Server upgrades – Sunday 03/12/2017

[2:00pm] The work has been finished. There may need to be some minor configuration changes, but it should not interrupt any connections

[Original post] There will be an upgrade to the server on Sunday 3rd December from 10:00am GMT. This is an upgrade to Prosody (the XMPP server software) which will add additional  features to the server as well as upgrading the Debian GNU/Linux operating system.

The new system has been set up and configured but there will be an interruption while the system switches over though hopefully this should take no more than an hour

More details:

The updated version of Prosody should make it more reliable, more recent security and have more features available to supported clients.

  • Updated Prosody should fix the problem with SQL connections which has been the most frequent reason for crashes of the XMPP server.
  • Message Archive Management (MAM) + Carbons. Allow for archiving of recent messages on the server and synchronisation between different clients on different machines. That is you should always have the same message history no matter which client on which machine you’re using
  • Multi-User-Conferencing (MUC) + MAM. Allow users of this server to create chatrooms/conferences. External users may join but only local users can create rooms. MAM allows users to join and pick up recent messages too.
  • HTTP Upload (under evaluation). Allow users to upload small files to the server. This is mostly used to share images with other users in a MUC room. Users have a quota on individual and total file size. This is being evaluated to see how much resources it will use so it is possible it might be disabled in the future.
  • Web socket + BOSH. These allow connections over standard Web ports if your connection is firewalled off.
  • Let’s Encrypt certificates. The latest version of Prosody supports integration for Let’s Encrypt SSL certificates. These are certificates which are free, have an automated process to get & renew and have a three month life before they are updated.
  • Support for more moden cryptography & reporting. The new version of Prosody supports reporting details about the encryption methods used by clients. This will mean we can be more proactive in being able to disable older encryption protocols and ciphers.
  • Stream Management (aka Smacks) – This allows for faster reconnections by clients when their connection drop off. For example as a mobile device has poor connectivity or moves between mobile and WiFi.

Techical details:

Most of the time you will use the standard XMPP port of 5222. If you are behind a firewall that blocks standard XMPP ports these details might be of interest. If you are unsure about any of these you probably shouldn’t change them on your client.

  • Standard XMPP connection: Ports 5222 & 53 – Encryption are required for all client connections. (All domains). Port 53 is offered for some users to bypass restrictive firewalls
  • Legacy XMPP encrypted connection: Port 5223 – Encrypted connection for only.
  • Legacy XMPP encrypted connection: Port 5224 – Encrypted connection for only.
  • Standard unencrypted web: Port 80 – Will redirect to encrypted web connection
  • Standard encrypted web: Port 443 – Supports both Websockets & BOSH.
    • Websocket URL: wss:<domain>/xmpp-websocket
    • BOSH URL: https://<domain>/http-bind