[XMPP] - Enable custom domain #319
Labels
No Label
administration
Akkoma
Android
Bare metal
bug
Communication
Community
Cryptpad
Discussion
Documentation
duplicate
enhancement
etherpad
Feature request
Feedback
finances
Fixed
forgejo
fun_project
Goal 2024
help wanted
Howto
🤔️ Investigate
ios
jitsi
lacre
Lacre Test
ldap
Lemmy
LibreTranslate
low prio
Lufi
macos
Mail
Merch
monitoring
movim
needs_refine
New Auth
Nextcloud
nice to have
on hold
proposal
question
Ready
refined
Roundcube
searX
spam-protection
Staging Server
Themes
TOR
Urgent!
Website
windows
wontfix
xmpp
Yearly Report
No Milestone
No project
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Disroot/Disroot-Project#319
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
tbd
this is done, right? We can close this @muppeth I think, can't we?
As mentioned on last meeting. This is kind of done but not properly implemented. So I said last time it's something I wanted to focus on this milestone and finalize it.
The problem I have with the custom domain on xmpp is this:
To add virtual domain to prosody server we need tls certificate. In case of Letsencrypt, this cert needs to be renewed every three months. Leaving it to people to generate and then send it to us IMO is impossible to handle as it will create ton of overhead for us (adding new certs to the server on time). The other solution is if we handle certificates. This is all good except for the issue where someone wants to add domain (mydomain.ltd) but at the same time has a website running under the same domain. We need "A" record pointing to our server as we need to create/renew certificate but if that record is used, we can't. There are two solutions to this and both are bad:
In case 1. the issue is that people would most likely like to have the same domain as they use on email (there the issue does not occur) which makes more sense. So I guess people wouldnt like to compromise
In case2. Although you solve the issue with the certificate for xmpp, we would be able to monitor traffic to people's webistes, plus generate more traffic on our IP's. Not only that, we would still have issues with tls on the website side of things (either we would need to send new certs to the website owner, or we would have to setup permanent cert between our server and website server. This adds even more issues.
So there is no easy/good solution to do this. Solution that does not require extra work and complexity. So the solution as I see it now is:
What do you @Disroot/Owners think?
officially they did not pay for any service but made a donation and get some perks as reward.. We could decided to refund the donation if people demand that.
but i agree that at this point option 3 sounds the most workable.
option 5. only offer xmpp for subdomain
where are we at with that @muppeth ?