Signal Proxy allows users in countries who are subject to network limitations and censorship to connect to the Signal network via a Proxy server. The idea is simple: Any government cannot reliably censor a horde of volunteers who spin up a swarm of proxies. This decentralization allows to create a horde of small targets, too small and numerous for any state actor to reliably go against. It was for example used to allow people from Iran to connect to Signal, when the main servers have been blocked.
There is the Signal TLS Proxy repository, which contains docker compose instructions. This blog posts helps you to translate those instructions to podman.
In short: Use my quadlet and an webserver who does the TLS termination for you. You will need a valid TLS certificate.
Instructions
I assume you have a valid domain and a webserver (e.g. nginx, apache) running there with a valid TLS certificate.
- Get the quadlet from my codeberg repo or take the following template:
[Unit]
Description=signal proxy service container
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Container]
Image=docker.io/library/nginx:stable
ContainerName=signal-proxy
HostName=signal.podman.local
Network=podman
AutoUpdate=registry
# TODO: Pull and use the nginx.conf from https://github.com/signalapp/Signal-TLS-Proxy/tree/main/data/nginx-relay
Volume=/etc/signal/nginx.conf:/etc/nginx/nginx.conf:ro,Z
Timezone=local
ReadOnly=true
PodmanArgs=--memory 128m
[Service]
Restart=always
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target
-
You see that the Container needs a
nginx.conffile stored at/etc/signal/nginx.conf. Download the most recent nginx.conf file from the Signal-TLS-Proxy repo -
Subscript to repo updates, because if that
nginx.conffile changes you will need to update the container
Done. And I also leave it here, as those are mostly instructions for myself to finally build that container so you don’t need to do the nginx.conf configuration yourself 🙂