├── Dockerfile ├── README.md ├── config ├── example.keystore ├── pushconfig.yml.sample └── tsconfig.yml.sample ├── gencerts ├── run-server └── supervisord.conf /Dockerfile: -------------------------------------------------------------------------------- 1 | # Open Whisper Systems TextSecure Server 2 | 3 | # Build the image with 4 | # docker build --rm -t whisper . 5 | 6 | # Run the container in a directory containing the jar/ and config/ dirs 7 | # and the scripts referenced here 8 | # 9 | # docker run -p 8080:8080 -p 8081:8081 -P -v $(pwd):/home/whisper -it whisper 10 | 11 | FROM ubuntu:14.10 12 | 13 | MAINTAINER Jani Monoses 14 | 15 | RUN DEBIAN_FRONTEND='noninteractive' apt-get update && apt-get install -y redis-server postgresql openjdk-7-jre-headless supervisor 16 | 17 | RUN adduser --disabled-password --quiet --gecos Whisper whisper 18 | ENV HOME /home/whisper 19 | WORKDIR /home/whisper 20 | 21 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf 22 | 23 | RUN /etc/init.d/postgresql start && \ 24 | sudo -u postgres psql --command "CREATE USER whisper WITH SUPERUSER PASSWORD 'whisper';" && \ 25 | sudo -u postgres createdb -O whisper accountdb && \ 26 | sudo -u postgres createdb -O whisper messagedb 27 | 28 | EXPOSE 8080 8081 29 | 30 | CMD ./run-server 31 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Docker container to run TextSecure server 2 | ----------------------------------------- 3 | 4 | This relies on the user providing the textsecure and push server jars in 5 | jar/ and the config files under config/. 6 | 7 | See the Dockerfile comments for how to build the image. The container can 8 | be run from the root of this repository. 9 | 10 | Using https 11 | ----------- 12 | 13 | You can generate a root CA, host key and certificates and keystores for the server 14 | using the gencert scripts, for example if your server is running on 192.168.1.100 15 | 16 | ALTNAME=IP:192.168.1.100 ./gencerts 17 | 18 | Copy the resulting example.keystore to config/ as referenced by tsconfig.yml and 19 | the rootCA.crt file to the client (pointed at by the rootCA config item in the Go client). 20 | -------------------------------------------------------------------------------- /config/example.keystore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/janimo/textsecure-docker/3126c87c2b64e80d95aa9dc7f2a7fb786af4d929/config/example.keystore -------------------------------------------------------------------------------- /config/pushconfig.yml.sample: -------------------------------------------------------------------------------- 1 | gcm: 2 | senderId: 111111111111 3 | apiKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 4 | redphoneApiKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5 | 6 | apn: 7 | pushCertificate: Cdsjalfksjdlfkjsdlfksdlfkjsdfkjas 8 | pushKey: Ksflskdjfalsdkfjslkfslkfslkgslgkj 9 | voipCertificate: Cdsjalfksjdlfkjsdlfksdlfkjsdfkjas 10 | voipKey: Ksflskdjfalsdkfjslkfslkfslkgslgkj 11 | 12 | redis: 13 | url: http://127.0.0.1:6379 14 | 15 | authentication: 16 | servers: 17 | - name: "user" 18 | password: "password" 19 | 20 | server: 21 | applicationConnectors: 22 | - type: http 23 | port: 9090 24 | adminConnectors: 25 | - type: http 26 | port: 9091 27 | 28 | -------------------------------------------------------------------------------- /config/tsconfig.yml.sample: -------------------------------------------------------------------------------- 1 | twilio: 2 | accountId: a 3 | accountToken: a 4 | numbers: [1] 5 | localDomain: a 6 | 7 | push: 8 | host: "localhost" 9 | port: 9090 10 | username: "user" 11 | password: "password" 12 | 13 | server: 14 | applicationConnectors: 15 | - type: https 16 | port: 8080 17 | keyStorePath: config/example.keystore 18 | keyStorePassword: example 19 | validateCerts: false 20 | adminConnectors: 21 | - type: https 22 | port: 8081 23 | keyStorePath: config/example.keystore 24 | keyStorePassword: example 25 | validateCerts: false 26 | 27 | websocket: 28 | enabled: true 29 | 30 | s3: 31 | accessKey: a 32 | accessSecret: a 33 | 34 | # Name of the S3 bucket (needs to have been created) 35 | # for attachments to go. Should be configured with 36 | # correct permissions. 37 | attachmentsBucket: a 38 | 39 | cache: 40 | url: http://127.0.0.1:6379 41 | 42 | directory: 43 | url: http://127.0.0.1:6379 44 | 45 | messageStore: 46 | driverClass: org.postgresql.Driver 47 | user: whisper 48 | password: whisper 49 | url: jdbc:postgresql://localhost:5432/messagedb 50 | 51 | database: 52 | driverClass: org.postgresql.Driver 53 | user: whisper 54 | password: whisper 55 | url: jdbc:postgresql://localhost:5432/accountdb 56 | properties: 57 | charSet: UTF-8 58 | -------------------------------------------------------------------------------- /gencerts: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | #This script creates root CA and server certificates to be used by the client and the server. 4 | # rootCA.crt needs to be copied to the client to replace the system-wide root CA set 5 | # example.keystore needs to be referenced by keyStorePath in the server's config file 6 | 7 | # Create private key for root CA certificate 8 | openssl genrsa -out rootCA.key 4096 9 | 10 | # Create a self-signed root CA certificate 11 | openssl req -x509 -new -nodes -days 3650 -out rootCA.crt -key rootCA.key 12 | 13 | # Create server certificate key 14 | openssl genrsa -out whisper.key 4096 15 | 16 | # Create Certificate Signing Request 17 | openssl req -new -key whisper.key -out whisper.csr 18 | 19 | # Sign the certificate with the root CA 20 | openssl x509 -req -in whisper.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 3650 -out whisper.crt -extensions extensions -extfile <(cat <<-EOF 21 | [ extensions ] 22 | basicConstraints=CA:FALSE 23 | subjectKeyIdentifier=hash 24 | authorityKeyIdentifier=keyid,issuer 25 | subjectAltName=$ALTNAME 26 | EOF 27 | ) 28 | 29 | # Export to host key and certificate to PKCS12 format which is recognized by Java keytool 30 | openssl pkcs12 -export -password pass:example -in whisper.crt -inkey whisper.key -out keystore.p12 -name example -CAfile rootCA.crt 31 | 32 | # Import the host key and certificate to Java keystore format, so it can be used by dropwizard 33 | keytool -importkeystore -srcstoretype PKCS12 -srckeystore keystore.p12 -srcstorepass example -destkeystore example.keystore -deststorepass example 34 | -------------------------------------------------------------------------------- /run-server: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Start and supervise postgres, redis and memcache 4 | supervisord 5 | 6 | #Start push server in the background 7 | sudo -u whisper java -jar jar/Push-Server-*-capsule-fat.jar server config/pushconfig.yml & 8 | 9 | #Wait until push server is running 10 | sleep 5 11 | 12 | #Migrate database (needed on first run at least) 13 | sudo -u whisper java -jar jar/TextSecureServer-*.jar accountdb migrate config/tsconfig.yml 14 | sudo -u whisper java -jar jar/TextSecureServer-*.jar messagedb migrate config/tsconfig.yml 15 | 16 | #Start TextSecure server 17 | sudo -u whisper java -jar jar/TextSecureServer-*.jar server config/tsconfig.yml 18 | -------------------------------------------------------------------------------- /supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | logfile=supervisord.log ; (main log file;default $CWD/supervisord.log) 3 | pidfile=supervisord.pid ; (supervisord pidfile;default supervisord.pid) 4 | 5 | [program:redis] 6 | command=/usr/bin/redis-server 7 | user=whisper 8 | 9 | [program:memcache] 10 | command=/usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1 11 | user=whisper 12 | 13 | [program:postgresql] 14 | command=/usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf 15 | user=postgres 16 | --------------------------------------------------------------------------------