Loomio

xmpp service on port 443 and sslh complexity

PP
Pirate Praveen Public Seen by 319

We started offering xmpp on port 443 to bypass stupid firewalls. But it added a complex piece of software sslh to the mix. With matrix service becoming popular and sslh configuration causing down times, I suggest we stop providing xmpp on port 443 (it will still be availble on 5222 and 5223 ports). If someone figures out a way to proxy this using nginx, we can consider this again. This will help us to get rid of sslh.

PP

Pirate Praveen started a proposal Sun 1 Jul 2018

Stop providing xmpp service on port 443 Closed Sun 8 Jul 2018

This will significantly reduce complexity by removing sslh from the equation and reduce maintenance burden.

Results
Agree - 7
Abstain - 0
Disagree - 0
Block - 0
7 people have voted (13%)
PP

Pirate Praveen
Agree
Sun 1 Jul 2018

I think the benefit is not worth the extra complexity we need to manage.

S

Shamil
Agree
Sun 1 Jul 2018

A lot of people don't use XMPP anyway. I don't even know why we were listening on 443, If someone requests it, we can consider reenabling it.

B

Bady
Agree
Sun 1 Jul 2018

It'd be great if existing xmpp users, if any, can switch to more feature-rich matrix.

S

Shamil Sun 1 Jul 2018

Or, we can move to ha-proxy. It can do all these, and much more!

PP

Pirate Praveen Sun 1 Jul 2018

If you want to try ha-proxy, go ahead. The basic idea is to fool stupid firewalls that block everything other than 80 and 443 ports. We enabled this after we got a request from @devraj . It was when he was still in college and we did not have matrix.

PP

Prinz Piuz Sun 1 Jul 2018

i think nobody using xmpp...but to chat with converstions app we will need it r?....i dont know anybody using conversations....i think matrix have more features than xmpp

PP

Prinz Piuz
Agree
Sun 1 Jul 2018

i think nobody is using xmpp

PP

Pirate Praveen Sun 1 Jul 2018

We need the xmpp service to use poddery account with conversations, but this vote is not to stop it completely. We only want to stop providing this on port 443. We will continue to offer it on 5222 and 5223 ports. Most of the users will still be able to use xmpp service just like they are using right now. Only those who are using it from a very restrictive network which blocks all ports except 80 and 443 (in many colleges and companies) will be affected. I think at least @noteness said he started using it again.

PP

Pirate Praveen Sun 1 Jul 2018

dig -t SRV _xmpp-client._tcp.poddery.com

; <<>> DiG 9.11.3-1-Debian <<>> -t SRV _xmpp-client._tcp.poddery.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13881
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_xmpp-client._tcp.poddery.com. IN  SRV

;; ANSWER SECTION:
_xmpp-client._tcp.poddery.com. 86400 IN SRV 10 1 443 poddery.com.
_xmpp-client._tcp.poddery.com. 86400 IN SRV 20 1 5222 poddery.com.

;; AUTHORITY SECTION:
poddery.com.        10800   IN  NS  b.dns.gandi.net.
poddery.com.        10800   IN  NS  c.dns.gandi.net.
poddery.com.        10800   IN  NS  a.dns.gandi.net.

;; Query time: 211 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Sun Jul 01 20:24:28 IST 2018
;; MSG SIZE  rcvd: 181
S

Shamil Sun 1 Jul 2018

I do use XMPP a lot. I know some people who doesn't like the memory hunger/bloat of Riot, they still prefer XMPP as their primary communcation platform.

KSK

Kiran S Kunjumon
Agree
Sun 1 Jul 2018

R

raghukamath
Agree
Wed 4 Jul 2018

IS

I Sagar
Agree
Fri 6 Jul 2018