# Signal Server This guide is written by using Signal v2.92. (For Signal v3.21 please refer to [signal-new](../signal-server-3.21/) guide) ## Related Guide * Nginx Reverse Proxy (Scroll down on this guide) * [Step to install Dependencies](./DEPENDENCIES.md) * [Docker for PostgreSQL & Redis](../signal-docker) * [CoTurn Server](../coturn-server) * [Amazon Web Service / AWS](../signal-server-aws-setup) * [Remove Twilio](../signal-server-no-twilio) * [Using Own SSL Certificate (Self Signed)](../signal-server-self-signed-certificate) * [Use MinIO instead of AWS S3](../signal-minio) * [Autostart Signal on Startup](../signal-server-autostart) ## Requirement * JDK 11 * SSL Certificate for your domain * Google Recaptcha * Firebase Cloud Messaging (It used to be GCM) * Twilio * AWS 1. Create your own `config.yml`, put it inside `signal-server/service/config/`. You can take a look at [the example here](./example-signal.yml). 2. Build the server (I suggest you keep the DskipTests if you do a modification) ``` mvn clean install -DskipTests ``` 3. Generate value for UnidentifiedDelivery You will get key pair using this command (keep the keypair, you will need it for Android and for the next step) ``` java -jar service/target/TextSecureServer-2.92.jar certificate -ca ``` Use the Private key to generate certificate (key id can be random, i use 1234) ``` java -jar service/target/TextSecureServer-2.92.jar certificate --key --id ``` 4. Run postgres, redis, coturn (I suggest you use docker-compose. If you don't use docker-compose from this project, please modify the entries for postgres, redis, and coturn accordingly in `config.yml`). 5. Migrate databases ``` java -jar service/target/TextSecureServer-2.92.jar abusedb migrate service/config/config.yml java -jar service/target/TextSecureServer-2.92.jar accountdb migrate service/config/config.yml java -jar service/target/TextSecureServer-2.92.jar keysdb migrate service/config/config.yml java -jar service/target/TextSecureServer-2.92.jar messagedb migrate service/config/config.yml ``` 6. Run the server (config.yml is from step 1) ``` java -jar service/target/TextSecureServer-2.92.jar server service/config/config.yml ``` 7. To run the server in the background (run continously), use nohup ``` nohup java -jar service/target/TextSecureServer-2.92.jar server service/config/config.yml > /dev/null & ``` ## Configuring Nginx & Generating SSL Certificate with Let's Encrypt If you already has your SSL Certificate, you can use [the example nginx config](./example-nginx.conf) on the `Step 4` and skip the `Step 6 - 9`. 1. Install nginx on your system ``` sudo apt install nginx ``` 2. Install Certbot for Let's Encrypt ``` sudo add-apt-repository ppa:certbot/certbot sudo apt-get install python-certbot-nginx ``` 3. Allow Nginx to be accessed from outside using Firewall. The `Nginx Full` argument will create a rule that allow port 80 and port 443, you can change it to `Nginx HTTP` to allow only port 80 or change it to `Nginx HTTPS` to allow only port 443 ``` sudo ufw allow 'Nginx Full' ``` 4. Create your server configuration in `/etc/nginx/sites-enabled/domain.com`. ``` server { listen 80; listen [::]:80; server_name domain.com; } ``` 5. Reload your nginx to apply the new configuration ``` sudo nginx -s reload ``` 6. Run certbot to generate SSL Certificate ``` certbot --nginx -d domain.com ``` 8. When asked `Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.` You are recommended to choose `2: Redirect`. After the process is done your certificate will be located in ``` etc └── letsencrypt └── live └── domain.com └── *.pem ``` 9. Update your nginx config to suits your need, you can take a look at [the example here](./example-nginx.conf). 10. Check if your configuration is correct ``` sudo nginx -t ``` 11. If there's no error, you can reload your nginx to apply the new configuration ``` sudo nginx -s reload ``` If you are having a hard time configuring NginX manually, you can try generating configuration file by using nginxconfig.io. ## Creating a service to make server run automatically on reboot / restart 1. Go to `/etc/systemd/system` and create a file named `signal.service` 2. Open the file and paste this. **Change** `WorkingDirectory` to your directory, also change the path to java. To find the path to java, run `which java`. ``` [Unit] Description=Signal Server [Service] User=root WorkingDirectory=/path/to/signal/directory ExecStart=/path/to/java -jar TextSecureServer-2.92.jar server service/config/config.yml Type=simple Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target ``` 3. Run `sudo systemctl daemon-reload` 4. Run `sudo systemctl enable signal.service` ## FAQ Q: How do I get Recapthca? A: You register for Google Recaptcha v3, put your server's domain there. Q: How do I get GCM? A: Setup Firebase Cloud Messaging, you will get the key from there. Q: What AWS service do i need? A: CDN Cloudfront, S3 Bucket, SQS FIFO type, and IAM for the key. Q: How do I disable AccountCrawler Error? A: Disable accountDatabaseCrawler logging by commenting `environment.lifecycle().manage(accountDatabaseCrawler);` it is located in `service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java`. Rebuild the server then rerun it after you did the modification. ``` ... apnSender.setApnFallbackManager(apnFallbackManager); environment.lifecycle().manage(apnFallbackManager); environment.lifecycle().manage(pubSubManager); environment.lifecycle().manage(pushSender); environment.lifecycle().manage(messagesCache); // environment.lifecycle().manage(accountDatabaseCrawler); ... ``` Q: I got an error from updating profile name / avatar. A: Some error presumebly caused by constant change in client or server, starting fresh by reseting database & storage usually stopped this. Some people reported that modifying nginx configuration by adding `$uri` to the end of `proxy_pass`, but unfortunately I can't reproduce the desired result.