Signal Installation Steps

README.md

⚠️ Obsolete guide

Please check the new Guide

Signal Server Installation Guide

Author: Aqnouch Mohammed aqnouch.mohammed@gmail.com

Abstract

This paper is a quickstart for anyone aims to setup a working Signal Server.

What Is Signal

Signal is an encrypted instant messaging and voice calling application for Android. It uses the Internet to send one-to-one and group messages, which can include images and video messages, and make one-to-one voice calls. Signal uses standard phone numbers as identifiers and end-to-end encryption to secure all communications to other Signal users.

Installation Steps

The main server source code could be found here:

https://github.com/signalapp/Signal-Server

Before starting working let's clonned the source code:

https://github.com/signalapp/Signal-Server.git

Inter the project folder:

cd Signal-server

Build the main server server jar

mvn install -DskipTests	

Prerequisites

To be sure to have the latest version of the programmes.

sudo apt-get update 

Install Java

sudo add-apt-repository -y ppa:webupd8team/java
sudo apt-get update 
sudo apt-get install -y oracle-java8-installer
sudo apt-get install -y oracle-java8-unlimited-jce-policy 

Install Redis

sudo apt-get install -y redis-server

Install database

sudo apt-get install postgresql postgresql-contrib -y

Create postgres root user:

sudo -i -u postgres
createdb accountdb
createdb messagedb 

createuser --interactive
psql
ALTER USER "Signal" WITH PASSWORD 'Signal!!';

##Remotely access to the postgresql database To open the port 5432 edit your /etc/postgresql/9.*/main/postgresql.conf and change

listen_addresses='localhost'

To

listen_addresses='*'

Edit

/etc/postgresql/9.*/main/pg_hba.conf

And add

host all all * md5

And restart or restart you DBMS

invoke-rc.d postgresql restart

The configuration files

Here a working server file filled with fake values. You have to provide your own values:

twilio: # Twilio gateway configuration
  accountId: AC0a435e5bc49AC0a435e5bc49AC0a435v
  accountToken: bdc211b8a91990988166a82a65f0aafv
  numbers: [+10133273922]
  messagingServicesId: 
  localDomain: akdev.tech

push:
  queueSize: # Size of push pending queue

turn: # TURN server configuration
  secret: test
  uris: ["turn:127.0.0.1:3478"]

cache:
  url: http://127.0.0.1:6379

directory:
  url: http://127.0.0.1:6379

messageStore: # Postgresql database configuration for message store
  driverClass: org.postgresql.Driver
  user: Signal
  password: Signal!!
  url: jdbc:postgresql://akdev.tech:5432/messagedb

attachments: # AWS S3 configuration
  accessKey: AKIAIHGXT3LQBZVVMH5A
  accessSecret: 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
  bucket: Signal

profiles: # AWS S3 configuration
  accessKey: AKIQBZVVMH5QAIHGXT3A
  accessSecret: TAA2Wy1mGRiHzOCCMlB8TVu7zOiNX2OR/JmzvWSx
  bucket: Signal
  region: eu-west-1

database: # Postgresql database configuration
  driverClass: org.postgresql.Driver
  user: Signal
  password: Signal!!
  url: jdbc:postgresql://akdev.tech:5432/accountdb

apn:
  bundleId: com.nevermynd.messenger
  pushCertificate: config/certs/Certificates.p12
  pushKey: aqnouch

gcm:
  senderId: 90077701463
  apiKey: AIzaSyAHNIwGE0yKG9QnDZQMcziNAF-0zliXOtH

server:
  applicationConnectors:
    - type: http
      port: 8080
  adminConnectors:
    - type: http
      port: 8081

Database migration

Once you have PostresSQL Up&Running with username, password, messagesdb and accountsdb (two db can be the same one) and these parameters are well coded inside TSS' yml file as seen above as jdbc string , you can now create data structures needed by the application.

java -jar ../jars/Signal-2.1.jar  messagedb migrate  ../config/Signal.yml
java -jar ../jars/Signal-2.1.jar  accountdb migrate  ../config/Signal.yml

S3 configuration

create S3 bucket an IAM user, and add it to the S3FullAccess group

Reverse proxy

sudo a2enmod proxy proxy_http proxy_wstunnel

The configuration to add the the site availible section in: apache /etc/apache2/sites-available/

ServerAdmin aqnouch.mohammed@gmail.com ServerName kalam.app

    DocumentRoot /var/www/kalam/

    <Directory /var/www/tkalam>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>	

SSLCertificateFile /etc/letsencrypt/live/kalam.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/kalam.app/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Turn server installation

sudo apt-get install -y coturn
sudo apt-get install -y build-essential
sudo turnserver -a -o -v -n  --no-dtls --no-tls -u test:test -r "someRealm"

SSL Certificate

Create the ssl certificate

sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update -y
sudo apt-get install python-certbot-apache  -y
sudo certbot --authenticator standalone --installer apache -d <yourdomain> --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

All feedbacks are welcome, if you want extra help, we can discuss it over the mail: aqnouch.mohammed@gmail.com

for which version is this guide ? current version ask for a lot of properties in configuration file and i havent been able to find any doc to clarify...
is this guide for 1.88?

for which version is this guide ? current version ask for a lot of properties in configuration file and i havent been able to find any doc to clarify...
is this guide for 1.88?

yes it is.

Hi, Sorry I'm too late yes my guide was for the old server version (1.88), I'm trying to find time to update it. Le mer. 19 juin 2019 à 09:59, 刘晓文 <notifications@github.com> a écrit :

…

@ericfjl <https://github.com/ericfjl> i think you can change the code that you clone by github change: src/main/java/org/whispersystems/pushserver/senders/APNSender.java add: import java.io.FileInputStream; change: //PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(pemCertificate.getBytes()))); // to PEMReader reader = new PEMReader(new InputStreamReader(new FileInputStream(pemCertificate))); change: //reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(pemKey.getBytes()))); // to reader = new PEMReader(new InputStreamReader(new FileInputStream(pemKey))); — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <https://gist.github.com/9a371af0614f4fe706a951c2b97651e7?email_source=notifications&email_token=AA4FSDAGLS6P6NATIC3ESS3P3HYNPA5CNFSM4HKTPW4KYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFT5VW#gistcomment-2947931>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA4FSDD2FB4OQ2E7C67PRVLP3HYNPANCNFSM4HKTPW4A> .

-- Cordialement Aqnouch Mohammed M:+212 (0) 624 03 92 57

Thank @aqnough for this tutorial.
This is my configuration for version 1.88.
https://raw.githubusercontent.com/tienbm90/Signal-Server/master/config/Signal.yml

Thank @aqnough for this tutorial.
This is my configuration for version 1.88.
https://raw.githubusercontent.com/tienbm90/Signal-Server/master/config/Signal.yml

Where did you find the version 1.88?

And could anyone provide complete documentation for the configuration as per versions? I have built the 2.55 version.

Thank @aqnough for this tutorial.
This is my configuration for version 1.88.
https://raw.githubusercontent.com/tienbm90/Signal-Server/master/config/Signal.yml

Where did you find the version 1.88?

And could anyone provide complete documentation for the configuration as per versions? I have built the 2.55 version.

Hi @darkprince92, you should check commit history on github repository to find version 1.88. With my knowledge, there is no complete installation guilde for Signal Server. I will provide installation guilde in the future.

hi, @tienbm90 , would you share your complete, step by step, installation guide? as a developer of android, I found this guide very hard to follow, especially the configuration files part, maybe it's a bit stale since it's for 1.88 version. And I want to know whether it's possible to deploy totally locally without AWS for test. Thank you in advance.

To those who are interested, here's a guide I made for v1.88

https://gist.github.com/WisdomSky/fd348eb012b8f37f6b9b7dbb69eed6e1

It also already included the specific git hash which specifically points to v1.88.

Sorry for my spamming @aqnouch,

but for all users that need to deploy latest Signal Server 2.55, you can follow community discussion and guide here:
https://community.signalusers.org/t/guide-deploy-signal-server-v2-xx-cds-sgx/8331

Thanks

Any recommendations for the Android application once the server is set up?

Server type needs to be https
https://community.letsencrypt.org/t/importing-letsencrypt-into-java-and-glassfish/9711
https://www.dropwizard.io/en/stable/manual/core.html

server:
  applicationConnectors:
    - type: https
      port: 8080
      keyStorePath: example.keystore
      keyStorePassword: example
      validateCerts: false

Few additional steps for the Android client: https://github.com/lucaconte/BeatTheMeddler whisper.store needs to be overwritten

The attachment s3 buckets need to have "Transfer Acceleration" enabled and needs to be on the region us-east-1 - Weirdly there are no settings for region for attachments so it's forcing the creation on us-east-1, super strange if you think about it since it's the state of Virginia.

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-transfer-acceleration.html

For the sake of it, this is not hardcoded to us-east-1 since this April 2019. signalapp/Signal-Server@305b414

I am trying to start signal-server, but there is so many issues, is anyone was able to start service by parts, without usage of redphone, apn disable options for ios, test before on android, disabling cache , redis and whatever is used, and by the way http connection in android is by okHttpClient and the thing is i can't figure out, is there any header auth, i can't purely test http queries by postman, how are you doing all this staff guys?

Hi i downloaded the latest android version from the github, changed the links, but at the stage of checking the code, the server gives the code 204. I do not understand what the problem is. Does anyone know what could be the problem? Or maybe someone knows what needs to be fixed in the source except the server address?

upload file to s3 path attachment/, code: 405, MethodNotAllowed.

Hey Guys
I've install signal-server but i cant see the state of signal-server. how can i check the server is up or down and how to connect to the my own signal-server by client?
anyone can help me?
thanks

@HamedRahmani if server is running, just test if all links are working Ex: http://localhost:8080/v1/accounts/sms/code/+1555312457 does it brings error or not, if there is no error, this means authentification with twilio works just fine, and so on

I has an error when run the service,why?
the config file
apn: # Apple Push Notifications configuration bundleId: com.secret.signalTest pushCertificate: /Users/jlfang/Downloads/signal.p12 pushKey: 123456

error:
java.lang.NullPointerException at org.whispersystems.textsecuregcm.push.RetryingApnsClient.initializePrivateKey(RetryingApnsClient.java:114) at org.whispersystems.textsecuregcm.push.RetryingApnsClient.<init>(RetryingApnsClient.java:61) at org.whispersystems.textsecuregcm.push.APNSender.<init>(APNSender.java:71) at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:184) at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:1) at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:43) at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87) at io.dropwizard.cli.Cli.run(Cli.java:78) at io.dropwizard.Application.run(Application.java:93) at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:292)

code: reader.readObject() ==null
private static X509Certificate initializeCertificate(String pemCertificate) throws IOException { PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(pemCertificate.getBytes()))); return (X509Certificate) reader.readObject(); }

I got same .

root@ubuntu:/home/winston/Signal-Server# java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml
INFO [2020-07-30 02:58:20,413] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: /
INFO [2020-07-30 02:58:20,434] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: /
INFO [2020-07-30 02:58:23,922] com.turo.pushy.apns.ApnsClientBuilder: Native SSL provider is available; will use native provider.
java.security.cert.CertificateException: No certificate found in parsing!
at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.initializeKeyStore(DirectoryReconciliationClient.java:81)
at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.initializeClient(DirectoryReconciliationClient.java:62)
at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.(DirectoryReconciliationClient.java:49)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:270)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406)
In the config.yml I got certificate in there but stil show this error . help me !!!

unidentifiedDelivery:
certificate: |
CiYI5A8SIQUO+IlR4c9wwDNmYkD4RRJAob3q9UG4vwkaV1k9iiBPhAXv5liN85Q8vFwEJawOWxIng6WwXo/hoXNFb/TinsRPlI5XuSfQs23FDUVRVXZggQ==
privateKey: |
0PxKUuaNlcXCqgs55/tVAY0uZVji3lzhIrrp25Wcm28=
expiresDays: 365

I got same... did you fix it?

Hi, I've been struggling with this for some time now.

I have the same error as people above, and seemingly relates to the APN / push certificates config.

i have this in my yaml config:

apn:
   pushCertificate: /local_repo/Signal-Server/service/config/certs/applepush.crt.pem
   pushKey: /local_repo/Signal-Server/service/config/certs/altapplepush.rsa.key.pem
   bundleId: com.tesing123
   sandbox: true

When starting the server i get this:

root@node1:/local_repo/Signal-Server# java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml
DEBUG [2021-01-27 11:08:57,593] org.eclipse.jetty.util.DecoratedObjectFactory: Adding Decorator: org.eclipse.jetty.util.DeprecationWarning@6443b128
DEBUG [2021-01-27 11:08:57,598] org.eclipse.jetty.util.component.ContainerLifeCycle: i.d.j.MutableServletContextHandler@2d66530f{/,null,UNAVAILABLE} added {ServletHandler@1d207fad{STOPPED},MANAGED}
DEBUG [2021-01-27 11:08:57,600] org.eclipse.jetty.util.DecoratedObjectFactory: Adding Decorator: org.eclipse.jetty.util.DeprecationWarning@37a64f9d
DEBUG [2021-01-27 11:08:57,600] org.eclipse.jetty.util.component.ContainerLifeCycle: i.d.j.MutableServletContextHandler@25b865b5{/,null,UNAVAILABLE} added {ServletHandler@f9b5552{STOPPED},MANAGED}
INFO [2021-01-27 11:08:57,642] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: /
INFO [2021-01-27 11:08:57,643] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: /
DEBUG [2021-01-27 11:08:58,060] com.amazonaws.AmazonWebServiceClient: Internal logging successfully configured to commons logger: true
java.lang.NullPointerException
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.initializePrivateKey(RetryingApnsClient.java:81)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.(RetryingApnsClient.java:50)
at org.whispersystems.textsecuregcm.push.APNSender.(APNSender.java:70)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:246)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406)

Id appreciate any and all help with this, as its driving me crazy !

thanks in advance

Adam - Tech

root@ubuntu:/home/winston/Signal-Server# java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml
INFO [2020-07-30 02:58:20,413] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: /
INFO [2020-07-30 02:58:20,434] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: /
INFO [2020-07-30 02:58:23,922] com.turo.pushy.apns.ApnsClientBuilder: Native SSL provider is available; will use native provider.
java.security.cert.CertificateException: No certificate found in parsing!
at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.initializeKeyStore(DirectoryReconciliationClient.java:81)
at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.initializeClient(DirectoryReconciliationClient.java:62)
at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.(DirectoryReconciliationClient.java:49)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:270)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406)
In the config.yml I got certificate in there but stil show this error . help me !!!

Getting the same. Did you solved it?

I’m afraid not!

…

On Mon, 22 Feb 2021 at 05:58, Vishva Rodrigo ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ ***@***.***:/home/winston/Signal-Server# java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml INFO [2020-07-30 02:58:20,413] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: / INFO [2020-07-30 02:58:20,434] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: / INFO [2020-07-30 02:58:23,922] com.turo.pushy.apns.ApnsClientBuilder: Native SSL provider is available; will use native provider. java.security.cert.CertificateException: No certificate found in parsing! at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.initializeKeyStore(DirectoryReconciliationClient.java:81) at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.initializeClient(DirectoryReconciliationClient.java:62) at org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient.(DirectoryReconciliationClient.java:49) at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:270) at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151) at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44) at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87) at io.dropwizard.cli.Cli.run(Cli.java:78) at io.dropwizard.Application.run(Application.java:94) at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406) In the config.yml I got certificate in there but stil show this error . help me !!! Getting the same. Did you solved it? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://gist.github.com/9a371af0614f4fe706a951c2b97651e7#gistcomment-3640410>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAO2CLC53CHQGTPHHM6VSSLTAHXA5ANCNFSM4HKTPW4A> .

Have you try writing the certificate in plain text? You can also see my sample config on my guide:

https://github.com/madeindra/signal-setup-guide

@madeindra - thank you for posting the guide.
I am running into some fundamental problems when installing signal-server (windows 10 machine, intelliJ ide). can you shed some light on it?

---

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:3.1.2:analyze-only (analyze) on project redis-dispatch: Dependency problems found -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:3.1.2:analyze-only (analyze) on project redis-dispatch: Dependency problems found

Any help will be greatly appreciated.

@madeindra How to contact you?

@HamedRahmani Are you running on localhost?(Signal-Server)