
Ask HN: XMPP/Jabber self hosting - BreaXerox
I&#x27;d like to host my own XMPP server for OTR communications. I&#x27;ve previously used OTR on top of Google Chat&#x2F;Hangouts, but I would like to try managing the server myself.<p>Does anyone have experience with a modern XMPP server? I found a list of server software at http:&#x2F;&#x2F;xmpp.org&#x2F;xmpp-software&#x2F;servers&#x2F;, however I&#x27;d like to hear some experiences before selecting one.
======
structural
I've set up a XMPP server using Prosody after evaluating what are typically
regarded as the top 3 implementations (ejabberd, Openfire, and Prosody).

I ended up with a Prosody install primarily for two reasons: 1) Memory
consumption/stability 2) Authentication support

The XMPP server hosts up to 700-800 simultaneous users and is located on a
machine that provides many other services. With both ejabberd and openfire at
this scale, memory consumption was in the several hundred megabyte range and
(specifically ejabberd) typically had CPU load of 10-20% of a core.

The prosody setup I ended up using was significantly more lightweight and was
simple to set up with server authenticating logins against TLS-enabled LDAP.

In the past, ejabberd was avoided because of serious security issues with the
software, but in the past few years it looks like they've gotten their act
together somewhat. That said, there's still some recent CVEs, you would want
to pay attention to this if deploying ejabberd in any public-facinc
infrastructure. As an example, ejabberd used to _require_ storing all
passwords in plaintext, claiming that this was "more secure" than the
alternatives (ref: [https://www.ejabberd.im/plaintext-passwords-
db](https://www.ejabberd.im/plaintext-passwords-db))

~~~
hackerboos
mongooseIM (an ejabberd fork) is also worth considering.

If you are new to XMPP then I'd recommend Prosody, very approachable and
written in Lua if I recall correctly.

------
xorcist
I've been though jabberd2, ejabberd and has since a couple of years stuck with
Prosody.

The main strengths are that it is very simple and lightweight, and uses less
resources. The drawbacks is that it is simple and lightweight, so anything
more complicated for corporate deployments is something you often have to roll
up your sleeves and implement yourself.

I was scared to run it at first because it is written in Lua, which is an
unknown language to me. However, I must say it is quite an elegant language. I
could get an authentication plugin running after looking at an existing one,
and I trusted it enough to run in production internally for a small team (and
it turned out to work well for us).

Edit: Be sure to get a real certificate (startssl is fine), if you intend to
use s2s. During the past year or two, most public servers has started to care.

~~~
Torgo
>During the past year or two, most public servers has started to care.

By general consensus, the XMPP community set May 19, 2014 as a deadline for
mandatory encryption:

[https://lwn.net/Articles/599647/](https://lwn.net/Articles/599647/)

------
preillyme
I use MongooseIM and it is a base platform for building high performance
messaging systems leveraging XMPP. It is designed to provide communication for
millions of concurrent online users in high growth sectors such as Social
Media, Gaming and Telecommunications. It is highly customisable due to its
clean and modular design allowing easy integration with pre-existing solutions
within a company. MongooseIM is truly innovative for building high volume
scalable instant messaging solutions, having features specifically designed
for enterprise and business.

It's a port of eJabberd and brings it up to ErlangOTP standards.

[https://www.erlang-solutions.com/products/mongooseim-
massive...](https://www.erlang-solutions.com/products/mongooseim-massively-
scalable-ejabberd-platform)

------
agwa
I've been using Prosody for ~2 years on a couple servers and I can't recommend
it highly enough: it's extremely simple, lightweight, and easy to configure.
Its author is even on HN. [https://prosody.im/](https://prosody.im/)

I don't recommend ejabberd, unless perhaps you need to cluster. It consumes a
lot of memory, which is undesirable on a VPS, and once I managed to get an
ejabberd server into such a weird state that it required dropping to its REPL
and writing Erlang to fix it (fortunately I have a friend who knows Erlang)!

~~~
deeviant
Actually, ever since the string handling was moved from erlang strings to
binary strings in ejabberd community edition, ejabberd's memory performance is
equal or better than other offerings.

Source: Last company I worked for used XMPP as the data channel to and form
our data center and IoT/SCADA devices, I oversaw the project of upgrading from
a much older version of ejabberd (which used erlang strings) and the much
newer community edition ejabberd(which uses binary strings).

You can also write a custom module and use ejabberd solely for it's XMPP wire
protocol and excellent routing features, but immediately export incoming data
from the server to other processes in your stack without ejabberd ever even
parsing the incoming XML(in this case we wrote a rabbitMQ ejabberd module
which allowed ejabberd to interact with our data center flawlessly), which is
what we did and at that point, a single XMPP server was able to handle our
entire traffic. Although we obviously used a cluster and HA load balancer for
scalability and redundancy.

------
smacktoward
I run ejabberd on my personal domain. It was easy to set up and has run
without really needing any active management for a few years now.

~~~
rasengan
I second this. ejabberd is good for your health. This message should not be
construed as a replacement for professional medical advice.

~~~
liotier
Indeed, the zero-administration of ejabberd over many years and a few hosts
makes it a sort of peace haven in-between grappling with the many tentacles of
the email system...

------
foupfeiffer
[https://www.hipchat.com/server](https://www.hipchat.com/server) is all of the
functionality (persistent searchable rooms, image uploads, mobile clients,
video, emoticons (allthethings) etc.) of HipChat.com but behind the firewall
(on premise). Disclaimer I'm a dev on the project, though to be fair everybody
in the Beta has been happy with it.

~~~
coned88
I never knew hipchat was a jabber system

~~~
zsiddique
We post publicly our XMPP Protocol for people building 3rd party addons that
use XMPP (or clients):
[https://ecosystem.atlassian.net/wiki/display/HCDEV/HipChat+X...](https://ecosystem.atlassian.net/wiki/display/HCDEV/HipChat+XMPP+Protocol+Documentation)

------
deeviant
I have worked pretty extensively with XMPP(specially, ejabberd) in a IoT/SCADA
context. Setting up your own ejabberd server is fairly painless. Download
ProcessOne's ejabberd community edition, and you should be running in an hour.
Don't be afraid of erlang as you don't have to get much exposure to it unless
want to.

I also had the pleasure working with ProcessOne via the Business edition
ejabberd support, as well as commissioning them to build few custom modules
that would have taken my C++(embedded team)/C#(back-end team) centric team
much more time and money to build ourselves. So ejabberd is a great way to
both get your feet wet(open source community version), then scale up in a big
way with professional support(commercially licensed business version) should
it be needed.

Note: I am not affiliated with ProcessOne in any way. Just had a pleasant
experience working with them, and greatly enjoy their product.

------
haidrali
I'have been using Tigase for our chat application
([https://play.google.com/store/apps/details?id=com.hyperon.sm...](https://play.google.com/store/apps/details?id=com.hyperon.smsall&hl=en))
the decision of selecting server depends totally upon your requirement. I have
used Tigase, Openfire and Jabbered 2 for different projects and have done with
lots of customization in them. If sclability is your main requirement my
suggestion would be

1- Tigase 2- Jabbered 2 3- Openfire

I have also heard of Ejabbered a lot but that is in erlang ( which i don't
like ) My top priority is always Tigase ( the only bad thing about it is you
really need to dig into it to manage because there isn't lots of support
available in term of blogs tutorials etc) Hope it will help you in choosing
your preferred one ....

~~~
haidrali
[http://stackoverflow.com/questions/8670234/scaling-tigase-
xm...](http://stackoverflow.com/questions/8670234/scaling-tigase-xmpp-server-
on-amazon-ec2) is a good link if you want to know why i prefer Tigase ....

~~~
doxcf434
Tigase supports mongodb now, which removes a single point of failure. Nice
feature.

------
lasermike026
I've run ejabberd and openfire. I had issues with ejabberd and load issues. I
use openfire now. XMPP is kind of beast. With ejabberd and openfire had to get
into the code and debug it myself. If I stick with XMPP I'm can see myself
wading hip deep in the code.

I'll have to take a look at prosody.

------
praveenster
I have also been researching this topic for a while. I was using Google
hangouts for a while but lately it seems to be dropping messages. Tried Skype
next but it will only keep message history on the cloud for 30 days. Next
evaluated Facebook. It works quite well but I want to host my own on a VPS.
The top three alternatives seem to be prosody, ejabberd and openfire. I was
planning to use ejabberd but the issue I have with any of the XMPP solutions
is that they have issues with iOS and you need to find a way to get it to work
with the push mechanism otherwise the IM clients will go offline in 10
minutes. Any suggestions for this?

~~~
structural
There's really no good way around this for iOS - it's really a limitation of
how push notifications work vs. how XMPP is designed. You'll find that things
like IRC clients have the exact same problems on iOS (similar problem space,
similar protocol that expects constant connections).

If you want to do this for real, what you end up doing is implementing your
own server backend that receives XMPP messages and then sends out push
notifications to a mobile client. Generally a pain in the rear, but do-able.
Getting your own iOS developer key & dealing with app store approval for stuff
like this is probably the hardest part (for shops that aren't already doing
mobile development). There are 3rd-party services that help bridge this gap:
examples are [https://pushover.net/](https://pushover.net/) or
[https://boxcar.io/](https://boxcar.io/)

If you're okay with a hosted solution and don't really want to deal with
development or deploying a XMPP solution yourself, many of our clients have
had good success with Slack ([https://slack.com/](https://slack.com/))

------
bgaluszka
I'm using current ejabberd which is very, very stable and feature rich. As to
clients I've [http://www.psi-plus.com/](http://www.psi-plus.com/) on Ubuntu
and
[https://github.com/siacs/Conversations](https://github.com/siacs/Conversations)
on Android (which can be compiled from source if e.g. you don't have Google
Play).

------
raooll
I would say you go with MoongooseIM. Its a much optimized fork of ejabberd
with some things done in a much nicer way ... It support redis session backend
, encrypted password, xmmp over websockets to name a few.

Disclaimer:- I personally work on chat server and personally prefer
moongooseim to be one of the best available right now.

------
andrewjwu
I've been thinking about hosting my own XMPP server as well. Does anyone have
any recommendations on the most cost-effective place to host it? Since it's
for a small group of friends I'd imagine it wouldn't need anything too
resource intensive. Perhaps something like Linode or DO?

------
cookrn
A Ruby implementation called Vines [0] [1] might be interesting to try out.

[0] [http://www.getvines.org/](http://www.getvines.org/) [1]
[https://github.com/negativecode/vines](https://github.com/negativecode/vines)

------
geeknik
I'm using Prosody. Supports TLS1.2 and Forward Secrecy.

Check your score on xmpp.net if you haven't already. ;)

------
pinktacobender
[http://www.igniterealtime.org/projects/openfire/index.jsp](http://www.igniterealtime.org/projects/openfire/index.jsp)

used it on an old project. written in JAVA, not my favorite, but super easy to
use and highly extensible.

------
mschirrmeister
Depends on what you are looking for in terms of features. If you want to build
a global cluster, give ejabberd or its forks a shot. I was running it in the
past and it was just running without any problems.

I picked it because of its clustering features and ldap support.

------
gdamjan1
And how do you solve the problem of reliably delivering messages over XMPP?

For ex, if I switch from 3G to Wifi on my mobile (or just loose connectivity)
the server still thinks I'm online and will send messages over the TCP socket
(that hasn't timeouted yet).

------
doppioslash
I run MongooseIM, an ejabberd fork. It works fine. It needed a reboot once,
after that been running continuously.

------
debacle
OpenFire is _pretty_ stable, but not completely stable. It has never not
recovered from a restart though.

------
misiti3780
I just actually hooked up XMPP using converse.js + prosody - it wasnt fun but
it works

------
ChrisArchitect
interesting / varied support in here. Prosody seems to be popular. Also in the
market for something for small corporate IMing. Anyone ever install prosody on
a shared host like Dreamhost?

\--

------
ape4
ejabberd is written in Erlang which was a turn off for me. Maybe not for you.

------
stock_toaster
prosody has worked well for me, and is relatively easy to set up and
configure.

~~~
mitchtbaum
same here

------
shmerl
Ejabberd is a good option.

------
feld
ejabberd. Way better than OpenFire in my opinion.

