/registration-service

Forked Registration Service for Signal with added documentation

Primary LanguageJava

Signal Registration-Service Installation Guide

  • For compatibility with Signal-Server v9.81.0, this repo forked an older version of registration-service (5c0b4162a633564771851b2bddb160f929d50c79)

  • While this doesn't need to be ran in an EC2 instance, it will simplify nginx configuration

    • Note: the docker container is still broken for some reason

    • Because of this, the easiest deployment is in a docker container in EC2 with nginx set up for both Signal-Server and registration-service

Configuration

  • When registration-service is ran in the dev environment, it ignores all normal configuration options and hosts a http server on localhost:50051. To work around this without having to fully deploy the service, edit the src/main/resources/application.yml:
grpc:
  server:
    ssl:
      enabled: true
      cert-chain: classpath:fullchain.pem
      private-key: classpath:privkey.pem
  • This configures the dev environment to expect https requests and verifies them with a fullchain.pem and privkey.pem inside src/main/resources/

  • If you are using the nginx container from Signal-Docker, you can get these certs by docker exec -it <container-name> bash into /etc/letsencrypt/live/<name>/ and cating out the result

Then update Signal-Server's sample.yml(if not already dones) with:

registrationService:
  host: chat.your.domain
  port: 442

. . .

  identityTokenAudience: https://chat.your.domain
  registrationCaCertificate: |
    -----BEGIN CERTIFICATE-----
    MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
    TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
    cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
    WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
    RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
    AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
    R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
    sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
    NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
    Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
    /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
    AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
    Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
    FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
    AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
    Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
    gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
    PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
    ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
    CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
    lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
    avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
    yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
    yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
    hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
    HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
    MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
    nLRbwHOoq7hHwg==
    -----END CERTIFICATE-----

The registrationService host and port specify where your registration-service instance is running, and the Signal-Server will attempt to connect to it over https

The registrationCaCertificate is a root certificate taken from letsencrypt.org - you can also get the .pem here - select the Active, Self-signed pem link

Running with the Dev Environment

Signalapp provided a dev environment that can be used with testing

  • It uses the last six digits of the input phone number as the verification code

  • The dev environment creates local databases and stores all data in memory, which is lost when stopped or runs out of memory

./mvnw clean mn:run -Dmicronaut.environments=dev

General Notes

This repo is a bit of a mess because Signal's developers didn't provide a sample.yml to work off of

As far as I understand, you need to reproduce a config.yml based on the table they provided:

  • For example:

From: analytics.bigtable.table-id

analytics:
  bigtable:
    table-id: example

And possibly named application-dev.yml based on Signalapp's .gitignore

This server is gRPC, so you can't use curl. Instead, grpcurl can be used

  • You can install it either through your package manager or with a binary
grpcurl -plaintext -d '{"e164": "phone-number"}' -import-path src/main/proto -proto registration_service.proto 127.0.0.1:50051 org.signal.registration.rpc.RegistrationService/CreateSession