Does anyone have any experience in successfully self-hosting Signal server using docker?

Thanks in advance.

EDIT: Thanks all for your response. I gave up on Signal and installing Matrix server instead.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    12 days ago

    Does signal allow self hosting? Unless we are thinking of different things called Signal.

  • litchralee@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    edit-2
    12 days ago

    This doesn’t answer OP’s question, but is more of a PSA for anyone that seeks to self-host the backend of an E2EE messaging app: only proceed if you’re willing and able to upkeep your end of the bargain to your users. In the case of Signal, the server cannot decrypt messages when they’re relayed. But this doesn’t mean we can totally ignore where the server is physically located, nor how users connect to it.

    As Soatok rightly wrote, the legal jurisdiction of the Signal servers is almost entirely irrelevant when the security model is premised on cryptographic keys that only the end devices have. But also:

    They [attackers] can surely learn metadata (message length, if padding isn’t used; time of transmission; sender/recipients). Metadata resistance isn’t a goal of any of the mainstream private messaging solutions, and generally builds atop the Tor network. This is why a threat model is important to the previous section.

    So if you’re going to be self-hosting from a country where superinjunctions exist or the right against unreasonable searches is being eroded, consider that well before an agent with a wiretap warrant demands that you attach a logger for “suspicious” IP addresses.

    If you do host your Signal server and it’s only accessible through Tor, this is certainly an improvement. But still, you must adequately inform your users about what they’re getting into, because even Tor is not fully resistant to deanonymization, and then by the very nature of using a non-standard Signal server, your users would be under immediate suspicion and subject to IRL side-channel attacks.

    I don’t disagree with the idea of wanting to self-host something which is presently centralized. But also recognize that the network effect with Signal is the same as with Tor: more people using it for mundane, everyday purposes provides “herd immunity” to the most vulnerable users. Best place to hide a tree is in a forest, after all.

    If you do proceed, don’t oversell what you cannot provide, and make sure your users are fully abreast of this arrangement and they fully consent. This is not targeted at OP, but anyone that hasn’t considered the things above needs to pause before proceeding.

  • uranibaba@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    12 days ago

    From their README. Have you looked at their forum?

    We cannot provide direct technical support. Get help running this software in your own environment in our unofficial community forum.

    This thread has a link to someone’s Dockerfile for their development.

  • UnfortunateShort@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    3
    ·
    12 days ago

    You cannot selfhost Signal, because the regular app won’t connect to your server. You could probably bridge it to Matrix I guess? I’m pretty sure it’s a thing, but I see little benefit here, besides your phone not connecting to Signal and your messages being collected in one app, if you so desire.

    • Karna@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      12 days ago

      I though Signal Android client is open source and I can changed the server url if I can get server selfhosted.

    • Face Thumb@cyberplace.social
      link
      fedilink
      arrow-up
      1
      ·
      12 days ago

      @UnfortunateShort @KarnaSubarna I think you are right about the official client, they really want to own the service so you can only connect to their decentralized service via their centralized servers 🙄 I haven’t done it, but I think you can run your own client, either modifying and building it yourself, or surely one of the existing forks can connect to arbitrary servers? But anyone who wants to use your server will have to also use one of the forks.

      • Face Thumb@cyberplace.social
        link
        fedilink
        arrow-up
        1
        ·
        12 days ago

        @UnfortunateShort @KarnaSubarna And you’ll want to audit the client code of the fork, including dependencies and make sure it is keeping up to date with official development for security patches. And Signal may try to break the interoperability at some point in the future.