oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-07 22:49:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request 'Splitted the simplex guide to client and server' (#7) from doctor_dev/opsec-blogposts:main into main

Browse source 
Reviewed-on: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts/pulls/7
This commit is contained in:
nihilist 2025-05-24 10:28:49 +02:00
commit db4817e480
40 changed files with 691 additions and 659 deletions
Download patch file Download diff file Expand all files Collapse all files

0
anonsimplex/50.png → anon-simplex-server/0.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 70 KiB

After

Width:  |  Height:  |  Size: 70 KiB

Before After
Before After

0
anonsimplex/36.png → anon-simplex-server/1.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 50 KiB

After

Width:  |  Height:  |  Size: 50 KiB

Before After
Before After

0
anonsimplex/27.png → anon-simplex-server/10.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 20 KiB

After

Width:  |  Height:  |  Size: 20 KiB

Before After
Before After

0
anonsimplex/28.png → anon-simplex-server/11.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 29 KiB

After

Width:  |  Height:  |  Size: 29 KiB

Before After
Before After

0
anonsimplex/29.png → anon-simplex-server/12.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

Before After
Before After

0
anonsimplex/30.png → anon-simplex-server/13.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 29 KiB

After

Width:  |  Height:  |  Size: 29 KiB

Before After
Before After

0
anonsimplex/31.png → anon-simplex-server/14.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 44 KiB

Before After
Before After

0
anonsimplex/35.png → anon-simplex-server/15.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 44 KiB

Before After
Before After

0
anonsimplex/37.png → anon-simplex-server/2.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 23 KiB

Before After
Before After

0
anonsimplex/20.png → anon-simplex-server/3.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 25 KiB

Before After
Before After

0
anonsimplex/21.png → anon-simplex-server/4.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

Before After
Before After

0
anonsimplex/22.png → anon-simplex-server/5.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 26 KiB

Before After
Before After

0
anonsimplex/23.png → anon-simplex-server/6.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

Before After
Before After

0
anonsimplex/24.png → anon-simplex-server/7.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3 KiB

After

Width:  |  Height:  |  Size: 3 KiB

Before After
Before After

0
anonsimplex/25.png → anon-simplex-server/8.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 21 KiB

Before After
Before After

0
anonsimplex/26.png → anon-simplex-server/9.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 21 KiB

Before After
Before After

472
anon-simplex-server/index.md Normal file
View file

@ -0,0 +1,472 @@
---
author: Hoover
date: 2025-05-23
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/260"
xmr: 42yco9t6qK98N191EZzKJUCH7cit5JT8mBJQvVULEPAPeBHurbFqGj2hK7kaFhqasv8AYLpbuP15Wg5suzyjUd5SMLqabRw
tags:
- Core Tutorial
---
# Anonymous Simplex SMP & XFTP Servers setup
### **If you do not have SImpleX installed please refer to this tutorial [post](../anonsimplex/index.md)**
## **Only using your own onion-only simplex server doesn't isolate you.**
A common misconception that people seem to have is that you wouldn't be able to communicate with regular simplex users that don't have Tor connectivity, when you're only using your own onion-only simplex servers. **But that's not true, you're not even isolated when using onion-only servers.** This mode of thinking comes the fact that traditional federated apps (like the fediverse) don't care about server-side anonymity. But, lucky for us, the official simplex servers also allow Tor connections in between simplex servers, which makes this whole setup possible.
![](0.png)
In reality, thanks to Simplex's Private Routing protocol, (which is a 2 hop routing protocol), **your trusted simplex server (which is onion-only) communicates with the other party's trusted simplex server, as long as they have Tor connectivity.** And if the other peer is using the default Simplex Servers, which all have Tor connectivity, then they can still communicate to your own onion-only simplex server, which ensures that you're not isolated when you want to have a public, yet anonymous community [like the one we have at Nowhere.](http://nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/simplex.html)
That's what we are going for in this tutorial. We're going to setup a simplex server that is onion-only, to protect the server-side anonymity, **and we'll use our simplex client to only connect through our onion-only simplex server, and we'll create group chats with it so that we can have our own public, yet anonymous chatroom.**
## **SimpleX Server Setup**
It's important to note that in theory, it doesn't matter which SimpleX server you connect to, as all communications are end-to-end encrypted. When you connect via Tor, it further ensures that the server itself won't be able to trace your connection back to you. Your anonymity is maintained through the use of Tor, and your conversations are protected by SimpleX's encryption.
We're going to make use of [HackLiberty's tutorial](https://forum.hackliberty.org/t/simplex-server-docker-installation-guide-smp-xftp/140) on how to install and configure a SimpleX server using Docker.
First we're going to create the docker-compose.yml file and the .env file as follows:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat docker-compose.yml
version: '3.7' #this version is obsolete, change me
networks:
tor-test:
driver: bridge
ipam:
config:
- subnet: 10.6.0.0/24
gateway: 10.6.0.1
services:
simplex-smp-server:
image: simplexchat/smp-server:latest
container_name: simplex-smp
restart: always
user: "1000:1000" #user uid - change if necessary
ports:
- "127.0.0.1:5223:5223" #this will expose port 5223 to internet
volumes:
- ./smp/config:/etc/opt/simplex:Z
- ./smp/logs:/var/opt/simplex:Z
environment:
- ADDR=${SIMPLEX_ADDR}
# - PASS=${SIMPLEX_PASSWORD} #for non public servers
networks:
tor-test:
ipv4_address: 10.6.0.5
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
simplex-xftp-server:
image: simplexchat/xftp-server:latest
container_name: simplex-xftp
user: "1000:1000" #user uid - change if necessary
ports:
- "127.0.0.1:5233:5233" #port mapping to expose xftp to internet on port 5233
restart: always
volumes:
- ./xftp/config:/etc/opt/simplex-xftp:Z
- ./xftp/logs:/var/opt/simplex-xftp:Z
- ./xftp/files:/srv/xftp
environment:
- ADDR=${XFTP_ADDR}
- QUOTA=150gb #change to set your own quota
networks:
tor-test:
ipv4_address: 10.6.0.6
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
tor:
image: osminogin/tor-simple
container_name: tor-simplex
volumes:
- ./tor-data:/var/lib/tor
- ./tor-data/torrc:/etc/tor
networks:
tor-test:
ipv4_address: 10.6.0.4
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat .env
SIMPLEX_ADDR="nowhere" #If using FDQN, make sure to set DNS record
SIMPLEX_PASSWORD="dawiuhwaihyawy4129y89u0u1"
XFTP_ADDR="nowhere" #If using FDQN, make sure to set DNS record
#yes no clearnet at all
Then we're going to create the folders as follows:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p {xftp,smp}/{config,logs}
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ tree .
.
├── docker-compose.yml
├── notes.txt
├── smp
│   ├── config
│   └── logs
└── xftp
├── config
└── logs
7 directories, 2 files
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p xftp/files
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ ls
docker-compose.yml notes.txt smp xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cd xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex/xftp]
→ ls
config files logs
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex/xftp]
→ cd ..
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ ls
docker-compose.yml notes.txt smp xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p tor-data/torrc
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p tor-data/{simplex-xftp,simplex-smp}
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p {xftp,smp}/{config,logs}
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ chmod 700 tor-data/simplex-xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ chmod 700 tor-data/simplex-smp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ sudo chown 100:65533 tor-data/simplex-xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ sudo chown 100:65533 tor-data/simplex-smp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ chown -R 100:65533 tor-data/
chmod 777 -R smp
chmod 777 -R xftp
Be aware that [SimpleX's documentation]() doesn't recommend by default that the servers be anonymous, they only care about the users being anonymous, that's why they recommend these 3 lines in the torrc configuration:
SOCKSPort 0
HiddenServiceNonAnonymousMode 1
HiddenServiceSingleHopMode 1
**DO NOT USE THESE, otherwise your servers' location will be known. You need to use the following instead:**
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ vim tor-data/torrc/torrc
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat tor-data/torrc/torrc
SOCKSPort 0.0.0.0:9050
HiddenServiceDir /var/lib/tor/simplex-smp
HiddenServicePort 5223 simplex-smp:5223
HiddenServicePort 80 simplex-smp:80
HiddenServiceDir /var/lib/tor/simplex-xftp
HiddenServicePort 5233 simplex-xftp:5233
Then we're going to run the docker containers so that it creates the tor hostnames for both the smp and xftp services, so that we can use both in the .env file:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ docker-compose up
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ tree tor-data
tor-data
├── simplex-smp
│   ├── authorized_clients
│   ├── hostname
│   ├── hs_ed25519_public_key
│   └── hs_ed25519_secret_key
├── simplex-xftp
│   ├── authorized_clients
│   ├── hostname
│   ├── hs_ed25519_public_key
│   └── hs_ed25519_secret_key
└── torrc
└── torrc
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat tor-data/simplex-smp/hostname
b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat tor-data/simplex-xftp/hostname
wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ vim .env
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat .env
SIMPLEX_ADDR="b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion" #If using FDQN, make sure to set DNS record
SIMPLEX_PASSWORD="dawiuhwaihyawy4129y89u0u1"
XFTP_ADDR="wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion" #If using FDQN, make sure to set DNS record
Then we'll save both the private keys in our keepass and then shred them:
#save both the private keys it in your keepass and then shred it
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat smp/config/ca.key
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ shred -u smp/config/ca.key
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat xftp/config/ca.key
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ shred -u xftp/config/ca.key
Then we edit the smp config correctly as we will NOT use the clearnet at all, the config parts regarding port 443 https are to be commented.
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat smp/config/smp-server.ini | tail -n3
#https: 443
#cert: /etc/opt/simplex/web.crt
#key: /etc/opt/simplex/web.key
[TRANSPORT]
# Host is only used to print server address on start.
# You can specify multiple server ports.
host: b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
#port: 5223,443 ## we don't need 443!
port: 5223
log_tls_errors: off
Then we also configure it so that the simplex smp server goes through the docker tor daemon to connect to other servers:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ vim smp/config/smp-server.ini
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat smp/config/smp-server.ini
[PROXY]
# Network configuration for SMP proxy client.
# `host_mode` can be 'public' (default) or 'onion'.
# It defines preferred hostname for destination servers with multiple hostnames.
host_mode: onion
required_host_mode: off
# The domain suffixes of the relays you operate (space-separated) to count as separate proxy statistics.
# own_server_domains:
# SOCKS proxy port for forwarding messages to destination servers.
# You may need a separate instance of SOCKS proxy for incoming single-hop requests.
socks_proxy: 10.6.0.4:9050
#socks_proxy: tor-simplex:9050
# `socks_mode` can be 'onion' for SOCKS proxy to be used for .onion destination hosts only (default)
# or 'always' to be used for all destination hosts (can be used if it is an .onion server).
socks_mode: always
# Limit number of threads a client can spawn to process proxy commands in parallel.
# client_concurrency: 32
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ vim xftp/config/file-server.ini
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat xftp/config/file-server.ini
[STORE_LOG]
# The server uses STM memory for persistence,
# that will be lost on restart (e.g., as with redis).
# This option enables saving memory to append only log,
# and restoring it when the server is started.
# Log is compacted on start (deleted objects are removed).
enable: on
# Expire files after the specified number of hours.
expire_files_hours: 48
log_stats: off
[AUTH]
# Set new_files option to off to completely prohibit uploading new files.
# This can be useful when you want to decommission the server, but still allow downloading the existing files.
new_files: on
# Use create_password option to enable basic auth to upload new files.
# The password should be used as part of server address in client configuration:
# xftp://fingerprint:password@host1,host2
# The password will not be shared with file recipients, you must share it only
# with the users who you want to allow uploading files to your server.
# create_password: password to upload files (any printable ASCII characters without whitespace, '@', ':' and '/')
# control_port_admin_password:
# control_port_user_password:
[TRANSPORT]
# host is only used to print server address on start
host: nowhere
port: 5233
log_tls_errors: off
# control_port: 5226
[FILES]
path: /srv/xftp
storage_quota: 10gb
[INACTIVE_CLIENTS]
# TTL and interval to check inactive clients
disconnect: off
# ttl: 21600
# check_interval: 3600
Then we simply run the docker containers again:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ docker-compose down ; docker-compose up -d
Starting simplex-xftp ... done
Starting simplex-smp ... done
Starting tor-simplex ... done
simplex-smp | Server address: smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@nowhere
simplex-xftp | Server address: xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@nowhere
**#need to manually change the @nowhere to be the onion urls:
smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion:5233**
_Sidenote:_ One important thing to note though is that you shouldn't be the only one to use your own simplex servers as if you are the only one to use that one simplex server, people may figure out that you're the same person when trying to use different profiles. This is why you should list your simplex servers publicly somewhere, either in your own community like i did [here](http://nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/simplex.html):
![](1.png)
Or you can list your simplex servers on public lists like this one:
![](2.png)
Optional but recommended: Since you are using docker containers, you can easily automate keeping them updated with a simple cronjob:
[ Wonderland ] [ /dev/pts/4 ] [~]
→ crontab -e
#daily simplex containers update
0 0 * * * docker-compose -f /srv/simplex/docker-compose.yml pull ; docker-compose -f /srv/simplex/docker-compose.yml down; docker-compose -f /srv/simplex/docker-compose.yml up -d
Once that's done, we can go ahead and add the servers in our simplex client:
## **Step 4: Configure SimpleX To Use Your Server**
Now from our simplex client we need to make sure that we are using our own simplex servers, which have the following URL:
SMP server:
smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
XFTP server:
xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion:5233
` ![](3.png) ![](4.png) ![](5.png) ![](6.png) ![](7.png) ![](8.png) ![](9.png) ![](10.png)
And now that our simplex client is ONLY using our onion-only simplex servers, we can create our own chatrooms:
## **How to Create Chatrooms in Incognito mode**
Now that we are using our own simplex servers, we can create a chatrooms in incognito mode (meaning that our username will simply be a random noun and adjective):
![](11.png) ![](12.png) ![](13.png)
Enter a name for your group. You can also add a photo for the group.
Tick the **Incognito** option. Doing this ensures your profile name and image is hidden from your group members and allows for anonymous connections with other people without shared data. Once you have filled out the necessary information, press **Create group**.
![](14.png)
as noted above, since you are only using tor-only simplex servers, **this means that you are forcing the users to use Tor to be able to join your invite links.** Here's what the invite link looks like:
https://simplex.chat/contact#/?v=2-7&smp;=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40**b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion** %2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data;=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
as you can see the default invite link looks like that, and as you can see the onion server address appears in the link, which is the reason why if the user that wants to join doesn't have tor connectivity, he won't be able to join. If you don't want to use any of simplex's servers, you can simply replace the **https://simplex.chat/** at the beginning with your simplex smp server onion url as follows:
**http://b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion/** contact#/?v=2-7&smp;=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data;=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
` ![](15.png)
If you want to not contact any simplex server to be able to view the invite link, you can simply replace the server address to **simplex:/** , which will transform the link as follows:
**simplex:/** contact#/?v=2-7&smp;=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data;=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
## **Conclusion**
By following this tutorial, you've set up a secure, anonymous simplex server on Tor. You've configured a SimpleX server with `.onion` addresses and create incognito chatrooms. This setup ensures that your private conversations remain secure and untraceable.
### **What You've Accomplished**
- Configured SimpleX servers to use `.onion` addresses.
- Created incognito chatroooms

0
anonsimplex/32.png → anonsimplex/0.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 21 KiB

Before After
Before After

0
anonsimplex/33.png → anonsimplex/1.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 38 KiB

Before After
Before After

0
anonsimplex/34.png → anonsimplex/2.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 39 KiB

Before After
Before After

473
anonsimplex/index.md
View file

@ -1,6 +1,6 @@
---
author: Hoover
date: 2024-10-12
date: 2025-05-23
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/260"
xmr: 42yco9t6qK98N191EZzKJUCH7cit5JT8mBJQvVULEPAPeBHurbFqGj2hK7kaFhqasv8AYLpbuP15Wg5suzyjUd5SMLqabRw
tags:
@ -24,7 +24,7 @@ _Privacy:_
2. The application must have End to End Encryption by default (E2EE)
3. The application must allow us to run and use our own servers (Decentralisation)
3. The application must allow us to run and use our own servers (Decentralization)
@ -47,7 +47,7 @@ _Deniability:_
You'd be suprised to see that as of right now (November 2024) there is only SimpleX that actually fits all of these criterias. therefore that's what we'll use for Anonymous chats.
You'd be surprised to see that as of right now (November 2024) there is only SimpleX that actually fits all of these criteria. therefore that's what we'll use for Anonymous chats.
## _Mobile OPSEC Recommendations:_
@ -137,459 +137,7 @@ Once you've created your profile, open the kebab menu on the bottom left and ope
### **You have now successfully configured SimpleX to use Tor!**
## **Only using your own onion-only simplex server doesn't isolate you.**
A common misconception that people seem to have is that you wouldnt be able to communicate with regular simplex users that don't have Tor connectivity, when you're only using your own onion-only simplex servers. **But that's not true, you're not even isolated when using onion-only servers.** This mode of thinking comes the fact that traditional federated apps (like the fediverse) don't care about serverside anonymity. But, lucky for us, the official simplex servers also allow Tor connections in between simplex servers, which makes this whole setup possible.
![](50.png)
In reality, thanks to Simplex's Private Routing protocol, (which is a 2 hop routing protocol), **your trusted simplex server (which is onion-only) communicates with the other party's trusted simplex server, as long as they have Tor connectivity.** And if the other peer is using the default Simplex Servers, which all have Tor connectivity, then they can still communicate to your own onion-only simplex server, which ensures that you're not isolated when you want to have a public, yet anonymous community [like the one we have at Nowhere.](http://nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/simplex.html)
That's what we are going for in this tutorial. We're going to setup a simplex server that is onion-only, to protect the serverside anonymity, **and we'll use our simplex client to only connect through our onion-only simplex server, and we'll create groupchats with it so that we can have our own public, yet anonymous chatroom.**
## **Step 3. SimpleX Server Setup**
It's important to note that in theory, it doesn't matter which SimpleX server you connect to, as all communications are end-to-end encrypted. When you connect via Tor, it further ensures that the server itself won't be able to trace your connection back to you. Your anonymity is maintained through the use of Tor, and your conversations are protected by SimpleX's encryption.
We're going to make use of [HackLiberty's tutorial](https://forum.hackliberty.org/t/simplex-server-docker-installation-guide-smp-xftp/140) on how to install and configure a SimpleX server using Docker.
First we're going to create the docker-compose.yml file and the .env file as follows:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat docker-compose.yml
version: '3.7' #this version is obsolete, change me
networks:
tor-test:
driver: bridge
ipam:
config:
- subnet: 10.6.0.0/24
gateway: 10.6.0.1
services:
simplex-smp-server:
image: simplexchat/smp-server:latest
container_name: simplex-smp
restart: always
user: "1000:1000" #user uid - change if necessary
ports:
- "127.0.0.1:5223:5223" #this will expose port 5223 to internet
volumes:
- ./smp/config:/etc/opt/simplex:Z
- ./smp/logs:/var/opt/simplex:Z
environment:
- ADDR=${SIMPLEX_ADDR}
# - PASS=${SIMPLEX_PASSWORD} #for non public servers
networks:
tor-test:
ipv4_address: 10.6.0.5
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
simplex-xftp-server:
image: simplexchat/xftp-server:latest
container_name: simplex-xftp
user: "1000:1000" #user uid - change if necessary
ports:
- "127.0.0.1:5233:5233" #port mapping to expose xftp to internet on port 5233
restart: always
volumes:
- ./xftp/config:/etc/opt/simplex-xftp:Z
- ./xftp/logs:/var/opt/simplex-xftp:Z
- ./xftp/files:/srv/xftp
environment:
- ADDR=${XFTP_ADDR}
- QUOTA=150gb #change to set your own quota
networks:
tor-test:
ipv4_address: 10.6.0.6
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
tor:
image: osminogin/tor-simple
container_name: tor-simplex
volumes:
- ./tor-data:/var/lib/tor
- ./tor-data/torrc:/etc/tor
networks:
tor-test:
ipv4_address: 10.6.0.4
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat .env
SIMPLEX_ADDR="nowhere" #If using FDQN, make sure to set DNS record
SIMPLEX_PASSWORD="dawiuhwaihyawy4129y89u0u1"
XFTP_ADDR="nowhere" #If using FDQN, make sure to set DNS record
#yes no clearnet at all
Then we're going to create the folders as follows:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p {xftp,smp}/{config,logs}
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ tree .
.
├── docker-compose.yml
├── notes.txt
├── smp
│   ├── config
│   └── logs
└── xftp
├── config
└── logs
7 directories, 2 files
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p xftp/files
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ ls
docker-compose.yml notes.txt smp xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cd xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex/xftp]
→ ls
config files logs
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex/xftp]
→ cd ..
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ ls
docker-compose.yml notes.txt smp xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p tor-data/torrc
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p tor-data/{simplex-xftp,simplex-smp}
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ mkdir -p {xftp,smp}/{config,logs}
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ chmod 700 tor-data/simplex-xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ chmod 700 tor-data/simplex-smp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ sudo chown 100:65533 tor-data/simplex-xftp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ sudo chown 100:65533 tor-data/simplex-smp
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ chown -R 100:65533 tor-data/
chmod 777 -R smp
chmod 777 -R xftp
Be aware that [SimpleX's documentation]() doesn't recommend by default that the servers be anonymous, they only care about the users being anonymous, that's why they recommend these 3 lines in the torrc configuration:
SOCKSPort 0
HiddenServiceNonAnonymousMode 1
HiddenServiceSingleHopMode 1
**DO NOT USE THESE, otherwise your servers' location will be known. You need to use the following instead:**
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ vim tor-data/torrc/torrc
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat tor-data/torrc/torrc
SOCKSPort 0.0.0.0:9050
HiddenServiceDir /var/lib/tor/simplex-smp
HiddenServicePort 5223 simplex-smp:5223
HiddenServicePort 80 simplex-smp:80
HiddenServiceDir /var/lib/tor/simplex-xftp
HiddenServicePort 5233 simplex-xftp:5233
Then we're going to run the docker containers so that it creates the tor hostnames for both the smp and xftp services, so that we can use both in the .env file:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ docker-compose up
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ tree tor-data
tor-data
├── simplex-smp
│   ├── authorized_clients
│   ├── hostname
│   ├── hs_ed25519_public_key
│   └── hs_ed25519_secret_key
├── simplex-xftp
│   ├── authorized_clients
│   ├── hostname
│   ├── hs_ed25519_public_key
│   └── hs_ed25519_secret_key
└── torrc
└── torrc
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat tor-data/simplex-smp/hostname
b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat tor-data/simplex-xftp/hostname
wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ vim .env
[ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
→ cat .env
SIMPLEX_ADDR="b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion" #If using FDQN, make sure to set DNS record
SIMPLEX_PASSWORD="dawiuhwaihyawy4129y89u0u1"
XFTP_ADDR="wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion" #If using FDQN, make sure to set DNS record
Then we'll save both the private keys in our keepass and then shred them:
#save both the private keys it in your keepass and then shred it
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat smp/config/ca.key
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ shred -u smp/config/ca.key
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat xftp/config/ca.key
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ shred -u xftp/config/ca.key
Then we edit the smp config correctly as we will NOT use the clearnet at all, the config parts regarding port 443 https are to be commented.
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat smp/config/smp-server.ini | tail -n3
#https: 443
#cert: /etc/opt/simplex/web.crt
#key: /etc/opt/simplex/web.key
[TRANSPORT]
# Host is only used to print server address on start.
# You can specify multiple server ports.
host: b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
#port: 5223,443 ## we dont need 443!
port: 5223
log_tls_errors: off
Then we also configure it so that the simplex smp server goes through the docker tor daemon to connect to other servers:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ vim smp/config/smp-server.ini
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat smp/config/smp-server.ini
[PROXY]
# Network configuration for SMP proxy client.
# `host_mode` can be 'public' (default) or 'onion'.
# It defines prefferred hostname for destination servers with multiple hostnames.
host_mode: onion
required_host_mode: off
# The domain suffixes of the relays you operate (space-separated) to count as separate proxy statistics.
# own_server_domains:
# SOCKS proxy port for forwarding messages to destination servers.
# You may need a separate instance of SOCKS proxy for incoming single-hop requests.
socks_proxy: 10.6.0.4:9050
#socks_proxy: tor-simplex:9050
# `socks_mode` can be 'onion' for SOCKS proxy to be used for .onion destination hosts only (default)
# or 'always' to be used for all destination hosts (can be used if it is an .onion server).
socks_mode: always
# Limit number of threads a client can spawn to process proxy commands in parrallel.
# client_concurrency: 32
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ vim xftp/config/file-server.ini
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ cat xftp/config/file-server.ini
[STORE_LOG]
# The server uses STM memory for persistence,
# that will be lost on restart (e.g., as with redis).
# This option enables saving memory to append only log,
# and restoring it when the server is started.
# Log is compacted on start (deleted objects are removed).
enable: on
# Expire files after the specified number of hours.
expire_files_hours: 48
log_stats: off
[AUTH]
# Set new_files option to off to completely prohibit uploading new files.
# This can be useful when you want to decommission the server, but still allow downloading the existing files.
new_files: on
# Use create_password option to enable basic auth to upload new files.
# The password should be used as part of server address in client configuration:
# xftp://fingerprint:password@host1,host2
# The password will not be shared with file recipients, you must share it only
# with the users who you want to allow uploading files to your server.
# create_password: password to upload files (any printable ASCII characters without whitespace, '@', ':' and '/')
# control_port_admin_password:
# control_port_user_password:
[TRANSPORT]
# host is only used to print server address on start
host: nowhere
port: 5233
log_tls_errors: off
# control_port: 5226
[FILES]
path: /srv/xftp
storage_quota: 10gb
[INACTIVE_CLIENTS]
# TTL and interval to check inactive clients
disconnect: off
# ttl: 21600
# check_interval: 3600
Then we simply run the docker containers again:
[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
→ docker-compose down ; docker-compose up -d
Starting simplex-xftp ... done
Starting simplex-smp ... done
Starting tor-simplex ... done
simplex-smp | Server address: smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@nowhere
simplex-xftp | Server address: xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@nowhere
**#need to manually change the @nowhere to be the onion urls:
smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion:5233**
_Sidenote:_ One important thing to note though is that you shouldn't be the only one to use your own simplex servers as if you are the only one to use that one simplex server, people may figure out that you're the same person when trying to use different profiles. This is why you should list your simplex servers publicly somewhere, either in your own community like i did [here](http://nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/simplex.html):
![](36.png)
Or you can list your simplex servers on public lists like this one:
![](37.png)
Optional but recommended: Since you are using docker containers, you can easily automate keeping them updated with a simple cronjob:
[ Wonderland ] [ /dev/pts/4 ] [~]
→ crontab -e
#daily simplex containers update
0 0 * * * docker-compose -f /srv/simplex/docker-compose.yml pull ; docker-compose -f /srv/simplex/docker-compose.yml down; docker-compose -f /srv/simplex/docker-compose.yml up -d
Once that's done, we can go ahead and add the servers in our simplex client:
## **Step 4: Configure SimpleX To Use Your Server**
Now from our simplex client we need to make sure that we are using our own simplex servers, which have the following URL:
SMP server:
smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
XFTP server:
xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion:5233
` ![](20.png) ![](21.png) ![](22.png) ![](23.png) ![](24.png) ![](25.png) ![](26.png) ![](27.png)
And now that our simplex client is ONLY using our onion-only simplex servers, we can create our own chatrooms:
## **How to Create Chatrooms in Incognito mode**
Now that we are using our own simplex servers, we can create a chatrooms in incognito mode (meaning that our username will simply be a random noun and adjective):
![](28.png) ![](29.png) ![](30.png)
Enter a name for your group. You can also add a photo for the group.
Tick the **Incognito** option. Doing this ensures your profile name and image is hidden from your group members and allows for anonymous connections with other people without shared data. Once you have filled out the necessary information, press **Create group**.
![](31.png)
as noted above, since you are only using tor-only simplex servers, **this means that you are forcing the users to use Tor to be able to join your invite links.** Here's what the invite link looks like:
https://simplex.chat/contact#/?v=2-7&smp;=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40**b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion** %2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data;=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
as you can see the default invite link looks like that, and as you can see the onion server address appears in the link, which is the reason why if the user that wants to join doesnt have tor connectivity, he won't be able to join. If you don't want to use any of simplex's servers, you can simply replace the **https://simplex.chat/** at the beginning with your simplex smp server onion url as follows:
**http://b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion/** contact#/?v=2-7&smp;=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data;=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
` ![](35.png)
If you want to not contact any simplex server to be able to view the invite link, you can simply replace the server address to **simplex:/** , which will transform the link as follows:
**simplex:/** contact#/?v=2-7&smp;=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data;=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
### **To learn about creating your own SimpleX, please refer to this tutorial [post](../anon-simplex-server/index.md)**
## **How to Join Chatrooms in Incognito mode**
@ -597,27 +145,26 @@ If you have received an invite to a SimpleX chatroom, you can join it by pressin
Paste your invite link into the input field and press **Enter**.
![](32.png)
![](0.png)
You will be met with a window asking wheter you'd like to connect using your current profile or using an Incognito profile.
You will be met with a window asking whether you'd like to connect using your current profile or using an Incognito profile.
Select **Use new incognito profile**.
This is because we don't want to reveal what our simplex username is, we just want to join the chatroom using a random username that is not tied to our identity.
![](33.png)
![](1.png)
And there as you can see, everyone that joins in in incognito gets a random pseudonym with the format "Random Adjective Random Word" effectively helping the users maintain their anonymity while in the chat.
![](34.png)
![](2.png)
## **Conclusion**
By following this tutorial, you've set up a secure, anonymous chat system using SimpleX and Tor. You've learned how to install Orbot, configure SimpleX servers with `.onion` addresses, create incognito chatrooms, and join them anonymously. This setup ensures that your private conversations remain secure and untraceable.
By following this tutorial, you've set up a secure, anonymous chat system using SimpleX and Tor.You've learned how to install Orbot, joined incognito chatrooms anonymously. This setup ensures that your private conversations remain secure and untraceable.
### **What You've Accomplished**
- Installed Orbot and routed traffic through the Tor network.
- Configured SimpleX servers to use `.onion` addresses.
- Created and joined anonymous chatrooms in incognito mode.
- joined anonymous chatrooms in incognito mode.

BIN
privatesimplex/20.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
privatesimplex/21.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 76 KiB

BIN
privatesimplex/22.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 75 KiB

BIN
privatesimplex/6.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.5 KiB

After

Width:  |  Height:  |  Size: 51 KiB

Before After
Before After

BIN
privatesimplex/7.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 76 KiB

Before After
Before After

BIN
privatesimplex/8.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 75 KiB

Before After
Before After

204
privatesimplex/index.md
View file

@ -1,10 +1,8 @@
---
author: XMRonly
date: 2025-04-30
date: 2025-05-22
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/61"
xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3
tags:
- Core Tutorial
---
# Easy Private Chats - SimpleX
@ -49,11 +47,11 @@ From the above comparison, we can see that only SimpleX meets all of the criteri
To download Simplex Desktop, you can go on [https://simplex.chat/](https://simplex.chat)
![](20.png)
![](6.png)
Then you can download the appimage here:
![](21.png)
![](7.png)
And lastly once downloaded, you can simply make a shortcut with it and make sure it's executable:
@ -81,7 +79,7 @@ And lastly once downloaded, you can simply make a shortcut with it and make sure
And from there you'll land in the simplex chat app:
![](22.png)
![](8.png)
Now if you're a tinfoil hatter, **you may not trust the binaries being distributed by simplex, and you might want to compile it yourself, which is also possible** , so let's showcase how you can do that aswell:
@ -162,7 +160,7 @@ Then set the LD_LIBRARY_PATH manually to make it find the libjpeg.so.8 library,
And from there you'll also end up with a functional simplex binary to use, in case if you don't trust simplex.chat and want to compile it yourself:
![](22.png)
![](8.png)
## **Using SimpleX**
@ -182,197 +180,11 @@ Once your friends connect, you can start messaging.
![](5.png)
Out of the box, SimpleX works perfectly fine. However, more advanced users may wish to tweak a few settings or self-host their own servers.
Out of the box, SimpleX works perfectly fine. However, more advanced users may wish to tweak a few settings or self-host their own servers.
## **Self-Hosting SimpleX Servers**
### Requirements
1\. A VPS running Debian 12 (or Ubuntu 22.04)
2\. A domain name (or subdomain)
To start, we will need a domain name. A subdomain such as a free one obtained from **https://freedns.afraid.org** will also work. Create A record entries for smp.yourdomain.tld and xftp.yourdomain.tld and point them at the IP address of your VPS.
![](6.png)
We will SSH into our VPS and set up our environment.
~ torsocks ssh root@145.223.79.150
The authenticity of host '145.223.79.150 (145.223.79.150)' can't be established.
ED25519 key fingerprint is SHA256:AGZHyLpidaSu+ZE3cLFZ3KWxQq3Mx9rDH+HLVNF/okc.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '145.223.79.150' (ED25519) to the list of known hosts.
root@145.223.79.150's password:
Linux srv636770 6.1.0-26-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Nov 20 21:05:02 2024 from 185.220.101.103
root@srv636770:~#
Once connected, we will follow the [official instructions](https://docs.docker.com/engine/install/debian/) to install Docker. Run:
# Add Docker's official GPG key:
apt update
apt install -y ca-certificates curl gnupg openssl vim
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
# Add the repository to Apt sources:
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
With the Docker apt repositories out of the way, install the Docker packages:
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
OPTIONAL: You can test everything is working up to this point by a deploying a test container to see some output. Run:
docker run hello-world
We will now set up a docker-compose.yml file with all the build instructions:
vim docker-compose.yml
Copy/paste the following and change the **ADDR** fields to your domain.
HINT: It's **p** to paste in vim, then **ESC :wq** to write changes and quit the file.
networks:
simplex:
services:
simplex-smp-server:
image: simplexchat/smp-server:v6.0.6
container_name: simplex-smp
restart: unless-stopped
ports:
- "5223:5223"
volumes:
- ./simplex/smp/config:/etc/opt/simplex:Z
- ./simplex/smp/logs:/var/opt/simplex:Z
environment:
- ADDR=smp.xmronly.us.to
# - PASS=${SIMPLEX_PASSWORD} #for non public servers
networks:
- simplex
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
simplex-xftp-server:
image: simplexchat/xftp-server:v6.1.3
container_name: simplex-xftp
ports:
- "443:443"
restart: unless-stopped
volumes:
- ./simplex/xftp/config:/etc/opt/simplex-xftp:Z
- ./simplex/xftp/logs:/var/opt/simplex-xftp:Z
- ./simplex/xftp/files:/srv/xftp:X
environment:
- ADDR=xftp.xmronly.us.to
- QUOTA=10gb #change to set your own quota
networks:
- simplex
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
A note about versioning: at the time of writing, there was an open [issue](https://github.com/simplex-chat/simplexmq/issues/1373) with the "latest" (v6.1.3) tag and HTTPS credentials for the SMP server. The most recent working version for the SMP server (v6.0.6) was definitively tagged here and the "latest" version for XFTP server (v6.1.3) was also definitively tagged to ensure working builds with the presented instructions. For reference, the "latest" version used in the [HackLiberty](https://forum.hackliberty.org/t/simplex-server-docker-installation-guide-smp-xftp/140) documentation for June 1st, 2024 is v5.8.0-beta.6 which is now several security fixes behind.
Everything is now ready to be deployed. Run:
docker compose up -d
Run the following command to see the SMP and XFTP server addresses:
echo "smp://$(<simplex/smp/config/fingerprint)@$(awk -F '=' '/ADDR=/ {print $2}' docker-compose.yml | head -1)" && \
echo "xftp://$(<simplex/xftp/config/fingerprint)@$(awk -F '=' '/ADDR=/ {print $2}' docker-compose.yml | tail -1)"
You should see output similar to this and just like that your self-hosted SimpleX servers are now ready!
smp://IB2NJl4Pv3OSLUmnvipKkCuJKGkEDfgUNkYFiKIH_GY=@smp.xmronly.us.to
xftp://t_H_I_h5Iz7X-ChxA3nJeyw0s_2PJIFkfSK7Ng6UulU=@xftp.xmronly.us.to
## **Adding Your Self-Hosted SimpleX Servers**
To add the newly created self-hosted SimpleX servers to your client, click on your profile on the top left, followed by Settings. Click on Network & servers. We will modify both the Message servers (SMP) and the Media & file servers (XFTP).
![](7.png)
Click on **Message servers** and scroll down to Add server. Select Enter server manually. Paste in your SMP server address from above, click Test server and receive a green check mark. Finally, tick Use for new connections.
![](8.png)
With our self-hosted SMP server set, it's time to remove the default SimpleX servers. Click on each of the presets, then click Delete server.
![](9.png)
With only our self-hosted SMP server remaining, click the back arrow, then save changes.
![](10.png)
We will now repeat the process for **Media & file servers**. Scroll down to Add server. Select Enter server manually. Paste in your XFTP server address from above, click Test server and receive a green check mark. Finally, tick Use for new connections.
![](11.png)
With our self-hosted XFTP server set, it's time to remove the default SimpleX servers. Click on each of the presets, then click Delete server.
![](12.png)
With only our self-hosted XFTP server remaining, click the back arrow, then save changes.
![](13.png)
It is possible to self-host onion servers as well, but since this article is focusing on privacy and not anonymity, that part of the setup has been omitted.
## **Using Your Self-Hosted SimpleX Servers**
All new connections will automatically use your self-hosted SimpleX servers, but what about already existing connections that were made using the default Simplex servers? It turns out existing connections do not automatically update, so we will need to manually change them. Click on the group name and scroll down to the members section. Click on a group member and scroll down to servers. We can see that Larry is using the default SimpleX servers. Click on Change receiving address and confirm the change. ![](14.png)
Repeat the process for Sam and you have now configured the group chat to use your self-hosted servers! ![](15.png)
You can confirm this by clicking on the group chat name and clicking on any of the members. ![](16.png)
if you want to setup your own private simplex server, check out this [tutorial](../simplex-server/index.md)
## **Conclusion**
In this article we saw how SimpleX compares to a few other popular instant messengers and some of its unique advantages. We saw how to easily install and start using it, and going the extra mile, how to self-host and use your own servers. With that knowledge in hand, you can easily make all your chats private!
In this article we saw how SimpleX compares to a few other popular instant messengers and some of its unique advantages. We saw how to easily install and start using it. With that knowledge in hand, you can easily make all your chats private!

BIN
simplex-server/1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.5 KiB

0
privatesimplex/15.png → simplex-server/10.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.7 KiB

After

Width:  |  Height:  |  Size: 6.7 KiB

Before After
Before After

0
privatesimplex/16.png → simplex-server/11.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 14 KiB

Before After
Before After

BIN
simplex-server/2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
simplex-server/3.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 12 KiB

0
privatesimplex/9.png → simplex-server/4.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 20 KiB

After

Width:  |  Height:  |  Size: 20 KiB

Before After
Before After

0
privatesimplex/10.png → simplex-server/5.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.3 KiB

After

Width:  |  Height:  |  Size: 6.3 KiB

Before After
Before After

0
privatesimplex/11.png → simplex-server/6.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

Before After
Before After

0
privatesimplex/12.png → simplex-server/7.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 20 KiB

After

Width:  |  Height:  |  Size: 20 KiB

Before After
Before After

0
privatesimplex/13.png → simplex-server/8.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.4 KiB

After

Width:  |  Height:  |  Size: 6.4 KiB

Before After
Before After

0
privatesimplex/14.png → simplex-server/9.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

Before After
Before After

201
simplex-server/index.md Normal file
View file

@ -0,0 +1,201 @@
---
author: XMRonly
date: 2025-05-22
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/61"
xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3
---
## **Remote Hosting SimpleX Servers**
Before diving into server hosting i will suggest going over the simplex client tutorial [post](../privatesimplex/index.md)
### Requirements
1\. A VPS running Debian 12 (or Ubuntu 22.04)
2\. A domain name (or subdomain)
To start, we will need a domain name. A subdomain such as a free one obtained from **https://freedns.afraid.org** will also work. Create A record entries for smp.yourdomain.tld and xftp.yourdomain.tld and point them at the IP address of your VPS.
![](1.png)
We will SSH into our VPS and set up our environment.
~ torsocks ssh root@145.223.79.150
The authenticity of host '145.223.79.150 (145.223.79.150)' can't be established.
ED25519 key fingerprint is SHA256:AGZHyLpidaSu+ZE3cLFZ3KWxQq3Mx9rDH+HLVNF/okc.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '145.223.79.150' (ED25519) to the list of known hosts.
root@145.223.79.150's password:
Linux srv636770 6.1.0-26-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Nov 20 21:05:02 2024 from 185.220.101.103
root@srv636770:~#
Once connected, we will follow the [official instructions](https://docs.docker.com/engine/install/debian/) to install Docker. Run:
# Add Docker's official GPG key:
apt update
apt install -y ca-certificates curl gnupg openssl vim
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
# Add the repository to Apt sources:
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
With the Docker apt repositories out of the way, install the Docker packages:
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
OPTIONAL: You can test everything is working up to this point by a deploying a test container to see some output. Run:
docker run hello-world
We will now set up a docker-compose.yml file with all the build instructions:
vim docker-compose.yml
Copy/paste the following and change the **ADDR** fields to your domain.
HINT: It's **p** to paste in vim, then **ESC :wq** to write changes and quit the file.
networks:
simplex:
services:
simplex-smp-server:
image: simplexchat/smp-server:v6.0.6
container_name: simplex-smp
restart: unless-stopped
ports:
- "5223:5223"
volumes:
- ./simplex/smp/config:/etc/opt/simplex:Z
- ./simplex/smp/logs:/var/opt/simplex:Z
environment:
- ADDR=smp.xmronly.us.to
# - PASS=${SIMPLEX_PASSWORD} #for non public servers
networks:
- simplex
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
simplex-xftp-server:
image: simplexchat/xftp-server:v6.1.3
container_name: simplex-xftp
ports:
- "443:443"
restart: unless-stopped
volumes:
- ./simplex/xftp/config:/etc/opt/simplex-xftp:Z
- ./simplex/xftp/logs:/var/opt/simplex-xftp:Z
- ./simplex/xftp/files:/srv/xftp:X
environment:
- ADDR=xftp.xmronly.us.to
- QUOTA=10gb #change to set your own quota
networks:
- simplex
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
A note about versioning: at the time of writing, there was an open [issue](https://github.com/simplex-chat/simplexmq/issues/1373) with the "latest" (v6.1.3) tag and HTTPS credentials for the SMP server. The most recent working version for the SMP server (v6.0.6) was definitively tagged here and the "latest" version for XFTP server (v6.1.3) was also definitively tagged to ensure working builds with the presented instructions. For reference, the "latest" version used in the [HackLiberty](https://forum.hackliberty.org/t/simplex-server-docker-installation-guide-smp-xftp/140) documentation for June 1st, 2024 is v5.8.0-beta.6 which is now several security fixes behind.
Everything is now ready to be deployed. Run:
docker compose up -d
Run the following command to see the SMP and XFTP server addresses:
echo "smp://$(<simplex/smp/config/fingerprint)@$(awk -F '=' '/ADDR=/ {print $2}' docker-compose.yml | head -1)" && \
echo "xftp://$(<simplex/xftp/config/fingerprint)@$(awk -F '=' '/ADDR=/ {print $2}' docker-compose.yml | tail -1)"
You should see output similar to this and just like that your self-hosted SimpleX servers are now ready!
smp://IB2NJl4Pv3OSLUmnvipKkCuJKGkEDfgUNkYFiKIH_GY=@smp.xmronly.us.to
xftp://t_H_I_h5Iz7X-ChxA3nJeyw0s_2PJIFkfSK7Ng6UulU=@xftp.xmronly.us.to
## **Adding Your Self-Hosted SimpleX Servers**
To add the newly created self-hosted SimpleX servers to your client, click on your profile on the top left, followed by Settings. Click on Network & servers. We will modify both the Message servers (SMP) and the Media & file servers (XFTP).
![](2.png)
Click on **Message servers** and scroll down to Add server. Select Enter server manually. Paste in your SMP server address from above, click Test server and receive a green check mark. Finally, tick Use for new connections.
![](3.png)
With our self-hosted SMP server set, it's time to remove the default SimpleX servers. Click on each of the presets, then click Delete server.
![](4.png)
With only our self-hosted SMP server remaining, click the back arrow, then save changes.
![](5.png)
We will now repeat the process for **Media & file servers**. Scroll down to Add server. Select Enter server manually. Paste in your XFTP server address from above, click Test server and receive a green check mark. Finally, tick Use for new connections.
![](6.png)
With our self-hosted XFTP server set, it's time to remove the default SimpleX servers. Click on each of the presets, then click Delete server.
![](7.png)
With only our self-hosted XFTP server remaining, click the back arrow, then save changes.
![](8.png)
It is possible to self-host onion servers as well, but since this article is focusing on privacy and not anonymity, that part of the setup has been omitted.
## **Using Your Self-Hosted SimpleX Servers**
All new connections will automatically use your self-hosted SimpleX servers, but what about already existing connections that were made using the default Simplex servers? It turns out existing connections do not automatically update, so we will need to manually change them. Click on the group name and scroll down to the members section. Click on a group member and scroll down to servers. We can see that Larry is using the default SimpleX servers. Click on Change receiving address and confirm the change. ![](9.png)
Repeat the process for Sam and you have now configured the group chat to use your self-hosted servers! ![](10.png)
You can confirm this by clicking on the group chat name and clicking on any of the members. ![](11.png)
## **Conclusion**
Now after creating your own server, you can feel safe and know that your data is saved but no other than you, you are one step close to invisibility, keep going! and don't forget
### **Be wary!, Be Paranoid!, Be Invisible!**