Does anyone have any experience in successfully self-hosting Signal server using docker?
Thanks in advance.
EDIT: Thanks all for your response. I gave up on Signal and installing Matrix server instead.
Yeah Matrix is a good choice 👍
You really can’t in practice. Maybe look into Simplex Chat
Thanks for pointing out Simplex Chat, I did not know that it exists. It looks very interesting, but reading more about it, they will have to implement some kind of business model in the future. My fear is, that even when self-hosting, some features will be behind a paywall in the future, so it is not a solution I would switch to… switching to a new messenger is a long-term endeavour. It is hard to convince friends to move over too, let alone switching to a new one every few years. That’s near impossible. But the technology of Simplex looks really interesting and reading through the Docs it makes the impression that it is very polished.
Yeah, it’s really going viral
Does signal allow self hosting? Unless we are thinking of different things called Signal.
Signal is not a federated protocol, though. I guess you can run that server code. But it won’t connect you to your friends and people on the regular Signal network. (Plus you’d also need to build a custom version of the client/app.) I’m a bit unsure whether OP is aware of that.
I actually don’t want to run it on regular signal network. Just want to self-host it on my home server, and allow home devices to use it to communicate via tailscale.
Basically my own private signal network that my devices connected to.
I self host NTFY instead. It’s not a chatbot but a hell of a lot easier to integrate devices into.
Sounds like a job for XMPP
You will also have to recompile the official apps with the new domain/IP. And then keeping both updated. That’s too much work. I’d rather self-host Matrix without federation. Or XMPP.
Seems like SimpleX might already do what you’re looking for.
I had a quick look and seems there have been some projects packaging the Signal server for Docker… But the projects Google returns as results on the first page all seem to be abandoned. Seems this is a bit niche. Unfortunaltely I don’t have any good advice here. I run a Matrix server, so I don’t have experience with this.
shrug or they want to use it as a private server, couldn’t tell you.
Just pointing to the server source as you can run the server self hosted.
This doesn’t answer OP’s question, but is more of a PSA for anyone that seeks to self-host the backend of an E2EE messaging app: only proceed if you’re willing and able to upkeep your end of the bargain to your users. In the case of Signal, the server cannot decrypt messages when they’re relayed. But this doesn’t mean we can totally ignore where the server is physically located, nor how users connect to it.
As Soatok rightly wrote, the legal jurisdiction of the Signal servers is almost entirely irrelevant when the security model is premised on cryptographic keys that only the end devices have. But also:
They [attackers] can surely learn metadata (message length, if padding isn’t used; time of transmission; sender/recipients). Metadata resistance isn’t a goal of any of the mainstream private messaging solutions, and generally builds atop the Tor network. This is why a threat model is important to the previous section.
So if you’re going to be self-hosting from a country where superinjunctions exist or the right against unreasonable searches is being eroded, consider that well before an agent with a wiretap warrant demands that you attach a logger for “suspicious” IP addresses.
If you do host your Signal server and it’s only accessible through Tor, this is certainly an improvement. But still, you must adequately inform your users about what they’re getting into, because even Tor is not fully resistant to deanonymization, and then by the very nature of using a non-standard Signal server, your users would be under immediate suspicion and subject to IRL side-channel attacks.
I don’t disagree with the idea of wanting to self-host something which is presently centralized. But also recognize that the network effect with Signal is the same as with Tor: more people using it for mundane, everyday purposes provides “herd immunity” to the most vulnerable users. Best place to hide a tree is in a forest, after all.
If you do proceed, don’t oversell what you cannot provide, and make sure your users are fully abreast of this arrangement and they fully consent. This is not targeted at OP, but anyone that hasn’t considered the things above needs to pause before proceeding.
From their README. Have you looked at their forum?
We cannot provide direct technical support. Get help running this software in your own environment in our unofficial community forum.
This thread has a link to someone’s Dockerfile for their development.
@KarnaSubarna are you referring to a selfhost signal proxy instead ?
Nope, the server itself.
You cannot selfhost Signal, because the regular app won’t connect to your server. You could probably bridge it to Matrix I guess? I’m pretty sure it’s a thing, but I see little benefit here, besides your phone not connecting to Signal and your messages being collected in one app, if you so desire.
I though Signal Android client is open source and I can changed the server url if I can get server selfhosted.
@UnfortunateShort @KarnaSubarna I think you are right about the official client, they really want to own the service so you can only connect to their decentralized service via their centralized servers 🙄 I haven’t done it, but I think you can run your own client, either modifying and building it yourself, or surely one of the existing forks can connect to arbitrary servers? But anyone who wants to use your server will have to also use one of the forks.
@UnfortunateShort @KarnaSubarna And you’ll want to audit the client code of the fork, including dependencies and make sure it is keeping up to date with official development for security patches. And Signal may try to break the interoperability at some point in the future.
