Some weeks ago at FOSDEM Matthew Wild announced Snikket. You can find the introduction here in his post. Many admins are still struggling when they want to run their own XMPP server. One of the strength of XMPP is the extensibility. But this can be also a weakness. It can add a lot of complexity, and a variaty of options you need to choose from for your server install. Many extensions and modules you can choose from during the setup, often dependent on each other. Another burden is often getting your TLS certificate setup fully automated. ALl those pain points are addressed in Skicket. Snikket is: dockerized certificates are automated by default using Lets Encrypt all modules to run a modern XMPP server are enabled and perfectly configured out of the box One specific module to mention is shared roster module. This is what many people expect from a modern instant messaging system by default. When you run your own family or company team chat server you want all your users being able to communicate with each other out of the box. Without asking them to build the contact list on their own, and request authorization before starting a conversation. Now I will show how easy it is to install Snikket on a Synology NAS. This tutorial assumes that your Synology NAS has the Docker package already installed. Step 1: DNS XMPP is a decentralized system. Similar to Email, where many individual servers communicate to each other. There is no single point of failure. No single company which controls the network and own the users. This means you need a domain for your Snikket server. And its important that you have access to control the DNS setup. In this sample I am choosing the domain gnauck.name. If you websites and other services on your domain its always suggested to use a subdomain for the XMPP services. This is why I decided to use chat.gnauck.name as the Snikket domain. We need to add the following 3 DNS records. I am pointing chat.gnauck.name to the external IP address of my network. The other 2 sub domains for groups (group chat service) and share (file share) need to point to the same address or domain. This is why I just use a CNAME records for all of them. # Domain TTL Class Type Target chat.gnauck.name. 600 IN CNAME my-nas.dyndns.org. groups.chat.gnauck.name 600 IN CNAME my-nas.dyndns.org share.chat.gnauck.name 600 IN CNAME my-nas.dyndns.org Step 2: Firewall routes On the firewall the relevant ports get forwarded from the public internet to Snikket which will be running on the Synology NAS. The following 4 ports needs to get forwarded. I redirect ports on the firewall. YOu could to those port redirects also in the docker port setup later. TCP 80 => TCP 5280 on NAS TCP 443 => TCP 5281 on NAS TCP 5222 => TCP 5222 on NAS TCP 5269 => TCP 5269 on NAS Step 3: Configure Snikket docker image Now we switch to our Synology NAS and go to the Docker UI. First we go to the registry tab and search for Snikket docker images. We download the image from the alpha channel. Once the image is downloaded we press the Launch button. We are getting asked to provide a container name. Lets choose snikket as the name and continue with the advanced settings. We Enable auto-restart there, to make sure Snikket it running 24/7. Under volume we mount a local directory from our NAS into the docker image. This is where Snikket will store all persistent data (user data, files, message history etc) I create a new directory /docker/snikket_data and mount it as /snikket to our container. Under port settings we just expose all the required ports we need. In this section you could also redirect the 5280/5281 ports to 80/443. I kept them as is, because we already did the port mapping above on the firewall as described in step 2. Under environment add the 2 environment variables for the Snikket domain and admin email address. SNIKKET_ADMIN_EMAIL = yourmail@yourdomain.com SNIKKET_DOMAIN = chat.gnauck.name Now we can save our configuration and start the container. On the first startup Snikket is writing all the configuration files to the volume mount we created above. It also will request the TLS certificates for our subdomains. Lets give Snikket some time for the initial startup. You can look at the logs, or just wait 2-3 minutes. Now we can just got to the container terminal on the Synology and open a new Bash console. In the console we just type the command which gives us an onboarding link to create the admin user. create-invite --admin Copy the link, paste it to a browser on your Desktop or Android device. You should get to a webpage which is hosted on your newly created Snikket server. Just follow the instructions to download the Snikket Android app and create your new admin user. At any time you can create invites for additional users with the create-invite command. Of course you create your regular users without the --admin option. That was easy! Now we have our own self hosted secure and federated WhatApp like instant messaging service. Or our company team chat service.