The beauty of XMPP is that there is always a choice. From the architecture and operating system, through the platform, all the way to the app your users will communicate with. At every step you have a set of options. That is why an XMPP server can be built on a credit-card-sized board like a RaspberryPi, or on a cluster of dozens of VPS machines in a data centre.
There is even better news. The leading platforms for building an XMPP server are open source, so we can use them for free. They can also be modified if a specific need calls for it.
The most popular platforms today are:
Each has its own strengths and weaknesses. Personally I started with Prosody in 2018 and migrated to Ejabberd in 2022. The reasons for that switch are described at docs.chatrix.one.
Let us assume you have already installed and configured your XMPP server. Time to test it, because there is a big difference between a running server and a correctly configured one.
XMPP Compliance Tester
This test has become the gold standard and will answer many of the questions you might have about your XMPP server’s configuration. It will also tell you whether your XEPs are set up correctly.
XMPP Status Checker
Checks whether C2S (client-to-server) and S2S (server-to-server) communication is working.
JMeter
JMeter is open source software written in Java. It lets you test web applications under different levels of load, so you can observe how your service behaves under extreme conditions. To test your XMPP server you need to install a plugin.
XMPP Love
Checks whether the SRV records for your XMPP server are configured correctly.
Trickle ICE
If you offer audio and video communication, you can test whether your STUN/TURN server is working with this free online tool.
Hardenize
Automatic discovery and monitoring of your entire network perimeter.
These days there are so many security features to implement and network services to configure that everyone needs a helping hand to understand how their networks behave. Hardenize provides a continuous monitoring, tracking and discovery service. It watches certificates, prevents things from breaking and helps you achieve the security level you need.
CryptCheck
Lets you test HTTPS, SMTP, XMPP, TLS and SSH protocols.
ImmuniWeb
A rich set of tests.
Qualys SSL Labs
This free online service performs a deep analysis of any SSL/TLS web server configuration on the public internet. It will tell you whether your server’s SSL/TLS certificate is valid and meets modern requirements.
Mozilla Observatory
Helps you find out whether your website is correctly configured and whether traffic to it is secure.
Security Headers
HTTP response headers provide huge levels of protection and it is important for sites to implement them. Security Headers is a simple tool for evaluating them, along with information on how to add any that are missing.
Mail Tester
Alongside XMPP, operators often run an email server too. That is where Mail Tester comes in. This tool checks the configuration and tests whether you can send and receive messages.