Loomio

xmpp service on port 443 and sslh complexity

Pirate Praveen
Pirate Praveen Public Seen by 257

We started offering xmpp on port 443 to bypass stupid firewalls. But it added a complex piece of software sslh to the mix. With matrix service becoming popular and sslh configuration causing down times, I suggest we stop providing xmpp on port 443 (it will still be availble on 5222 and 5223 ports). If someone figures out a way to proxy this using nginx, we can consider this again. This will help us to get rid of sslh.

Pirate Praveen

Pirate Praveen started a proposal July 1st, 2018 11:07

Stop providing xmpp service on port 443 Closed 4:31pm - Sunday 8 Jul 2018

This will significantly reduce complexity by removing sslh from the equation and reduce maintenance burden.

Results
Agree - 7
Abstain - 0
Disagree - 0
Block - 0
7 people have voted (0%)
Pirate Praveen

Pirate Praveen
Agree
July 1st, 2018 11:08

I think the benefit is not worth the extra complexity we need to manage.

Shamil

Shamil
Agree
July 1st, 2018 12:37

A lot of people don't use XMPP anyway. I don't even know why we were listening on 443, If someone requests it, we can consider reenabling it.

Bady

Bady
Agree
July 1st, 2018 13:35

It'd be great if existing xmpp users, if any, can switch to more feature-rich matrix.

Shamil

Shamil July 1st, 2018 13:54

Or, we can move to ha-proxy. It can do all these, and much more!

Pirate Praveen

Pirate Praveen July 1st, 2018 14:12

If you want to try ha-proxy, go ahead. The basic idea is to fool stupid firewalls that block everything other than 80 and 443 ports. We enabled this after we got a request from @devraj . It was when he was still in college and we did not have matrix.

Prinz Piuz

Prinz Piuz July 1st, 2018 14:38

i think nobody using xmpp...but to chat with converstions app we will need it r?....i dont know anybody using conversations....i think matrix have more features than xmpp

Prinz Piuz

Prinz Piuz
Agree
July 1st, 2018 14:38

i think nobody is using xmpp

Pirate Praveen

Pirate Praveen July 1st, 2018 14:51

We need the xmpp service to use poddery account with conversations, but this vote is not to stop it completely. We only want to stop providing this on port 443. We will continue to offer it on 5222 and 5223 ports. Most of the users will still be able to use xmpp service just like they are using right now. Only those who are using it from a very restrictive network which blocks all ports except 80 and 443 (in many colleges and companies) will be affected. I think at least @noteness said he started using it again.

Pirate Praveen

Pirate Praveen July 1st, 2018 14:56

dig -t SRV _xmpp-client._tcp.poddery.com

; <<>> DiG 9.11.3-1-Debian <<>> -t SRV _xmpp-client._tcp.poddery.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13881
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_xmpp-client._tcp.poddery.com. IN  SRV

;; ANSWER SECTION:
_xmpp-client._tcp.poddery.com. 86400 IN SRV 10 1 443 poddery.com.
_xmpp-client._tcp.poddery.com. 86400 IN SRV 20 1 5222 poddery.com.

;; AUTHORITY SECTION:
poddery.com.        10800   IN  NS  b.dns.gandi.net.
poddery.com.        10800   IN  NS  c.dns.gandi.net.
poddery.com.        10800   IN  NS  a.dns.gandi.net.

;; Query time: 211 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Sun Jul 01 20:24:28 IST 2018
;; MSG SIZE  rcvd: 181
Shamil

Shamil July 1st, 2018 15:07

I do use XMPP a lot. I know some people who doesn't like the memory hunger/bloat of Riot, they still prefer XMPP as their primary communcation platform.

Kiran S Kunjumon

Kiran S Kunjumon
Agree
July 1st, 2018 18:05

raghukamath

raghukamath
Agree
July 4th, 2018 08:55

I Sagar

I Sagar
Agree
July 6th, 2018 19:57