Signal, a popular (and mostly secure) messaging platform, has been blocked in Iran. If you're familiar with how internet traffic travels, you know how easy it is for a country to control the flow of information, but if you're not the gist of it is that the Iranian government has blacklisted all known Signal servers so you can't send any data to the or receive any.
To make the service accessible for users in countries where the government has blocked it, Signal has released a small and lightweight proxy server that you can host yourself. Users can connect through it, and since the amount of traffic isn't going to be enough to garner much attention, chances are it wouldn't be blocked.
The requirements are the hard part.
Setting up a Signal TLS proxy is actually super simple, provided you have what is required. That's where things are a bit less simple. To run a Singal proxy, you need:
- A computer capable of running Docker, Docker Compose, git, and the Signal proxy server. Linux is your best bet.
- A connection to the internet via ports 80 and 443.
- A static IP address.
- A domain name that's registered to your server's IP address.
Once you meet those requirements, the rest is pretty simple. We'll talk more about how you can meet them, but for the quick and easy setup here's what you need to do:
- On your server, install Docker, Docker Compose, and git:
sudo apt update && sudo apt install docker docker-compose git Clone the Signal TLS Proxy service repo:git clone https://github.com/signalapp/Signal-TLS-Proxy.gitNavigate to the downloaded directory:cd <path to>Signal-TLS-ProxyRun the script that encrypts the service using Let's Encrypt. You'll need to enter your domain name during this step:sudo ./init-certificate.sh- Launch the service using Docker Compose:
sudo docker-compose up --detach
Your Signal proxy will be running and ready to relay encrypted messages through the Signal service, even in places where the "official" servers have been blocked. Users can connect through the Signal Android app (at the time of this writing only Signal for Android phones support proxy servers) by entering your domain as a proxy in the Signal app settings, or by just tapping a link formatted as https://signal.tube/#<your_domain_name>.
Meeting the requirements
The Signal proxy service is really lightweight and doesn't need much horsepower to run. Something like an old laptop or a Raspberry Pi would be a perfect fit.
The bigger problem is keeping it open to the internet, having a static IP address, and doing both without allowing the jerks of the world to try and get into your network. You do not want to do this from your home unless you know what you are doing.
The best way to set one up would be by using a small VPS (virtual private server). That doesn't mean you need to spend a ton of money getting one from Amazon, Microsoft, or Google though — something like a $5 per month VPS from DigitalOcean works great.
If you know your way around the networking bits, a Raspberry Pi would be great for this one.
By using a hosted server you have all the bases covered — a static IP address, an operating system capable of running the service, and a robust set of protections against things like DDOS attacks.
These types of servers are usually really easy to set up, and once configured all you would need to do is register a domain name and point it to your server to be up and running. You'll find all the documentation you need to fire up a VPS from the company you're renting it from and almost all of them offer free tech support in case you need help.
You probably don't live in Iran and won't need this for yourself, but there are plenty of people in Iran who can benefit from it if you're willing to share.
It's also good information to know in case the country you live in is next — Iran does not have a monopoly on restricting the internet and it can happen anywhere.
