back to top
by: Owen Gunden
Cryptocat has instructions on how to run your own custom cryptocat server. I just puzzled through to success. So here's another guide with hopefully a few helpful details. Also, I'm using apache instead of nginx.
When you click "custom server" on the cryptocat UI, the above dialog slides up. Make note of the four boxes on the right. They are, from the top:
The name can be anything, it's just a client-side label for the server connection.
"Domain" is a misleading name, it actually corresponds to the "Hostname" in your ejabberd configuration. You should create a DNS entry for this.
The third box, XMPP Conference Server, doesn't need a DNS entry. While it's not strictly necessary, it will be easiest if you just tack "cryptocat." in front of what you have for box 2.
The fourth box should be exactly as above, substituting your value for box 2.
# apt-get install ejabberd
Configure ejabberd per the instructions. "
host.name" must correspond to your
entry for box 2 above. You can leave the rest of the file unchanged (the
default is to use
conference.host.name as the conference server, which must
correspond to box 3 above.
Once you're done with the configuration, restart ejabberd. I had an issue where
the configuration didn't take when I did
service ejabberd restart, so you may
need to experiment with
service ejabberd stop and/or manually killing all
processes owned by ejabberd.
The quickest way to test that your server is listening is with
telnet localhost 5280.
Did it say "connected to localhost."? Then you're good to move on.
The relevant directives are:
ProxyPreserveHost On ProxyRequests Off <Proxy *> Order allow,deny Allow from all </Proxy> ProxyVia On ProxyPass / http://localhost:5280/ ProxyPassReverse / http://localhost:5280/
You can put them in a virtual host definition (e.g. for
your box 2 entry above). You will also need to make sure
mod_proxy is installed
and enabled on your setup.
Once you have configured apache, restart it and navigate on your web browser to
https://cryptocat.example.org/http-bind. Accept the self-signed certificate
(if that's what you're using). If everything is correct, you will see a message
Important note! If you're using a self-signed certificate, everyone who wants to access your cryptocat server will need to first navigate to the above URL and accept the certificate. Otherwise cryptocat will hang indefinitely on login.
Setting up your own cryptocat server is a nice way to enhance your security
further, because while I'm sure the guys at
crypto.cat don't log your traffic,
in theory they could. If you're curious about what the logs would look like,
change your ejabberd.cnf
loglevel to 5 and see for yourself. There's no
plaintext content, but there is some metadata there.