An overview of the Citadel BBS
The Private Stronghold
Associations demand a plethora of applications to keep their members connected. At the very least, a small organization needs an email system and an address book. Often, they also need a private forum and a chat system. In practice, most small groups don't have the resources required to set up and host all the required services themselves and end up externalizing them. Externalizing IT, such as adopting the address book service provided by Google, might seem an easy solution, but it is not free from problems. Under some jurisdictions, uploading the personal data of contacts to a server managed by a third party is problematic.
Citadel [1] is a groupware solution that integrates many of the services an organization needs in a compact, easy-to-install package. In a matter of minutes, it offers the power to set up email, contacts, Extensible Messaging and Presence Protocol (XMPP) chat, and bulletin board services in a self-hosting environment, without handing over the control of your information to a third party. (See also the "Historical Perspective" box.)
Historical Perspective
Those whose hair grows gray might remember the days of bulletin board systems (BBSs). Early BBSs were used over a modem and allowed users to post public messages, send netmail and email, and play games. BBSs were primitive and had clumsy terminal interfaces, but they allowed people to communicate, which was the point of the tools, after all.
A strong BBS community still exists, although it is no longer common to access these systems over modems. Instead, system operators provide access to their BBSs over Telnet or secure shell (SSH). The primary function of BBSs, however, has not changed.
The original Citadel was written in 1981 and has a convoluted story [2]. The implementation discussed in this article, technically named Citadel/UX, uses the original Citadel interface, but none of its code. Born as a commercial BBS package, its initial release was in 1988. In 1998, efforts were taken to expand the scope of the software and turn Citadel/UX into an actual groupware solution. In 1999, Citadel/UX was licensed under GNU General Public Licence (GPLv2), becoming free software.
With its roots in the BBS realm, the core of Citadel/UX features a geeky terminal interface, designed to be used over Telnet or SSH. Fortunately, modern Citadel comes with WebCit, an easy-to-use and easy-to-understand web interface that allows use by non-technical people.
Throughout this article, I use "Citadel" to refer to the modern "Citadel/UX" software.
Installing Citadel
Citadel provides an EasyInstall script that automatically sets up the software and its dependencies. The script works with Linux distributions that use the Apt or Yum package managers and will only succeed if systemd is included in the installation; otherwise, the process fails to complete. If the script does not work with your distribution, a manual install will be required [3].
The EasyInstall script has the following prerequisites:
- Apt or Yum package managers
- Systemd
- Curl or Wget
- Bash
In practice, EasyInstall requires a Debian-like or Red Hat-like distribution to manage the dependencies of Citadel automatically.
Citadel comes with its own message transfer agent, which replaces the one provided by your operating system. Citadel also requires access to privileged ports, which means it usually runs as a privileged user. For theses reasons, it is a good idea not to have another mailing system working on the same machine.
Express Firewall
Allowing access to the Citadel instance before setup has finished is undesirable, so the recommended procedure is to close the ports used by Citadel with a firewall and only open them when the instance is ready.
Firewalls are out of the scope of this article, but as a guide, issuing
# apt-get install ufw # ufw allow ssh # ufw default deny incoming # ufw default allow outgoing # ufw enable
as root in a Debian-like operating system will prevent access to Citadel from the Internet and may be issued before executing the EasyInstall script.
Once the setup is complete, the following command opens the ports Citadel uses:
# ufw allow 25,80,110,119,143,443,465,563,587,993,995,5222/tcp
The following commands install Citadel on Debian:
# apt-get install curl bash # curl http://easyinstall.citadel.org/install > EasyInstall.sh # chmod +x EasyInstall.sh # bash ./EasyInstall.sh
The EasyInstall script describes the actions it is going to attempt and asks for confirmation before proceeding (Figure 1); then, it asks whether to install the required dependencies automatically for Citadel and whether to accept the GPLv3 license. Answering affirmatively to these questions begins the installation procedure; then, the script compiles and installs the necessary components. Once the installation is complete, the script launches the setup utility, which allows it to configure the Citadel instance.
Configuring Citadel
First, the setup utility creates an administrative user. The program asks for a username and password. Beware that the maximum password length is 32 characters. If a longer password is introduced, the setup utility silently truncates it.
Second, the program asks which system user will be in charge of running the server, because this user will need permission to operate privileged ports; the default is root. The administrator is prompted for the IP address and port on which Citadel will listen. The default is to listen on every available address and use port 504. Remember, this port is intended for internal use and does not necessarily have to be reachable over the Internet.
Third, the program needs to know which authentication back end is to be used. The default is self contained , which means Citadel will take care of everything.
Fourth, the setup utility configures WebCit, the Citadel web interface. It asks which HTTP and HTTPS ports WebCit will use. Reasonable choices are 80 for HTTP and 443 for HTTPS.
Buy this article as PDF
(incl. VAT)