It was too easy, so now what?

I was really surprised how quickly I got a functional team chat and video conferencing server set up with Matrix Synapse. I put it on a VM on my desktop iMac and routed the domain, meetingvite.com to the VM’s IP address with DNS and NAT. It was shockingly simple.

I’m a Wordpress developer, but during the covid lockdown I’ve been challenging myself to branch out. I’ve always thought that it would be great if the general public stopped thinking that services like this have to come from a giant, profit driven dotcom startup. If we could mature these technologies enough to call a FreedomBox device a “Personal Security Appliance” that has very little configuration and a tangible benefit that doesn’t require a CS degree to understand, we might be able to flip the power dynamic away from consumer-as-product.

But I’m not 100% sure if I’m thinking about this in the right way. What should I read to get a more realistic picture of what’s possible with this? Am I on the right track? I’ve set up WordPress and right now I’m looking for a way to automatically add WP users to Synapse and send them instructions about how to access via web, mobile, or desktop client.

My company, ClipperVacations.com was hit hard by covid and then the expense of Slack extras and all the GoToMeeting and Zoom accounts, was an unexpected budgetary strain. I’d love to see small companies like mine take control of these new remote working necessities without draining the bank.

What are you doing with your FBX and what are your goals?

Actual results
I’m amazed. Better than I was even hoping for.

Screenshot

Information

  • FreedomBox version: You are running Debian GNU/Linux bullseye/sid and FreedomBox version 20.12.1. FreedomBox is up to date.
  • Hardware: VirtualBox with minimum specs running on macOS Catalina on a 2019 27" iMac.
  • How did you install FreedomBox?: Downloaded the Vbox disk image and followed instructions. Started with Docker containers to get Matrix Synapse running, but kept running into dead ends when trying to configure it. Got it working and was able to connect with Riot/Element and several teammates, but it became less stable with every tweak I made. After moving to the VBox image, it was way more straightforward. I haven’t worked much with Docker, but I suspect that’s the more awesome way of running this so that’s what I’m going to work on next. I went and registered several cheap domains so that I can have multiple servers running at once while I learn and evaluate.
2 Likes

I’ve set up WordPress and right now I’m looking for a way to automatically add WP users to Synapse and send them instructions about how to access via web, mobile, or desktop client.

I thought that is already supposed to be covered by creating freedombox accounts, and the freedombox portal already provides info and links to the client apps. But of course the instructions may be improvable. If you have specific ideas the freedombox devs may be able to point you to the corresponding html and code.

Generally, the matrix stack on freedombox should work. However, from what I read and found about its privacy it’s seems to implement “decentral operation with central meta-data routing (i.e. collection)”. Probably what is to be expected from financial and company interests. (Ask yourself who would invest.) It’s the matrix vs. grid vs. XMPP protocol topic.

The XMPP stack on freedombox currently still needs some manual workarounds to support audio and video calls:

I read that for XMPP on iOS at least Siskin does support audo and video chat, but may still be missing some file based audio/video file recording and sending features.

Fully featured mobile XMPP clients for android, lineage or https://e.foundation are https://Conversations.im and https://Quicksy.im for contacts that are not on any self-hosted server.

https://movim.eu may be used as a full-featured web-based XMPP chat client.

Jitsi may also be an alternative for XMPP conferencing, it has upstream debian packages and a generic howto:


Concerning LDAP account integration: Though I really do not understand this page fully, this seems like it is showing an install and configuration of jitsi with LDAP accounts. https://wiki.linuxmuster.net/community/anwenderwiki:erweiterungen:jitsi

For some one-to-many conference features, however, it may still be necessary to have an installation of “big blue button”.

1 Like

BTW 1: As you seem to be looking for videoconferencing and more you may be better off avoiding ARM based servers (for now), because some of the prospective software packages that may be of interest to you need more resources or just don’t run on it (yet). (For example, video sharing and recoding or some of the Free web-files "cloud" solutions?)

Some passively cooled systems based on the J4105 or J5005 CPU may be an alternative (idle power consumption also way below 5W).

BTW 2: As a wordpress expert, would you have some knowledgeable info related to my perception in this topic:

There still is no docker image (https://salsa.debian.org/freedombox-team/freedombox/-/issues/1880), but a preferable alternative in any way might be to just install the freedombox (debian package if using a container) and others in Proxmox Virtual Environments.

That’s actually something I wanted to bring up with someone more knowledgeable than I am…I made WP work by editing config files without knowing exactly what else that would affect.

  1. I installed apache-mariadb-php using the instructions here: https://www.linuxbabe.com/debian/install-lamp-stack-debian-10-buster, including the mysql_secure_installation piece.
  • Before you do this, try taking a snapshot of the /etc/apache2/ directory. The install disables some of the configs and vhosts, causing FBX to lose functionality. So make sure you know what’s already configured.

  • After the install, check /etc/apache2/sites-enabled, mods-enabled, and confs-enabled to ensure that everything that was there before is still there. If not, use sudo a2ensite, a2enmod, and a2enconf to make it match.

  • Before restarting Apache, edit the default vhost site config (000-default.conf) and point the document root directive to your wordpress directory. Here is my working VirtualHost *:80 config:

     ServerName www.meetingvite.com
    
     ServerAdmin webmaster@localhost
     DocumentRoot /var/www/html
     DirectoryIndex index.php index.html
    
     <Directory "/var/www/html">
             Options FollowSymlinks
             AllowOverride All
     </Directory>
    
  1. Edit the file /etc/apache2/conf-available/freedombox-apache-homepage.conf and comment out the first line, RedirectMatch "^/$" "/index.html" with two hashtags like this: ## RedirectMatch "^/$" "/index.html". You have to comment it instead of using a2disconf on the whole config or FBX fixes itself and makes /plinth your default site.
  2. Now restart apache with sudo systemctl apache2 reload.
  3. It’s super helpful to change the owner/group of the WP html directory and its contents to www-data. WP will help you add and edit files in your installation if it has filesystem access with write permissions.
  4. You’ll need to install the Apache library for Certbot and get a cert using the command line. I found instructions on the EFF site, but they only work if you change the python version to 3 like this:
    sudo apt-get install certbot python3-certbot-apache
  • Then run:
    sudo certbot --apache
    and it will pick up your new domain as a candidate for requesting a certificate. You can’t use the built-in Certbot UI from FBX.
  • This also creates the apache2 site conf file for port 443.

I’ve pulled these directions from my notes, so I may have left out some minor details. Let me know if you run into any trouble. Configuring WP to run in just about any server setup is my thing, so I’m sure I can help.

Hey, I’m sure your notes are much appreciated by those that want to install WP. Maybe you could move your notes to the other thread, and shed some light about if there really are outgoing connections made and thus data or meta-data transferred in the name of “spam protection”, “metrics” etc.?

Docs about app packaging: https://docs.freedombox.org/
Further packaging idea: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1883

Personally I prefer a static site generator on the freedombox.

If I understood you correctly, then your topic here is kind of “Chat server with video calls was too easy, so now what…”, isn’t it?

How do I move it? I’d definitely like to have it reviewed too, so the more eyes the better. Don’t want to answer the thread with instructions that might cause a security vulnerability, but definitely more like to be seen and reviewed under that topic.

And yes. You’ve summed it up correctly. I started with Matrix/Synapse which FBX handles really well, but was hard to admin.

The pencil icons at the topic and your individual messages should allow you to edit.

Interesting:

“what is really drawing us to XMPP is how it is designed with the user’s privacy as a central pillar. While the Matrix protocol […] architectural focus is directed elsewhere”
( https://disroot.org/en/blog/matrix-closure )

Disroot has closed down their Diaspora and Matrix servers. Their decisions seem to be based on performance at scale, maintenance work required, spam prevention etc. In FreedomBox, we depend on Debian for most of the package maintenance work. Home servers aren’t expected to support hundreds of users. Our applications do not have public registrations enabled by default, thus avoiding the spam problem.

XMPP has its own set of problems and cannot be considered a superior alternative to Matrix. FreedomBox supports both. Hiding participants’ user names in Matrix rooms is just one feature that’s currently missing. I wouldn’t classify Matrix as “not private” over this.

Yeah, Matrix performance and requiring more than 1GB RAM is another topic.
And I had seen that the interests behind matrix actually had lead to their apps being compiled with known tracker libs, as long as they could get away with it. These things were bad enough for me, to look for an alternative.

But it’s interesting to see so many attention-shifting or cover-up attempts in this discussion https://forums.puri.sm/t/why-are-we-still-supporting-matrix-riot/6766, after the mention of their published track record, that is really worth reading:

The user names only seem like a small side effect, if the other links above are to be considered.