Setting up a local server

Hi there!

I’m trying to set up my local Kontalk server. I have used the docker images (following the instructions here: github kontalk/xmppserver-docker) , and apparently it went fine:

I have used the default values in kontalk-setup. That’s where my first couple of question arises:

  • do I have to change the XMPP service name and use my own server’s IP address instead of (tried that to no avail, but I want to be sure :slight_smile:

  • I can see in the client that the default port is 5999, but according to nmap my local server is listening on
    5222/tcp open xmpp-client
    5269/tcp open xmpp-server
    Which one should I use to connect to my local server? (tried both of them, to no avail O:)

I installed the Android client of Kontalk, created an account and validated it (introducing the registration code that I got via SMS). Then, I exported my credentials (because I want to import them in the Java client).
Then I downloaded the (Java) desktop client, KontalkDesktop-3.1.2 and launched it. Then, I imported my key. So far, so good. The client automatically connects to the default server

But now, how do I connect to my local server? If I change the name of the server to my IP address (I tried both my internal IP address and the loopback and port (I tried 5222 and 5269), the connection fails:
(I checked out -disabled- the “Disable certificate validation” checkbox)

( --> Error: The server does not respond
In the console: “org.jivesoftware.smack.XMPPException$StreamErrorException: host-unknown You can read more about the meaning of this stream error at rfcs/rfc6120.html#streams-error-conditions”

( --> The server does not respond
In the console: “org.jivesoftware.smack.XMPPException$StreamErrorException: host-unknown You can read more about the meaning of this stream error at rfcs/rfc6120.html#streams-error-conditions”

If I change XMPP_SERVICE to localhost:


execute ./launcher rebuild and try again I obtain different errors:

(localhost:5222) --> Can’t login to server. The server rejects the account. Is the specified server correct and the account valid?
And in console: “WARNING: can’t login on localhost
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using EXTERNAL: invalid-authzid”

(localhost:5269) WARNING: can’t connect to localhost
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was ‘null’.

What am I doing wrong? Thanks!

1 Like

Hello and welcome!

Yes, that’s your service name, the part that appears after the “@” sign in your user ID. is the service name used in our test instance, but you have to change it to a domain you own.

Either will do, but prefer 5222 since it’s the default XMPP port. 5999 was used in the past for compatibility reasons with an old protocol… long story.

You can’t use an account created by a Kontalk production server in your own server. You need to register to your server. For test purposes, you can use the dummy registration provider, which simply accepts 123456 as verification code. It’s the default provider you’ll see in the default config/ file:


You can see the 123456 configured there. Come back here if you want to use real SMS messages (some hints also here).

Also a quick note on certificate validation: I assume you didn’t create any certificate or GPG key for your server; the system will create both for you automatically, but the server certificate is of course self-signed. That’s why you had to bypass validation within the app (“Disable certificate validation” checkbox). If you plan to open the server to the world (or even to a few people, whatever), you’ll have to generate a valid server certificate and maintain a GPG key for your server (as in keep it safely in storage and backed up). Special care should be taken for the GPG key since that’s the key that digitally certifies user logins.

I hope I answered all your questions.


Thanks for your answers! I will do some more testing, and keep you informed. At least, my experience should be useful for users that want to test Kontalk server locally :slight_smile:


1 Like

To make the most of your experience, make sure to report back if the instructions are missing something or there is something not very clear so we can keep them updated and make it easy for everyone to follow them.

Hi there!

Well, I have already made good progress with the docker-based server installation procedure. Let me explain it so other could benefit from it.
First, I started with a fresh Ubuntu server in the cloud. Installed the dependencies (docker, docker-compose, git…). Then, I uninstalled the Android application (I was already identified and my telephone number verified… and could not find any other way to “unverify” and start again from scratch).
Finally, I run the ./kontalk-setup script, but this time, I used my own XMPP service name ( I launched the Android app and changed the server name manually. Then I tried to verify my account (my phone number) but I kept getting errors :open_mouth:

Looking at the logs, I saw something related to an error trying to access subdomain in port 5222. So I added an SVR entry to my DNSs, following
Then, I double checked that my xmpp related ports were accesible from outside:

nmap from outside the machine:

Juanan-2:~ juanan$ nmap xxx.yyy.zzz.kkk

Starting Nmap 7.60 ( ) at 2018-07-16 09:48 CEST
Nmap scan report for xxx.yyy.zzz.kkk
Host is up (0.038s latency).
Not shown: 996 closed ports
22/tcp   open  ssh
80/tcp   open  http
5222/tcp open  xmpp-client
5269/tcp open  xmpp-server

Yep! Then tried again to verify my account with the Android app. This time it worked! I typed the 123456 as the dummy verification code and the connection was established.

Thanks for your help! I will keep studying the application and informing you about missing pieces of the puzzle (at least, for newbies in Kontalk like myself )

Hi! Following this effort to install a complete Kontalk server from the docker images, I would like to know what do I have to do in order to allow file uploads. So far, I have seen that the 8828/tcp port is open and accesible from the outside. But when trying to upload a file, I get an error : “Uploading file failed”.

The httpupload container is up and running:

root@ubuntu-s-1vcpu-3gb-ams3-01:~# docker ps | grep http
c87a0796a9ee kontalk/httpupload “/home/kontalk/entry…” 2 days ago Up 24 hours>8828/tcp

What else should I do to allow file uploads? Thanks.

Sorry for the delay in my answer, some business to attend to.

Yes I kind of forgot to mention that. I’ll add a note to the README.

As a matter of fact, this part is not covered very well. I’ll put some examples, in the meanwhile you can simply configure a reverse proxy via a HTTP server (e.g. nginx) and point some URL to the httpupload port (8828).
Do not expose 8828 directly, use the reverse proxy so you can map a “weird” unencrypted URL (http://hostname:8828) to a sane encrypted URL with a proper path (https://hostname/media).
That’s how is configured on Kontalk production server by the way. Using HTTPS on the default port also helps you with corporate-proxied connections (actually the problem is bigger here because the chat server itself runs on port 5222 so not really “proxyable”; we’ll address that as well in future releases).

Remember that the URL you configure in nginx (or whatever you’ll decide to use) must be configured in


Also remember to use the same SSL certificate in nginx from the chat server configuration.

@daniele_athome How do you generate gpg key, then remove its pass phrase? I am stuck at the point of creating a gpg key then remove passphrase

I can generate a gpg key gpg --gen-key
gpg2 --export [fingerprint] >tigase-kontalk/server-public.key gpg2 --export-secret-key [fingerprint] >tigase-kontalk/server-private.key

The problem is the command to remove the passphrase from the key(s). I assume they are passphrase protected.

Google helps :slight_smile:

You have to do it after creating your key.

Thanks daniele_athome,
However gpg refuses to change the passphrase
error changing passphrase:No passphrase given

I was forced to read through the docker files and I saw how it was done.

gpg2 --batch --gen-key <<EOF
Name-Real: My super name

And elsewhere, the keys were exported.

gpg2 --export-secret-key fingerprinthere > private-key.key
gpg2 --export fingerprintshuld_be_put_here > public-key.key

Its strange but I found the docker files more helpful than the documentation

I searched a little more, it seems the refusal can depend on GPG configuration or version. I probably should state that in the documentation.

Eheh I understand the feeling.