
To add virtual domain to prosody server we need tls certificate. In case of Letsencrypt, this cert needs to be renewed every three months. Leaving it to people to generate and then send it to us IMO is impossible to handle as it will create ton of overhead for us (adding new certs to the server on time). The other solution is if we handle certificates. This is all good except for the issue where someone wants to add domain (mydomain.ltd) but at the same time has a website running under the same domain. We need "A" record pointing to our server as we need to create/renew certificate but if that record is used, we can't. There are two solutions to this and both are bad:

  • Users then cannot use their root domain and need to use subdomain for their xmpp (chat.domain.ltd)
  • Users point their A record and we the redirect the traffic to their website (work as a proxy).

In case 1. the issue is that people would most likely like to have the same domain as they use on email (there the issue does not occur) which makes more sense. So I guess people wouldnt like to compromise

In case2. Although you solve the issue with the certificate for xmpp, we would be able to monitor traffic to people's webistes, plus generate more traffic on our IP's. Not only that, we would still have issues with tls on the website side of things (either we would need to send new certs to the website owner, or we would have to setup permanent cert between our server and website server. This adds even more issues.

So there is no easy/good solution to do this. Solution that does not require extra work and complexity. So the solution as I see it now is:

  1. No xmpp linking at all.
  2. No xmpp linking if you are using the domain you want to link for the webiste already
  3. xmpp linking but if you are using the domain you want to link for website you need to specify subdomain.
  4. Offer website hosting.

What do you @Disroot/Owners think?

The problem I have with the custom domain on xmpp is this: To add virtual domain to prosody server we need tls certificate. In case of Letsencrypt, this cert needs to be renewed every three months. Leaving it to people to generate and then send it to us IMO is impossible to handle as it will create ton of overhead for us (adding new certs to the server on time). The other solution is if we handle certificates. This is all good except for the issue where someone wants to add domain (mydomain.ltd) but at the same time has a website running under the same domain. We need "A" record pointing to our server as we need to create/renew certificate but if that record is used, we can't. There are two solutions to this and both are bad: - Users then cannot use their root domain and need to use subdomain for their xmpp (chat.domain.ltd) - Users point their A record and we the redirect the traffic to their website (work as a proxy). In case 1. the issue is that people would most likely like to have the same domain as they use on email (there the issue does not occur) which makes more sense. So I guess people wouldnt like to compromise In case2. Although you solve the issue with the certificate for xmpp, we would be able to monitor traffic to people's webistes, plus generate more traffic on our IP's. Not only that, we would still have issues with tls on the website side of things (either we would need to send new certs to the website owner, or we would have to setup permanent cert between our server and website server. This adds even more issues. So there is no easy/good solution to do this. Solution that does not require extra work and complexity. So the solution as I see it now is: 1. No xmpp linking at all. 2. No xmpp linking if you are using the domain you want to link for the webiste already 3. xmpp linking but if you are using the domain you want to link for website you need to specify subdomain. 4. Offer website hosting. What do you @Disroot/Owners think?
meaz commented 2023-11-03 20:36:05 +01:00
Owner
Copy Link
  1. Offer website hosting.
    I don't think we can do that, human resources are missing.
  1. xmpp linking but if you are using the domain you want to link for website you need to specify subdomain.
    That is my favorite solution, as it seems simple one for us, and for users.

No xmpp linking at all.
It seems the easiest one :) But I think some people have already paid for that...

> 4. Offer website hosting. I don't think we can do that, human resources are missing. > 3. xmpp linking but if you are using the domain you want to link for website you need to specify subdomain. That is my favorite solution, as it seems simple one for us, and for users. > No xmpp linking at all. It seems the easiest one :) But I think some people have already paid for that...
antilopa commented 2023-11-05 09:45:50 +01:00
Owner
Copy Link

No xmpp linking at all.
It seems the easiest one :) But I think some people have already paid for that...

officially they did not pay for any service but made a donation and get some perks as reward.. We could decided to refund the donation if people demand that.

but i agree that at this point option 3 sounds the most workable.

> > No xmpp linking at all. > It seems the easiest one :) But I think some people have already paid for that... > officially they did not pay for any service but made a donation and get some perks as reward.. We could decided to refund the donation if people demand that. but i agree that at this point option 3 sounds the most workable.
muppeth modified the milestone from 23.10 - October to 23.11 - November 2023-11-07 02:17:29 +01:00
muppeth modified the milestone from 23.11 - November to 23.12 - December 2023-12-03 13:56:47 +01:00
meaz removed this from the 23.12 - December milestone 2023-12-03 16:22:00 +01:00
avg_joe commented 2023-12-03 16:27:51 +01:00
Owner
Copy Link

option 5. only offer xmpp for subdomain

option 5. only offer xmpp for subdomain
meaz commented 2024-02-03 18:28:38 +01:00
Owner
Copy Link

where are we at with that @muppeth ?

where are we at with that @muppeth ?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Clear labels   
administration

   
Akkoma

Pleroma related issues

  
Android

Issues related to Android platform

  
Bare metal

Everything related to phisical servers

  
bug

Something is not working

  
Communication

Disroot's communications

  
Community

Community related

  
Cryptpad

Cryptpad related issues

  
Discussion

   
Documentation

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
etherpad

   
Feature request

   
Feedback

Users' comments, ideas and suggestions

  
finances

   
Fixed

   
forgejo

   
fun_project

   
Goal 2024

   
help wanted

Need some help

  
Howto

Howto's related

  
🤔️ Investigate

   
ios

   
jitsi

   
lacre

   
Lacre Test

   
ldap

   
Lemmy

   
LibreTranslate

   
low prio

   
Lufi

Lufi service related

  
macos

   
Mail

   
Merch

   
monitoring

   
movim

Movim related

  
needs_refine

   
New Auth

   
Nextcloud

Nextcloud related issues

  
nice to have

   
on hold

   
proposal

   
question

More information is needed

  
Ready

   
refined

   
Roundcube

Roundcube related

  
searX

   
spam-protection

   
Staging Server

Regarding staging server

  
Themes

   
TOR

   
Urgent!

   
Website

   
windows

   
wontfix

This won't be fixed

  
xmpp

   
Yearly Report

Disroot yearly report

No Label
administration
Akkoma
Android
Bare metal
bug
Communication
Community
Cryptpad
Discussion
Documentation
duplicate
enhancement
etherpad
Feature request
Feedback
finances
Fixed
forgejo
fun_project
Goal 2024
help wanted
Howto
🤔️ Investigate
ios
jitsi
lacre
Lacre Test
ldap
Lemmy
LibreTranslate
low prio
Lufi
macos
Mail
Merch
monitoring
movim
needs_refine
New Auth
Nextcloud
nice to have
on hold
proposal
question
Ready
refined
Roundcube
searX
spam-protection
Staging Server
Themes
TOR
Urgent!
Website
windows
wontfix
xmpp
Yearly Report
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Disroot/Disroot-Project#319
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?