ejabberd + Let's Encrypt

May 18, 2021

ejabberd is what we should've had all along. Federated, encrypted, roll your own chat. Google and Facebook started their chat empires off the XMPP protocol, and then slowly limited and deprecated the federated support so you were locked into their walled gardens. Let's Encrypt gives everyone (not just MegaCorps) the ability to encrypt their web traffic. Combining the two allows us to deploy our own End-to-End encrypted instant messaging services! First we install ejabberd. This was so much easier than I thought and required virtually no manual configuration. I used the system packages from Debian Bullseye. This is all in one and doesn't require any provisioning with other services. We do however need to add our domain name to the configuration, make an admin account and add that user to the config.

Second we use cerbot to nab some certificates. This is something that we used to have to pay for, but now anyone who can use this command line utility can request, renew and manage certificates for verified encryption. [foot note: ejabberd has native support for handling LE/ certificates because it is a fantastic tool, but I already had certs for this particular server so wanted to reuse them]

Third we need to use the classic unix utility cat to combine the Let's Encrypt parts into a format that ejabberd wants: cd /etc/letsencrypt/live/MYCHATDOMAIN.com/ cat privkey.pem cert.pem chain.pem > /etc/ejabberd/MYCHATDOMAIN.pem chown root:ejabberd /etc/ejabberd/MYCHATDOMAIN.pem chmod 640 /etc/ejabberd/MYCHATDOMAIN.pem emacs /etc/ejabberd/ejabberd.yml look for the “certfiles:” line and add - "/etc/ejabberd/MYCHATDOMAIN.pem" ejabberdctl restart

Et voila!

Now we've got a chat server that we control that can talk to other servers over an encrypted channel.

Notes on freeing our communications

This is not for everyone; unfortunately this is a case where systemic power imbalance has forced us to use individual action to assert ourselves. Not everyone has the privilege (skills, extra time, knowledge of existence, currently being surveilled, etc) to run their own services. But I'm hopeful that leveraging economies of scale can allow those of use with the know-how to enable everyone to enter an open ecosystem of communication software. We need resources to advocate for consumers rights against banks, landlords, bosses and the tireless and thankless work advocating for the disempowered, houseless, underrepresented. With all the money in technology it can be disheartening to see such a lack of resources being put into the human rights around it. I see this kind of technological work serving as a parallel for human liberation. We need to lift up everyone at the same time, little by little, and this is one very small piece that I can help contribute to.