Setting Up SimpleX As Your Private Messenger

For years, I’ve relied on WhatsApp as my primary way to talk to family and friends. It’s convenient and widespread, but let’s be honest: it’s also increasingly full of friction if you care about privacy. Meta has been gradually ramping up metadata collection or, more recently, integrating ads into chats.

This blog post is split into two posts. Read the second post here: https://nemental.de/simplex-without-tears-wrapped-in-onion-served-via-tor/

I wanted something simpler. No ads, no central server logging who talks to whom, and ideally a system with strong privacy guarantees even at the metadata level. That’s when I found SimpleX—a really intriguing approach to messaging that actually lives up to its name and promise of less data about you.

Unlike most messengers, SimpleX does not rely on any central account or address book that reveals your social graph. Instead, it uses invite links or QR codes to bootstrap secure connections. Once two parties are connected, messages are routed via a network of relays in a way that is designed to avoid linking the sender and the recipient at the network level.

It’s not just “end-to-end encryption” of the message content—which pretty much every modern messenger claims—it’s also designed to hide who is talking to whom. That’s one of the hardest problems in private communications, and it’s what really sets SimpleX apart. If you are curious about other messengers as well, I've found a pretty decent matrix of comparison between different browsers.

Why I Set It Up

I’m not under any illusion that I need spy-grade secrecy in daily chats about groceries or family plans. But I think it’s healthy to reject surveillance capitalism and the default assumption that our personal connections should be monetized.

WhatsApp and similar services are excellent at what they do technically, but they are not built to serve us, the users, but their actual customer—advertisers.

SimpleX is an effort to break that pattern, and I wanted to see if I could use it day to day with friends who are also fed up with the ads and tracking.

Spoiler: Not everyone wants to migrate to yet another chat tool. But for some contacts and smaller groups of tech enthusiasts, the migration was effortless.

Key Features I Liked

No user identifiers: You don’t have a “SimpleX username” that someone can search. You share a one-time invite link or QR code to connect.
Decentralized relays: Messages go through relays (you can even run your own - which I did, so read further 😃), but these relays don’t learn who the participants are.
End-to-end encryption: As expected, message contents are strongly encrypted.
Forward secrecy: Sessions can re-key so that even if your device is compromised later, past messages remain safe.
Group chats and file sharing: It’s not just for 1:1 conversations.
Voice and Audio calls: Worked fine while testing.

It’s available on iOS, Android, Linux, macOS, and Windows. And it’s open source. For more information, you can check the repository on GitHub: https://github.com/simplex-chat/simplex-chat

While we are already on the features I like, there are, of course, a few things that are not so user-friendly. For example, it is currently not possible to use the desktop app standalone. The app must always be active on the registered smartphone. Security also has its price. Furthermore, there is currently no web app as we know it from WhatsApp or Telegram.

Host Your Own SMP Server Behind Traefik

Of course, we could also simply install the SimpleX app and communicate via the officially provided SMP servers. But since these are not in my own hands either, I have set up my own server.

Setting up your own SMP Server behind Traefik was kinda tedious. If you follow the instructions in the documentation, the installation is sure to work smoothly. However, since I have my own setup and would also like to host my SMP server behind my Traefik reverse proxy, a few more steps were necessary.

For a start, we need a new entrypoint defined in your Traefik configuration file. You can store this config file either as .yml or .toml.

[entryPoints]
  [entryPoints.smp]
    address = ":5223"

Also, add the new port to your port definition for your Traefik Service.

services:
  traefik:
    restart: unless-stopped
    image: traefik:latest
    container_name: traefik
    ports:
      - "5223:5223/tcp"

With these steps, we are already finished with the configuration required in our Traefik and can configure the actual Simplex service.

---
services:
  smp_server:
    image: simplexchat/smp-server:latest
    container_name: simplex_smp
    restart: unless-stopped
    environment:
      - ADDR=$YOUR_DOMAIN
      - PASS=$YOUR_PASSWORD
      - WEB_MANUAL=1 # We need this if you do not plan to expose the Web Interface so we do not need a ssl certificate for the container to startup.
    volumes:
      - $YOUR_DATA_DIRECTORY:/etc/opt/simplex
      - $YOUR_LOGS_DIRECTORY:/var/opt/simplex
    networks:
      - default
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.tcp.routers.smp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smp.entrypoints=smp"
      - "traefik.tcp.routers.smp.tls.passthrough=true"
      - "traefik.tcp.services.smp.loadbalancer.server.port=5223"
      - "traefik.docker.network=$YOUR_TRAEFIK_NETWORK_NAME"

networks:
  default:
  web:
    external: true
    name: $YOUR_TRAEFIK_NETWORK_NAME

Note: Please change all the variables according to your setup and replace the Docker image latest tag with the newest version.

This is all that is required for the installation. Now we can start the container.

Configure the SimpleX Chat App

Now you can configure your SimpleX Chat App to use your own relay.

Go to Settings -> Network & Server -> Your Servers ->Add your own Server.

Note: Take a look at your container logs to copy your server address + password to the app. You can also disable all predefined SimpleX Servers under Settings -> Network & Server -> SimpleX -> Use Servers to only use your own server.

Why Bother?

I often hear:

“I don’t have anything to hide.”

But that’s not the point. The point is having something to protect. Your relationships. Your associations. Your freedom to organize and speak without handing over your network map to an advertising company.

SimpleX isn’t the only tool in this space, but it’s one I really like for its thoughtful design and willingness to break from the standard “phone number, username or e-mail as identity” model.

Since this is a nice topic to go even deeper into, there is a second part on Nemental's blog, as I've mentioned before, on how to create a .onion address.

Sources

WhatsApp becoming ads - https://www.msn.com/en-gb/money/technology/whatsapp-is-officially-getting-ads-and-i-m-worried-it-s-a-slippery-slope-from-here/ar-AA1GTYKy
SimpleX Project Website - https://simplex.chat/
Messenger Matrix by Kuketz - https://www.messenger-matrix.de/messenger-matrix-en.html
SimpleX Chat Repository - https://github.com/simplex-chat/simplex-chat
SimpleX Docker Installation - https://simplex.chat/docs/server.html#docker-container
Traefik Entrypoint Documentation - https://doc.traefik.io/traefik/routing/entrypoints/
Nemental's blog - https://nemental.de/simplex-without-tears-wrapped-in-onion-served-via-tor/