Starting with a fresh git clone of the stable branch, running a docker build as follows will fail;

' docker buildx build -t smp:SomeHash --build-arg APP="smp-server" --build-arg APP_PORT="5223" .`

with

590.1 Configuring library for simplexmq-5.4.0.7..
591.5 Error: cabal-3.10.1.0: Missing dependency on a foreign library:
591.5 * Missing (or bad) C library: crypto

I tried adding libssl-dev and libssl3 to the Dockerfile, but the same error would manifest itself. Thinking that maybe the changes introduced in commit c22c15a were to blame, I removed lines 163-164 in simplexmq.cabal. This advanced the docker build process further until I reached the following error

718.8 cbits/sha512.c:1:10: error:
718.8      fatal error: openssl/sha.h: No such file or directory
718.8         1 | #include <openssl/sha.h>
718.8           |          ^~~~~~~~~~~~~~~
718.8   |
718.8 1 | #include <openssl/sha.h>
718.8   |          ^
718.8 compilation terminated.

Now knowing that eliminating the extra "library check" allowed cabal to get further along until the reason for the check in the first place appeared, I added line 163-164 back in, but also added extra-lib-dirs: option as a new line 165 thinking maybe the libs weren't in the include directory for some reason.

extra-lib-dirs:
   /usr/include/openssl/
   /usr/include/x86_64-linux-gnu/openssl/
   /usr/lib/x86_64-linux-gnu/
  /lib/x86_64-linux-gnu/

But now we get right back to the original error. At this point, I am not sure where to proceed next.
running on upto date Debian 12 and Docker engine 24.0.7

Let me know if you need additional information.

I had to set up SMP and XFTP servers on a different port instead of the default ones because the default (especially 443 is already taken by another service).
Thus, the server (SMP or XFTP) address finishes with @domain:portnumber.
Is there any way to avoid the server address finishing as mentioned below, with @domain:portnumber?
I mean, modifying some parameters somewhere.

It seems that through the dependency memory == 0.15, this package is restricted to GHC 8.10, which is very old. To make contributions easier, it would be great to support at least GHC 9.4.

On Ubuntu server 22.04, I installed firstly the SMP service and then the XFTP one, following the instructions published on https://simplex.chat/docs

Regarding XFTP, I followed the instructions here: https://simplex.chat/docs/xftp-server.html
I ran the init command in the following format sudo su xftp -c "xftp-server init -l --fqdn mydomain -q '20gb' -p /srv/xftp/", and it seemed all ok.
I created the systemd file by pasting what is at point 5 here https://simplex.chat/docs/xftp-server.html

When I run sudo systemctl start xftp-server.service I receive an error, and running systemctl status xftp-server.service I see the following:

○ xftp-server.service - XFTP server systemd service
     Loaded: bad-setting (Reason: Unit xftp-server.service has a bad unit file setting.)
     Active: inactive (dead) since Sun 2023-06-04 16:34:28 CEST; 19min ago
   Main PID: 1027086 (code=killed, signal=TERM)
        CPU: 50ms

Jun 04 16:33:41 vps-fe63ca00 xftp-server[1027086]: [INFO 2023-06-04 16:33:41 +0200 src/Simplex/FileTransfer/Server/Env.hs:88] Total / available storage: 21474836480 / 21474836480
Jun 04 16:33:42 vps-fe63ca00 xftp-server[1027086]: [INFO 2023-06-04 16:33:41 +0200 src/Simplex/Messaging/Transport/Server.hs:87] binding to [::]:5443
Jun 04 16:33:49 vps-fe63ca00 systemd[1]: /etc/systemd/system/xftp-server.service:9: Failed to resolve unit specifiers in [ -e "/var/opt/simplex-xftp/file-server-store.log" ] && cp "/var/opt/simplex-x>
Jun 04 16:33:49 vps-fe63ca00 systemd[1]: xftp-server.service: Unit configuration has fatal error, unit will not be started.
Jun 04 16:34:28 vps-fe63ca00 systemd[1]: Stopping XFTP server systemd service...
Jun 04 16:34:28 vps-fe63ca00 xftp-server[1027086]:
Jun 04 16:34:28 vps-fe63ca00 systemd[1]: xftp-server.service: Deactivated successfully.
Jun 04 16:34:28 vps-fe63ca00 systemd[1]: Stopped XFTP server systemd service.
Jun 04 16:41:22 vps-fe63ca00 systemd[1]: /etc/systemd/system/xftp-server.service:9: Failed to resolve unit specifiers in [ -e "/var/opt/simplex-xftp/file-server-store.log" ] && cp "/var/opt/simplex-x>
Jun 04 16:41:22 vps-fe63ca00 systemd[1]: xftp-server.service: Unit configuration has fatal error, unit will not be started.

However, if I run sudo su xftp -c "xftp-server start" the server starts and I see the following:

[INFO 2023-06-04 17:09:13 +0200 src/Simplex/FileTransfer/Server/Env.hs:88] Total / available storage: 21474836480 / 21474836480
[INFO 2023-06-04 17:09:13 +0200 src/Simplex/Messaging/Transport/Server.hs:87] binding to [::]:port

I removed the port number for security reasons.

From the systemd side, if I edit the systemd file and comment the row ExecStopPost=/usr/bin/env sh -c '[ -e "/var/opt/simplex-xftp/file-server-store.log" ] && cp "/var/opt/simplex-xftp/file-server-store.log" "/var/opt/simplex-xftp/file-server-store.log.$(date +'%FT%T')"' it works fine.

I tested the xftp address on the app, and the result is Ok.
I have some doubts related to that systemd row I commented on.

I appreciate any help you can provide.

While trying to create the FreeBSD port for simplexmq, I've encountered this problem:

$ make cabal-configure
cd /usr/ports/net-im/hs-simplexmq/work/simplexmq-5.4.0 &&  /usr/bin/env XDG_DATA_HOME=/usr/ports/net-im/hs-simplexmq/work  XDG_CONFIG_HOME=/usr/ports/net-im/hs-simplexmq/work  XDG_CACHE_HOME=/usr/ports/net-im/hs-simplexmq/work/.cache  HOME=/usr/ports/net-im/hs-simplexmq/work PATH=/usr/local/libexec/ccache:/usr/ports/net-im/hs-simplexmq/work/.bin:/home/yuri/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin PKG_CONFIG_LIBDIR=/usr/ports/net-im/hs-simplexmq/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig MK_DEBUG_FILES=no MK_KERNEL_SYMBOLS=no SHELL=/bin/sh NO_LINT=YES PREFIX=/usr/local  LOCALBASE=/usr/local  CC="cc" CFLAGS="-O2 -pipe  -fstack-protector-strong -fno-strict-aliasing "  CPP="cpp" CPPFLAGS=""  LDFLAGS=" -fstack-protector-strong " LIBS=""  CXX="c++" CXXFLAGS="-O2 -pipe -fstack-protector-strong -fno-strict-aliasing  "  MANPREFIX="/usr/local" CCACHE_DIR="/tmp/.ccache" BSD_INSTALL_PROGRAM="install  -s -m 555"  BSD_INSTALL_LIB="install  -s -m 0644"  BSD_INSTALL_SCRIPT="install  -m 555"  BSD_INSTALL_DATA="install  -m 0644"  BSD_INSTALL_MAN="install  -m 444" XDG_DATA_HOME=/usr/ports/net-im/hs-simplexmq/work/cabal-home XDG_CONFIG_HOME=/usr/ports/net-im/hs-simplexmq/work/cabal-home XDG_CACHE_HOME=/usr/ports/net-im/hs-simplexmq/work/cabal-home HOME=/usr/ports/net-im/hs-simplexmq/work/cabal-home cabal build --dry-run --disable-benchmarks --disable-tests --flags="-relocatable"    exe:smp-agent exe:smp-server
Resolving dependencies...
Error: cabal: Could not resolve dependencies:
[__0] trying: aeson-2.2.1.0 (user goal)
[__1] trying: template-haskell-2.19.0.0/installed-2.19.0.0 (dependency of
aeson)
[__2] next goal: simplexmq (user goal)
[__2] rejecting: simplexmq-5.4.0.7 (conflict:
template-haskell==2.19.0.0/installed-2.19.0.0, simplexmq =>
template-haskell>=2.20 && <2.21)
[__2] skipping: simplexmq-1.1.0, simplexmq-1.0.2, simplexmq-1.0.0,
simplexmq-0.5.2, simplexmq-0.5.1, simplexmq-0.5.0, simplexmq-0.4.1,
simplexmq-0.4.0, simplexmq-0.3.2, simplexmq-0.3.1 (has the same
characteristics that caused the previous version to fail: excludes
'template-haskell' version 2.19.0.0)
[__2] fail (backjumping, conflict set: simplexmq, template-haskell)
After searching the rest of the dependency tree exhaustively, these were the
goals I've had most trouble fulfilling: simplexmq, aeson, template-haskell

*** Error code 1

Stop.

It doesn't like template-haskell for some reason.

Version: 5.4.0
hs-cabal-install-3.10.1.0_3
ghc-9.4.6
FreeBSD 14.0

Current stable (a1e5697) and master (4c0b8a3) docker build fails:

$ docker build --build-arg="APP=smp-server" --build-arg="APP_PORT=3456" .

cabal-3.6.2.0: Missing dependency on a foreign library:
* Missing (or bad) C library: crypto

Building sqlcipher-simple with openssl flag separately on Ubuntu 22.04 with installed openssl succeeds, but the resulting libHSsqlcipher-simple-0.4.18.1-inplace-ghc8.10.7.so attempts to link to both libcrypto.so.3 and libcrypto.so.1.1 where the latter doesn't exist.

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

• https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:

• tls-unique for TLS =< 1.2
• tls-server-end-point
• tls-exporter for TLS = 1.3

Thanks in advance.

Hello,

I installed smp and xftp server and to be fully independant, I would like to know how to set up an invitation without going through https://simplex.chat/invitation ?
Is it possible ?

Thank you for your work,

Regards,

Hi,

Since I create a backup of my server every night and shut down the server to do this, "smp-server-store.log.*" files are created daily.

• What do these files contain and why are they necessary?
• Can these files be deleted without causing problems?
• Do the files have an impact on performance if a large number of them have accumulated?

Many thanks for your help.

Can't build in Raspberry Pi OS (Debian version: 11 (bullseye))

After recreating simplexmq container, docker no longer outputs smp-server.log content.

in the docs here I only see this fields:

fromTime,qCreated,qSecured,qDeleted,msgSent,msgRecv,dayMsgQueues,weekMsgQueues,monthMsgQueues

but there a lot more data in the stats file, like this:
2024-01-25,15,12,5,165,158,36,,,98,94,29,,,792,-28

and in the version 5.5.0 are even more:
2024-01-26,14,8,1,91,97,20,,,64,70,20,,,805,0,0

is there somewhere a full list with all stats data explained?

I had to set SMP/XFTP different ports from those by default because other services already took them.
I also set TOR and have an address for SMP and XFTP.
So I have the SMP/XFTP addresses like smp/xftp://<fingerprint>@<public_hostname:port>.
When I go into the settings of the SimpleX Chat app to create a new SM/XFTP server, I add the address smp/xftp://<fingerprint>@<public_hostname:port>[,<onion_hostname>] but unfortunately the field "Test server" is not active.
I had to delete the TOR address to become active in the feature "Test server", and only in this way, it works.
I suggest reviewing this configuration because it limits who cannot use the default ports.

Hi there, i've been having problems with the server not initializing the config file properly while using it in a docker compose.
My OS: Debian GNU/Linux 12 (bookworm) x86_64 6.1.0-9-cloud-amd64
Docker Version: 24.0.2 with docker compose version v2.18.1
I've been getting the output SimpleX XFTP server v1.0.0 Fingerprint: [RETRACTED] xftp-server: no key port in section TRANSPORT CallStack (from HasCallStack): error, called at src/Simplex/Messaging/Server/CLI.hs:161:14 in simplexmq-5.1.1-inplace:Simplex.Messaging.Server.CLI
My full docker-compose is

version: '3.3'
services:
    smp-server:
        restart: unless-stopped
        environment:
            - ADDR=[RETRACTED]
            - PASS=[RETRACTED]
        ports:
            - '5223:5223'
        volumes:
            - '$HOME/simplex/smp/config:/etc/opt/simplex'
            - '$HOME/simplex/smp/logs:/var/opt/simplex'
        image: 'simplexchat/smp-server:latest'

    xftp-server:
        restart: unless-stopped
        environment:
            - ADDR=[RETRACTED]
            - QUOTA=10GB
        ports:
            - '443:443'
        volumes:
            - '$HOME/simplex/xftp/config:/etc/opt/simplex-xftp'
            - '$HOME/simplex/xftp/logs:/var/opt/simplex-xftp'
            - '$HOME/simplex/xftp/files:/srv/xftp'
        image: 'simplexchat/xftp-server:latest'

Any thoughts?

Would be nice to have the smp server packaged in a flake here or downstream in Nixpkgs.

A elliptic curve Diffie-Hellman ephemeral key exchange encouraged in the protocol specification could be a good idea for more resilient security, because it's stronger than just RSA, while well supported by most programming languages, like Rust, C++, or Go, for example, already.

Jami is also planning to replace RSA by elliptic curves now.

Thanks for this great project! I encountered this trying to deploy the server.

While the option 2 works, trying to do option 1:

DOCKER_BUILDKIT=1 docker build -t smp-server -f smp-server-build.Dockerfile .

eventually fails in step 12/19:

Step 12/19 : RUN cabal install
 ---> Running in d2870e8c3044
cabal: Could not resolve dependencies:
[__0] next goal: aeson (user goal)
[__0] rejecting: aeson-2.1.1.0, aeson-2.1.0.0 (constraint from user target
requires ==2.0.3.0)
[__0] trying: aeson-2.0.3.0
[__1] trying: base-4.16.4.0/installed-4.16.4.0 (dependency of aeson)
[__2] trying: simplexmq-3.3.1 (user goal)
[__3] next goal: memory (dependency of simplexmq)
[__3] rejecting: memory-0.18.0 (conflict: simplexmq => memory>=0.15 && <0.16)
[__3] skipping: memory-0.17.0, memory-0.16.0 (has the same characteristics
that caused the previous version to fail: excluded by constraint '>=0.15 &&
<0.16' from 'simplexmq')
[__3] rejecting: memory-0.15.0 (conflict: base==4.16.4.0/installed-4.16.4.0,
memory => base>=4.9 && <4.15)
[__3] skipping: memory-0.14.18, memory-0.14.17, memory-0.14.16,
memory-0.14.15, memory-0.14.14, memory-0.14.13, memory-0.14.12,
memory-0.14.11, memory-0.14.10, memory-0.14.9, memory-0.14.8, memory-0.14.7,
memory-0.14.6, memory-0.14.5, memory-0.14.4, memory-0.14.3, memory-0.14.2,
memory-0.14.1, memory-0.14, memory-0.13, memory-0.12, memory-0.11,
memory-0.10, memory-0.9, memory-0.8, memory-0.7, memory-0.6, memory-0.5,
memory-0.4, memory-0.3, memory-0.2, memory-0.1 (has the same characteristics
that caused the previous version to fail: excludes 'base' version 4.16.4.0)
[__3] fail (backjumping, conflict set: base, memory, simplexmq)
After searching the rest of the dependency tree exhaustively, these were the
goals I've had most trouble fulfilling: base, memory, simplexmq, aeson
Try running with --minimize-conflict-set to improve the error message.

The command '/bin/sh -c cabal install' returned a non-zero code: 1
Time: 0h:04m:23s                                                                           

Consider following situation
User reinitializes smp-server (delete -> init) manually, pubkey_hash stays the same both in file and in welcome message, because it is created during Linode/Droplet deployment, not during server initialization.

I am getting the following error message:

simplexmq   > [61 of 62] Compiling Simplex.Messaging.Agent
simplexmq   >
simplexmq   > /tmp/stack-ec22fe5140a42eee/simplexmq-3.4.0/src/Simplex/Messaging/Agent.hs:1377:23: error:
simplexmq   >     • Variable not in scope:
simplexmq   >         flushTBQueue :: TBQueue (ConnId, NtfSupervisorCommand) -> STM a0
simplexmq   >     • Perhaps you want to add ‘flushTBQueue’ to the import list
simplexmq   >       in the import of ‘Control.Concurrent.STM’
simplexmq   >       (src/Simplex/Messaging/Agent.hs:84:1-41).
simplexmq   >      |
simplexmq   > 1377 |   void . atomically . flushTBQueue $ ntfSubQ ns
simplexmq   >      |

Probably due to changes in commit d9a0e78

The Docker image that's available on Docker Hub is currently on version 4.3.1, i.e. 3 versions behind. Do you guys have plans to keep it up to date, or is the intention that SMP server operators should build the Docker image themselves?

If it's of any help, I can make a PR with a GitHub Actions workflow to automatically build and push a Docker image on every release. Let me know what you think.

Hi! I'm busy exploring the idea of packaging SimpleXMQ for the start9 marketplace (will run in the beta marketplace for a while at first).

One of the things that is required is an ARM docker image. I've been able to update the build.Dockerfile, however the updates are pretty substantial.

I'd like to get this merged in or supported however, since without it keeping the start9 package in sync with upstream changes of smp-server is going to be challenging.

What's the best way to get feedback from you guys on this - shall I open a PR with my modified build.Dockerfile and a description of the changes?

My smp-server does not start at boot.

systemctl status smp-server.service gives this output:

Nov 06 22:59:09 simplex smp-server[1367]: Fingerprint: ***********************************
Nov 06 22:59:09 simplex smp-server[1367]: Server address: smp://******************************************
Nov 06 22:59:09 simplex smp-server[1367]: Store log: /var/opt/simplex/smp-server-store.log
Nov 06 22:59:09 simplex smp-server[1367]: Listening on port 5223 (TLS)...
Nov 06 22:59:09 simplex smp-server[1367]: expiring messages after 21 days
Nov 06 22:59:09 simplex smp-server[1367]: not expiring inactive clients
Nov 06 22:59:09 simplex smp-server[1367]: creating new queues requires password
Nov 06 22:59:09 simplex smp-server[1367]: smp-server: /var/opt/simplex/smp-server-store.log: openFile: permission denied (Permission denied)
Nov 06 22:59:09 simplex systemd[1]: smp-server.service: Main process exited, code=exited, status=1/FAILURE
Nov 06 22:59:09 simplex systemd[1]: smp-server.service: Failed with result 'exit-code'.

I useed the installation script on Debian 12.
It seems like user permission problem for the smp user

Here is the systemd script:

[Unit]
Description=SMP server

[Service]
User=smp
Group=smp
Type=simple
ExecStart=/usr/local/bin/smp-server start
ExecStopPost=/usr/local/bin/simplex-servers-stopscript smp-server
LimitNOFILE=65535
KillSignal=SIGINT
TimeoutStopSec=infinity

[Install]
WantedBy=multi-user.target

How can I get around this?
I recently ran the update script, didnt help.

If I run smp-server start as root then the server starts fine.
Also if I comment out the user and group lines in the servic file, the server runs fine.
But I do not want to run it as root, so how do I fix the permissions?

Currently, none of the official relay servers (smp4.simplex.im - smp10.simplex.im) have a AAAA DNS record, making them only reachable via IPv4. Adding IPv6 connectivity helps keeping long-term connections (e.g. from Android clients) alive. This allows to reduce the frequency of keepalive messages and in turn helps conserving battery space.

To deploy IPv6, the server code needs to be able to handle IP addresses in IPv6 format. Then IPv6 has to be added to the servers and announced with AAAA DNS records.
The clients may also need software changes to actually use IPv6.

Add a setting to the config file: delete old files when using the entire quota for uploading media?
If the administrator sets "on", the old media will be deleted when the threshold value is reached.
If the administrator sets "off", then the server, if the threshold value is reached, will return the error "it is impossible to send a file" and each file will be stored for its maximum period (specified in the config)

I am using Simplex 4.3 beta to check if I have connection to my self hosted local docker server but I cannot pass the check. I used the following docker commands:

docker run -d \
      --name smp-server \
      -e addr=192.168.2.57 \
      -p 5223:5223 \
      -v ${PWD}/scripts/docker/config:/etc/opt/simplex \
      -v ${PWD}/scripts/docker/logs:/var/opt/simplex \
      smp-server

Then smp-server init and smp-server start. Then trying to connect with smp://[email protected]. I think a docker-compose would be helpful for newcomers like myself. Thanks

As mentioned in #731 (comment) [*] there are multiple areas that could use cleaning up and documentation in order to make it easier for packaging and deploying the simplexmq servers.

[*]

hardcoded file-system paths, the user is expected to initalize it by running it as root, and the configuration isn't documented.

Testing out simplex server via docker on debian 12:

docker run -d \
    -e "ADDR=simplex.zaggy.nl:443" \
    -e "QUOTA=10G" \
    -p 443:443 \
    -v $HOME/simplex/xftp/config:/etc/opt/simplex-xftp:z \
    -v $HOME/simplex/xftp/logs:/var/opt/simplex-xftp:z \
    -v $HOME/simplex/xftp/files:/srv/xftp:z \
    simplexchat/xftp-server:latest

xftp-server doesn’t start?

 sudo docker logs -f 0a39a2593aad
SimpleX XFTP server v1.0.1
Fingerprint: sO2YvijAQzsf6apAg1vdlqjHLES1PVp5Nu-OYL6dQ_8=
xftp-server: no key port in section TRANSPORT
CallStack (from HasCallStack):
  error, called at src/Simplex/Messaging/Server/CLI.hs:161:14 in simplexmq-5.3.0.1-inplace:Simplex.Messaging.Server.CLI

I just recently rebuilt the docker container running my smp-server, and encountered a failure mode when building the -download docker image. If github throttles you or there's some other network error when you attempt to download, the result is that your smp-server binary might just be a bad server response in a text file 😄

# cat /usr/bin/smp-server
<?xml version="1.0" encoding="utf-8"?><Error><Code>ServerBusy</Code><Message>Egress is over the account limit.
RequestId:f4b4d993-b01e-006c-0778-d3c9f2000000
Time:2022-09-28T20:26:34.2999215Z</Message></Error>

The result is the rather obtuse log message when the entrypoint tries to execute the bad text file:

/usr/bin/smp-server: 1: Syntax error: redirection unexpected

One solution to this might be publishing a shasum of the smp-server binary as an asset on your github releases, and then comparing that hash with the downloaded binary in the -download.Dockerfile build to ensure that your downloaded binary matches what you expect.

Hi!

Set up a smp-server 4.0 following this: https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SERVER.md

In the init I used the IP to my VPS.
The server are starting just fine but there are this error message repeating:
exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,UnknownCa)]" " expected: handshake 13")

Tested to delete everything and re-init without any change.

When I connect a simplex-chat CLI om my computer I get this:

exception: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))

I used to run smp-server 3.4.0 just fine

Something with 4.0 (or maybe my setup only)?

https://superuser.com/a/1638789
https://libre-software.net/ubuntu-automatic-updates/

Hello,

How to use, configure the ntf server and incorporate it with the smp server, the xftp server and simplex-chat ? I don't find doc about it.

Thank you for your help.

While viewing the code and examples for simplex-chat and simplexmq. I understand that there are a few command with one being Ping. I tried a telnet session to the server with a successful connection but trying different cases of Ping, the server continued to close the session. Is there any documentation on how to connect to the server to create connections and send messages?

I have succesfully configured my own SMP and XFTP server in Ubuntu. In the android app, I am able to add the SMP server. However, when I try to add the XFTP server I have the following problem.

I am able to add it, and test it. But at the moment of saving them I get the message (translate from spanish)

Error saving SMP servers: Make sure the addresses of the XFTP server have the correct format, and separated by commas and are not duplicated.

I believe this is a bug in the program at the moment of saving them.
Thanks for your excellent work!

Summary

smp-server binary from the release page with BuildID cd99e16fec87f49fbfc352350b688e9f90f36e56 DOES work.
smp-server binary from the DigitalOcean droplet with BuildID 9dcbeeef5875acc615c486a4c55be8b125592628 DOES NOT work.

What i did

I used the simplex digital Ocean droplet and run it.
Then i downloaded the simplex-chat (client application) and tried to connect it to my new server (running on digital ocean).
unfortunately this did not work. I got the following error message:

me@mybox:~$ simplex-chat -s smp://[email protected]
option -s: @: Failed reading: satisfyWith

How i found out

When i tried the same thing with one of the offical server, it works.

I downloaded the server binary from the release page and started it locally on my computer.
I connected to my local instance, did work, as seen below.

me@mybox:~/$ simplex-chat -s smp://[email protected]
SimpleX Chat v1.0.0
db: /home/me/.simplex/simplex_v1_chat.db, /home/me/.simplex/simplex_v1_agent.db
type "/help" or "/h" for usage info
[...]

Next thing i did was to check if the local server binary is the same as the one in the digital ocean droplet.
Turns out it is not.

root@simplex:~# file /opt/simplex/bin/smp-server
/opt/simplex/bin/smp-server: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=9dcbeeef5875acc615c486a4c55be8b125592628, stripped

The local server binary (downloaded from the release page) is different from the above.

me@mybox:~/Downloads$ file smp-server-ubuntu-20_04-x86-64 
smp-server-ubuntu-20_04-x86-64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=cd99e16fec87f49fbfc352350b688e9f90f36e56, stripped

After finding out that the binaries from the release page and the droplet are different i just uploaded the release binary into my droplet and overwrote /opt/simplex/bin/smp-server.

After replacing the smp-server binary from the droplet with the one from the release page it also works for me with my digital ocean droplet. I think the digital ocean droplet needs some love and a binary to be updated.

P.S. Thank you for that software project, i like it.

I'm curious to understand just how it is that groups work, and what that means for their security and privacy properties. For individual connections, this is all pretty well documented and clear. For groups, it doesn't seem quite as clear to me exactly what compromises or concerns their may be. It also isn't quite clear where groups are built on top of primitives, or if there are specific parts of the primitives that are indented for group behaviors. It seems like the Open Connections RFC describes the current approach, and an "introduction" based approach was considered but eventually rejected?

Add support for post quantum cryptography.
ref
https://csrc.nist.gov/projects/post-quantum-cryptography
https://pq-crystals.org/
https://github.com/pq-crystals/kyber

• CRYSTALS-KYBER
• CRYSTALS-DILITHIUM

Hello all,

I have just recently (read as of today) deployed Simplexmq server using docker on Ubuntu 20.04.

While playing around with the terminal app on Mac and the iOS app chatting back and forth with myself to test different features and gauge how responsive my hardware was, I wanted to test whether or not improperly configured credentials would cause an error to be reported in either app.

When connecting to my own docker deployed smp server correctly, everything works fine as expected. However, when I malformed the fingerprint part of the smp address (for example, smp://[email protected] where the letter E was substituted with another value) the connection still succeeded with no error message in either terminal or iOS app.

The only time I noticed there was a problem was when I would use the "/fr" command to pull in an image. At that point, the terminal app would complain about exception: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)).

Am I missing a configuration option or a different way of building the docker image, or is this the correct operation? I was under the impression that the fingerprint part of the smp:// address was to insure that no MITM could have somehow interjected themselves. But if I supply a completely wrong fingerprint, both clients connect and exchange messages just fine with each other, at least until file transfer.

• edit from https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md#appendix-a

During TLS handshake the client must validate that the fingerprint of the online server certificate is equal to the serverIdentity the client received as part of SMP server address; if the server identity does not match the client must abort the connection.

• edit 2
• after looking into issue #328, If the fingerprint is malformed, then the /c command does indeed fail with the same message as described above. So it seems that even though I am able to connect with the wrong fingerprint, I am unable to use the self-hosted server correctly. I still seem to believe, correct me if I am wrong, that the terminal app and iOS app should still report an error and refuse to save the SMP server address or give an error if the smp://fingerprint@fqdn has an improperly transcribed fingerprint.

With the introduction of ipv6 support, the server components (smp and xftp) do not listen to ipv4 any more. The server components bind to their respective ports on ipv6, but not on ipv4. If ipv6 is disabled on the server, the smp and xftp components fail to start. In my tests the last fully working smp-server version is v4.4.1. I suspect, it's some kind of regression with ipv6 support.

The ability to add a subject to a message and have this field be encrypted.

This can allow for the protocol to also be used as an email like protocol, not just a messaging protocol.

I can't get it running on Oracle Cloud Free Tier on Debian 11. Also a few questions about how to deploy.

1. I setup with docker-compose. I changed XFTP server to port 5224. I left localhost in here but used my domain name when trying to use them in SimpleX android app.

version: '3.3'
services:
    smp-server:
        environment:
            - ADDR=localhost
#            - PASS=password
        ports:
            - '5223:5223'
        volumes:
            - '$HOME/simplex/smp/config:/etc/opt/simplex:z'
            - '$HOME/simplex/smp/logs:/var/opt/simplex:z'
        image: 'simplexchat/smp-server:latest'

    xftp-server:
        environment:
            - ADDR=localhost
            - QUOTA=1048576
        ports:
            - '5224:443'
        volumes:
            - '$HOME/simplex/xftp/config:/etc/opt/simplex-xftp:z'
            - '$HOME/simplex/xftp/logs:/var/opt/simplex-xftp:z'

3. For XFTP is quota in MBs or KBs?
4. Do you need to run this behind a reverse proxy? or open ports?
5. I tried running them behind Caddy but didn't work in SimpleX. I tried SMP server with just an open port and SimpleX app gave me a red X.

I am trying to deploy this on my unraid server.

I have used all your variables/port/env within the docker section

Unraid doesn't appear to allow :z so i have these as RW

i am getting constant container reboots.

I can see the logs get generated and it advises

Error: server is not initialized (/etc/opt/simplex/smp-server.ini does not exist).
Run `smp-server init`.

I can't run the init command manually in the docker as its constantly rebooting.

Any suggestions? should I be setting a PUID or PGID or UMASK?

• Protocol name. SMP or SMQ?
• rename repo simplex-messaging -> SimplexMQ
• publish hackage lib
• move dog-food to protocol repo
• rename repo protocol -> chat
• move protocol docs to SimplexMQ

Im actually not entirely sure if this is an issue or my fault.
Sry in advance, if i just didnt understand something crucial.

So i've setup a SMP Server on Ubuntu 2204 LTS using the latest binary,
like its described in the Documentation, and in General this all seems to be fine:

Jul 25 18:41:58 systemd[1]: Started Simplex SMP Server.
Jul 25 18:41:58 smp-server[2068]: SMP server v3.1.2
Jul 25 18:41:58 smp-server[2068]: Fingerprint: (removed, not for the public....)
Jul 25 18:41:58 smp-server[2068]: Store log disabled.
Jul 25 18:41:58 smp-server[2068]: Listening on port 5223 (TLS)...
Jul 25 18:41:58 smp-server[2068]: not expiring inactive clients
Jul 25 18:41:58 smp-server[2068]: server stats log enabled: /var/opt/simplex/smp-server-stats.daily.log

I entered the SMP server in my terminal Client, as well as in my Android App using smp://@:5223, ofc replaced with my individual fingerprint and ip.
Both clients accepted it.

Now i wanted to test if the messages are delivered over my server,
so i turned off the Terminal Cient, and sent a Message from my Android Device.
Then i turned off Simplex Chat on Android in the Settings, and enabled my Terminal Client,
and reveived the message, so it must have passed some server, as no direct connection should have been possible. Alright.

Then i tried same again, but turned off my SMP Server before, and miraculously the messages still arrived, without P2P connection, and SMP Server turned off? So i thought there must be some fallback, even if you have customized a own SMP, is that right?
How can i ensure, that my own SMP Server ist used? (at least if both chat partners customized the same one) Or did i just get wrong, how this whole System works?

I also tried it, with having my phone in the mobile network, and Terminal Application in my home wifi, getting the same result.

Thanks in advance for any ideas :)

Edit:
I know this is supposed to be decentralized, but at least i thought it would dispatch my messages over my server if i customize one...

• e2e encryption
• command authentication
• include authtag inside encrypted part and pad messages for e2e #61
• transport encryption #65
• tcp connection management - heartbeat, detect disconnection #59
• terminal editing
• save messages #45
• delivery notifications
• executables in releases #76 #84
• auto-subscribe to connected contacts #70
• SMP protocol - align with the implementation
• agent protocol - finalize
• basic terminal mode #71, enforced basic mode, no utf8 support warning #77
• separate DB connection per agent client #60
• agent error handling and errors sent to the client #101 #102
• initialize database via an absolute path, e.g. in home folder #74
• deploy new server version
• key serialisation format (server key files, invitation, database) #98
• binary key in transport handshake #105
• fix non deterministic tests #99
• mitigate timing attack on SMP command signature verification
• SMP server deployment - md file
• installation instructions / script

Currently, Docker workflow supports building and pushing only amd64 images to Docker Hub, since compiling arm64 binaries with qemu/docker results in OOM, even on powerful machines with 32Gb RAM. Let's figure out the best way to support arm64.

Currently, proposed solutions:

• Integrate with CircleCI workflow
  • Requires separate workflow, not compatible with GitHub actions.
  • Requires 3 CI jobs: two for creating amd64 and arm64 respectfully and one for combining this images into manifest.
    Source: Multi-Arch Build With Docker Buildx and CircleCi
  • Simplex Chat need to apply for free tier plan for Open Source projects.
• Selfhost Github runner on aarch64 hardware.
  • Need to figure out where to host arm server.
  • Set up Github runner (pretty straightforward).
  • Adjust docker-image.yml

Hello,

With the command "xftp-ubuntu-20_04-x86-64 send", we can send specify the xftp server with -s option but with the command "xftp-ubuntu-20_04-x86-64 recv", we cannot:

ludeti@FiercePC:~/Apps$ ./xftp-ubuntu-20_04-x86-64 recv --help
Usage: xftp-ubuntu-20_04-x86-64 recv FILE [DIR] [-r|--retry RETRY] [--tmp TMP]
[-v|--verbose] [-y|--yes]
Receive file

Available options:
FILE File description file
DIR Directory to save file (default: system Downloads
directory)
-r,--retry RETRY Number of network retries (default: 3)
--tmp TMP Directory for temporary encrypted file (default:
system temp directory)
-v,--verbose Verbose output
-y,--yes Yes to questions
-h,--help Show this help text
ludeti@FiercePC:~/Apps$ ./xftp-ubuntu-20_04-x86-64 send --help
Usage: xftp-ubuntu-20_04-x86-64 send FILE [DIR] [-n COUNT] [-s|--servers SERVER]
[-r|--retry RETRY] [--tmp TMP]
[-v|--verbose]
Send file

Available options:
FILE File to send
DIR Directory to save file descriptions (default: current
directory)
-n COUNT Number of recipients (default: 1)
-s,--servers SERVER Semicolon-separated list of XFTP server(s) to use
(each server can have more than one hostname)
-r,--retry RETRY Number of network retries (default: 3)
--tmp TMP Directory for temporary encrypted file (default:
system temp directory)
-v,--verbose Verbose output
-h,--help Show this help text

Regards,

Add the ability to configure the storage period of media files on the server. If this period is reached, the old files are deleted.

smp agent error: BROKER {brokerErr = NETWORK}

exception: HandshakeFailed (Error_Protocol ("certificate rejected: [NameMismatch "IPADDRESSREDACTED"]",True,CertificateUnknown))

After installing 5.4.0 , I get on Ubuntu 22.04.3 LTS the error :
/opt/simplex/smp-server: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

on https://stackoverflow.com/questions/72133316/libssl-so-1-1-cannot-open-shared-object-file-no-such-file-or-directory there is a solution but not recommended.

Is there a way to avoid this problem?