Snikket, a self-contained XMPP distribution
Sandra and I have been using matrix (a synapse server) for a few years, but Sandra didn’t find it the easiest thing to use, and I never got audio and video calls working reliably.
So we switched to XMPP, using ejabberd, and that was better, but audio and video were still not great.
Rather than spend too much time faffing around trying to debug it, I decided to give Snikket a try.
Built on top of prosody (which I’ve used within the jitsi system), Snikket sets itself out as a “self-contained XMPP distribution”.
In other words, you install and it, and it should Just Work.
And, well, that’s pretty much true! I’m impressed.
For that convenience, there are trade-offs, but, so far, a couple of days in, I’m very pleased with it.
Installing Snikket
I followed the quick start instructions.
On Debian 12, following the instructions to install Docker from its own apt repository gave me docker compose, so I did not follow the guide for installing that.
I did note that the version mentioned in the Snikket instructions, 1.25.3, seems to be very old (the version I installed was v2.19.1). I am not sure why this specific version is mentioned, rather than using the latest version.
I wasn’t hugely chuffed at needing to use docker, as I don’t understand it very well, but I did, and it worked.
(Since I was using the packaged version of docker compose, the command docker-compose up -d did not work but docker compose up -d did.)
Firewalling
There is a link out from the quick start guide to some more “advanced” documentation, including firewalling.
I reckon that this should be in the quick start guide since, without firewalling things properly, it either isn’t going to work, or else is going to be running without a firewall which doesn’t seem ideal.
I am using ufw on the local machine, and it looked like:
ufw allow in from any to any port 80 proto tcp comment 'allow in http'
ufw allow in from any to any port 443 proto tcp comment 'allow in https'
ufw allow in from any to any port 5222 proto tcp comment 'allow in to c2s'
ufw allow in from any to any port 5269 proto tcp comment 'allow in to s2s'
ufw allow in from any to any port 5000 proto tcp comment 'allow in to file transfer proxy'
ufw allow in from any to any port 3478:3479 proto tcp comment 'allow in to stun turn'
ufw allow in from any to any port 3478:3479 proto udp comment 'allow in to stun turn'
ufw allow in from any to any port 5349:5350 proto tcp comment 'allow in to stun turn'
ufw allow in from any to any port 5349:5350 proto udp comment 'allow in to stun turn'
ufw allow in from any to any port 49152:65535 proto udp comment 'allow in to turn data'
And it “just worked”
I ran the documented command for creating an admin user, and then two further non-admin users (one for me, one for Sandra).
I didn’t make use of the QR code side of things - I just created the accounts, and then logged in on the relevant apps manually.
For iOS, I used the official Snikket app.
Same with Android (and it is very much like Conversations, which I was using before).
On Debian 12, I am using Dino, and that logged in just fine.
Chat has been fine, as has sharing photos.
Audio and video has worked too, on different networks, which was something I was concerned about. Oddly enough, calling iOS from Android didn’t work first time, but has worked every time since then.
End-to-end encryption, via OMEMO, worked straight away, and using multiple devices has not proven to be a problem at all.
I’ve yet to test calling from Dino but, well, as long as it works from one of my devices, I’m happy.
Updates and renewals
I’m not familiar with docker, so I wasn’t sure what would happen in terms of needing to update my TLS certificate, or if I need to update Snikket.
I asked on the “project chat” channel, and the answers came very quickly:
the cert renewal should work automatically
and
you should also receive Snikket messages about pending updates, should there be a pending update
So that was positive!
It’s early days but, so far, so good.
Initial thoughts
Very positive indeed!
Sandra was very happy with the Snikket client, and I don’t envisage any problems there. It’s easy to use.
I’ve also connected to the Snikket official channel, both to get some support (thank you!) and also to check my installation is working with other servers. It is.
Being based on prosody, I had hoped that Snikket would allow me to run multiple instances, using different domains, but that’s not supported. This is not a deal breaker, and I could be tempted to run a separate instance of Snikket, to create a server for friends and family, to be able to communicate privately and securely even if the Online Safety Bill arrives and buggers up services like Signal.
You may also like:
- Early impressions of CryptPad on a Raspberry Pi
- GSConnect (KDE Connect), WireGuard, and Debian 12 Bookworm
- Unlocking a LUKS-encrypted partition via ssh on Debian 12 Bookworm
- NetworkManager: automatically switch between Ethernet and Wi-Fi
- Fixing sogo's 'incorrect string value' error
- Updating the LUKS key derivation function on Debian
- Backing up to a USB stick automatically via udev
- Fixing espanso incomplete text replacement
- Automating actions in Nautilus (GNOME's file manager) with scripts
- Jabra Evolve2 40 and Debian Linux
- Debian on a £190 Lenovo ThinkPad X1 Yoga Gen 2
- Enabling Webauthn in Firefox via snap
- Decrapifying (mostly) an Amazon Fire 8 HD Kids tablet via Linux
- Microsoft SurfaceBook 2 running Debian Linux working with two 4K screens
- Fixing rkhunter's 'Update failed' error