Hosting all the services

jabber
hosting
lets-encrypt
Tags: #<Tag:0x00007f0fa9989d78> #<Tag:0x00007f0fa9989a80> #<Tag:0x00007f0fa99897b0>

#1

I have some pending tasks, to figure how my personal hosting situation, so I’m gonna work through it here. I suspect others have figured out my issues. It mostly surrounds jabber.

I want to keep as few VPS as possible. The services for interi.org, the base domain, are:

  • web via https
  • email
  • jabber

Email is handled, MX records make that easy. My issue comes from getting the same certs for jabber and the web server. I use Let’s Encrypt for certs, but that means I either have to host the web and jabber server on the same VPS, or copy over the certs to the other server, or host the in shared infrastructure where I resolve DNS and HTTPS at a different point in the cluster.

What I’m leaning towards is putting my static HTML site and jabber server on one VPS. Prosody doesn’t actually use many resources, and if I combine them I can cron job renewing not just interi.org’s cert, but also the certs for adjacent jabber services, such as MUC or uploads.

I need to figure this out soon, because I have some other jabber stuff to do, but I want the server to be stable. I would also like to host jabber channels for group chat, looking forward to getting into that.

So, anything I’m missing? I think I’ve figure out what to do with the server for interi.org. Thoughts?

Edit: I plan on using a DigitalOcean VPS, or similar, for this. I can’t think of a reason not to, but always open to being critical of companies!


#2

I have two main goals:

  1. finally configure jabber as I want it, with all the XEPs I like, including HTTP uploads
  2. My main site reset, to start streaming the public APIs I’m filling out

The order to do this is:

  1. Reset content on main site
  2. Move site and DNS to new VPS
  3. Update prosody to latest
  4. Install prosody and move over files…! (see below)
  5. Update SRV records for jabber…? (see further below)

Okay, so a neat thing! I think prosody is like, a config file and an SQLite file. That’s it! I don’t currently have uploads, and we hardly keep an archive, so even the DB is fairly small. Yay federation!

And a question, um, thing: can I just turn off the SRV records? Will existing jabber servers route to the main domain? I can actually find out, because I know all the s2s connections to the server! :slight_smile:

So, all this tells me, even though I want to do the jabber thing, I should do the content site thing. :confused:


#3

Ive got a not disimilar setup, where lighttpd (previously bozohttpd) is hositng my hugo blog on the same VPS that I run prosody and their both running off the same domain / let’s encrypt certs. What puzzles me is it kinda sounds like you don’t want to do this? Or if your asking if that has down sides?

Im curious how that goes for you. Ive not done much with prosody beyond basic IM; largely because ive gotten few people to engage with me over XMPP lately. Though thats likely because im bad at synchonous live interation. Though synergy there might make it seem worth the effort on my end.

Yep, and the config file doesn’t change that much between versions in my experience.

SRV records are only required I think if your XMPP server is on a different domain from your jabber identity domain. I.E. its possible to run say prosody on xmpp.interi.org but have your user identies end in @maiki.interi.org. If your not splitting like that I think SRV records are optional.

That being said I think they become mandatory for some of the more highfalutin XEPs.


#4

The RFC says their optional but preferred; if missing it fallsback to the A domain record. RFC 6120 - Extensible Messaging and Presence Protocol (XMPP): Core


#5

I’m not used to running a simple site on it’s own VPS. It makes more sense to my model of information and serving to have jabber and the web services separated.

Hmmm.

I think of the web doc repo as being there, just in time. It waits, get’s a request, serves it. But eventually I will get more involved, learn to teach the browser how to best cache the docs, and then the server shouldn’t really be accessed over that URL very often. That is a compelling scenario, because it means we group up our resources by type: all the static docs go over here, all the binary assets are hosted over there, etc.

On the other hand, I am going to be promoting the interi MUC and expect it to be in constant contact with at least a handful of clients. I also plan to deploy bots for automating my own work. And then there will be a cache for syncing between clients, both in MAM and with HTTP uploads. So while Prosody takes very little resources, that kind of “on all the time” activity speaks to me a different sort of configuration than “web server”.

Thanks for posing the feedback in that way, it helped me understand what’s going on: I’m not used to building single domain nodes that provide multiple services. Instead, I’m used to building single purpose nodes that provides a service to multiple domains.

Hmm, I feel like there is something there. Like an insight I have to offer this discussion around how we get more community and personal ownership on the web and net… but I haven’t quite figured it out yet. I’m trying to be, hmm, selfish, and focus on interi.org and make it my really cool place, to show others what is possible, but I’m not sure the path forward is individual domains. I think we might need single purpose domains and share resources among the group, and split the “cost of ownership”.

And here’s a personal insight: I’m gonna do it. I am loading up interi.org as a single-domain node. I’ll load what I want there (which is fortunately just the the three I mentioned). Because I’ll have plenty of opportunities to build and participate in communities, but the core reason I do this is as a hobby and passion, and I can’t peg that against anyone else.


#6

I was wondering if jabber server cache DNS, and if SRV records suddenly disappeared what might happen. I’m sure I could also figure it out by reading the docs of the four jabber servers, but I don’t wanna. :slight_smile: