logoRandom

How to use Signal Web Gateway with Nextcloud

Preparing the system

Create a system user named signal to run the gateway with :

$ sudo useradd -r -s /usr/bin/nologin -d /var/lib/signal -c "Signal Web Gateway User" signal

Installation

Build from source Code

Install the dependencies to download and compile the program :

$ sudo pacman -S go git

Downlod and compile the source code :

$ go get github.com/signal-golang/textsecure
$ cd go/src/github.com/signal-golang/textsecure/cmd/textsecure/
$ go build
$ ./textsecure -h

Install the binary into the appropriate folder :

$ sudo install -g signal -Dm 0750 -t /opt/signal-golang/bin/ textsecure

Optional : If you want to add the program to your path

$ sudo ln -sv /opt/signal-golang/bin/textsecure /usr/local/bin/

Download binaries

Warning !! This version crashes when receiving a signal message with the following error :

level=fatal msg="Cannot read line from console: EOF"

But if you inisist :

$ curl -L -o signal-web-gateway https://gitlab.com/morph027/signal-web-gateway/-/jobs/artifacts/master/raw/signal-amd64?job=binary-amd64
$ sudo mkdir -p /opt/signal-web-gateway/bin
$ sudo install -g signal -m 0750 signal-web-gateway /opt/signal-web-gateway/bin/

Configuration

Create the systemd unit

Create the systemd unit that will be used to launch our gateway. Create the unit file /etc/systemd/system/signal-web-gateway.service with the following content :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[Unit]
Description=signal-web-gateway daemon
After=network.target

[Service]
User=signal
Group=signal
## Creates directery below /run
#RuntimeDirectory=signal-web-gateway
## relative path to /run
#PIDFile=/run/signal-web-gateway/pid

# Creates directery below /var/lib
StateDirectory=signal-web-gateway

# Creates directery below /var/log
LogsDirectory=signal-web-gateway
StandardOutput=append:/var/log/signal-web-gateway/output.log
StandardError=append:/var/log/signal-web-gateway/error.log

# Creates directery below /etc
ConfigurationDirectory=webapps/signal-web-gateway
WorkingDirectory=/var/lib/signal-web-gateway/

# Adjust the path accordingly
ExecStart=/opt/signal-golang/bin/textsecure -gateway -bind signal.lan:5000 -raw
# Use the next line instead if you don't create a symlink of /etc/webapps/signal-web-gateway
#ExecStart=/opt/signal-golang/bin/textsecure -gateway -config /etc/webapps/signal-web-gateway -bind signal.lan:5000
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/signal-web-gateway

Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

The service will fail to start because there is no config file. However, we are going to use systemd to create the required directories for us and arrange their permissions.

$ sudo systemctl start signal-web-gateway.service

Check if log files are present, otherwise create them with :

$ sudo touch /var/log/signal-web-gateway/{output,error}.log

Arrange the file permissions :

$ sudo chgrp signal /var/log/signal-web-gateway/{output,error}.log
$ sudo chmod 664 /var/log/signal-web-gateway/{output,error}.log

Create the config file

Create the config file config.yml under /etc/webapps/signal-web-gateway/ with following content.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#Put your phone number that will get verified by the server here
tel: "+212XXXXXXXXX"

#Server URL
server: https://textsecure-service.whispersystems.org:443

#Server's TLS root certificate path when using a non-default server
#See https://github.com/janimo/textsecure-docker#using-https
#rootCA: path/to/rootCA.pem

#proxy URL if you use one
#proxy: http://host:8080

#Registration code verification can be done via sms or voice
#Additionally the 'dev' type is supported for a non-official server fork.
verificationType: voice

#Where to store sessions' metadata, by default ".storage"
storageDir: /var/lib/signal-web-gateway

#Setting this to false turns off encryption of local storage, for developing.
unencryptedStorage: true

#The local storage uses password base encryption
#If not present here, the password will be requested on startup
#storagePassword: password

#Overrides the default HTTP User-Agent field ("Go 1.1 package http")
#userAgent: "TextSecure Go command line client 0.1"

#Logging verbosity; valid values are error,warn,info and debug, case insensitive
#loglevel: debug

Create a folder .config inside the Working Directory /var/lib/signal-web-gateway/ and a symlink to the config file :

$ sudo rm -r /var/lib/signal-web-gateway/.config
$ sudo ln -sv /etc/webapps/signal-web-gateway /var/lib/signal-web-gateway/.config

Verify your number by starting the application with -config parameter :

$ sudo -H -u signal /opt/signal-golang/bin/textsecure -config /etc/webapps/signal-web-gateway

Input the code received in the verification call and Ctrl+C to Exit.

Now you can start the systemd service

$ sudo systemctl enable --now signal-web-gateway.service

Optional : Create a Contact list

In order to send messages using names instead of numbers, you can create a contacts.yml in /etc/webapps/signal-web-gateway :

1
2
3
contacts:
- name: Fouad
  tel: "+212XXXXXXXXX"

Configuring Nextcloud To use Signal 2FA

Now you need to install The TwoFactor Gateway app in nextcloud and configure it to use your signal-web-gateway.

$ sudo -u nextcloud php /usr/share/webapps/nextcloud/occ app:install twofactor_gateway
$ sudo -u nextcloud php /usr/share/webapps/nextcloud/occ twofactorauth:gateway:configure signal

Enter Your Signal gateway address

signal.lan:5000

Now in Nextcloud user settings, under Security enable Signal two factor authentification and verify your number.

Test using Nextcloud's occ command

You can test the gateway by sending a signal msg to your number, change nc_username to your nextcloud user name :

$ sudo -u nextcloud php /usr/share/webapps/nextcloud/occ twofactorauth:gateway:test nc_username signal +212XXXXXXXXX

Sending Messages via the gateway

Using curl

$ curl -X POST -F "to=+212XXXXXXXXX" -F "message=Hi!" http://signal:5000
$ curl -X POST -d '{"message":"From desktop using VM Arch gateway"}' http://signal:5000/json/+212XXXXXXXXX

Using netcat

The content length should be calculated and sent otherwise a wrong header error will occur.

$ netcat signal.lan 5000

POST / HTTP/1.1
Host: signal.lan:5000
Content-Type: application/x-www-form-urlencoded
Content-Length: 53

to=%2b212XXXXXXXXX&message=Salut de la part du Netcat

Share on: RedditLinkedInTwitterFacebookEmail

Related Posts

Reading Time

~4 min read

Published

Category

Linux

Tags

Contact