Dark's Code Dump

Possibly useful

Signal backups using Linux headless server

I went deeper down the rabbit hole of Signal's lack of message backups on iOS, and discovered the Signal Desktop app works differently to WhatsApp - it does not require any connection to the phone, instead it syncs directly from the server. Using the desktop app you can achieve proper backups, however it requires near 24/7 uptime if you are a heavy user, as only the 1000 newest messages are cached on the server. Any messages beyond the buffer of 1000 while the desktop client is offline will never sync to it.

If you have a 24/7 non-headless machine with any OS, you have things way easier and you don't need this guide. (Just install Signal as normal and leave it running all the time.) I only have headless Linux servers running 24/7, so if that is you then read on.

  1. Install Signal Desktop for Linux using the official instructions (for security, I will leave it to you to find these). I advise to use --no-install-recommends on the apt install command.
  2. Create new user for Signal:
    adduser --disabled-password signal
  3. Use this guide to setup X11 forwarding, tl;dr:
xauth list $DISPLAY
# record the result value ready to paste below

su - signal
touch ~/.Xauthority
export DISPLAY=localhost:10.0

(A possible alternative is to perform steps 7-10 and then setup x11vnc, instead of using SSH X11 forwarding.)

  1. Start Signal:
    You may need to run this as root to get it to start successfully:
    chmod 4755 /opt/Signal/chrome-sandbox
  2. Using your X11 forwarding, sign in to Signal (scan the QR code)
  3. Exit once the initial sync is complete
  4. Install some dependencies...
    apt install --no-install-recommends xvfb xinit
  5. Create systemd unit file /etc/systemd/system/signal-desktop.service with the following contents:
Description=Signal messenger headless desktop client

ExecStartPre=/usr/bin/chmod 4755 /opt/Signal/chrome-sandbox
ExecStart=/usr/bin/xinit /usr/bin/signal-desktop -- /usr/bin/Xvfb :1 -nolisten tcp

  1. Start service:
    systemctl enable --now signal-desktop
  2. Verify from your systemd journal and process list that Signal is running ([current year] strikes again... Electron processes on a server 🙁 )
  3. After receiving some messages, try dumping messages to plain text to verify everything is working: https://unix.stackexchange.com/a/505009 (note you need a newer sqlcipher version than is currently packaged in Debian Buster/Bullseye)

Leave a Reply