Background

The server is primarily coded in TypeScript. Our first official stable release was published in August 2021 after extensive closed alpha and open beta testing since August 2020.

The server uses AppleScript to perform simple functions like sending messages & attachments and creating chats, and polls the chat.db database to see when new messages come in. We provide extra functionality in the form of the Private API bundle (docs linked in the sidebar), which uses native Objective-C to communicate with iMessage itself and access much deeper functions.

Supported Mac Devices

Any macOS device running Sierra and newer, with iMessage activated successfully.

macOS VMs are also compatible, however you must be able to use iMessage (this involves some work with spoofing your hardware to seem like a real Mac inside the VMX file). See for more details.

If you'd like the most stable experience, we recommend going with Catalina or Big Sur.

Downloads

Contributors

Main Developers

Other Contributors

We appreciate y'all!

Disclaimers

• This app is in no way affiliated with or endorsed by Apple and / or their affiliate(s), it provided is for educational purposes only. Apple, macOS, and iMessage are trademarks of Apple Inc., registered in the U.S. and other countries.

Licenses

• Tools and some image resources are under the .

Donate Here (PayPal; One-Time)

Sponsor Us Here (GitHub; Recurring)

Donate via Venmo (One-Time)

• QR Code (Click to Expand):

• Username: @bluebubblesmessaging

If you're even looking at this page, thank you! We appreciate any donations made to this effort, large or small! Any donations made will go directly to the main developers, split evenly. If more developers choose to contribute, we will happily split the donations with them.

Our developers have put hundreds of hours into the research, design, and creation of the BlueBubbles App ecosystem. All donations will help compensate the developers for their time. All developers are doing this as a side project, in their free time.

Expand the sidebar for this page to see various guides to help you set up a macOS VM.

If iMessage will not let you sign in, make sure to follow Enabling iMessage in a VM.

If you plan to make your VM in Windows, we highly recommend using VMWare Workstation Pro.

View the child-pages for guides on how to setup your own macOS Virtual Machine. We have guides in this GitBook, as well as external guides for specific environments & deployments.

• Running a macOS VM

• Running BlueBubbles in Docker-OSX

Instructions

1. Create another user account on your Mac, preferably with admin capabilities

2. Turn on

   • When you switch between accounts on the Mac, you will want to use the Switch accounts using the menu bar method

3. Setup BlueBubbles on the new user

   1. You will need to provide a different Firebase JSON and Admin SDK JSON for this user

   2. You will need to provide a different Ngrok auth token for this user

The other user should now be able to use BlueBubbles simultaneously with the original BlueBubbles user!

Caveats / Notes

• You will not be able to auto-login multiple users. You can only select one user to be auto logged in when macOS first boots up, or after a power outage.

1. On your old BlueBubbles Mac, backup the following folder:

   • ~/Library/Application\ Support/bluebubbles-server

2. Open the Messages app Settings from the macOS status bar.

3. Navigate to the iMessage tab

4. Turn on Enable Messages in iCloud to backup your messages to iCloud

   • If you do not care to backup your messages to iCloud, skip this step

   • If the option wasn't already enabled, click the Sync Now button and give your Mac some time to fully sync the messages (~24 hrs to be safe)

5. On your new BlueBubbles Mac, sign into iMessage and wait for your messages to sync

   • Note: It's always good to confirm you can send iMessages using the native Messages app before proceeding.

6. On your new BlueBubbles Mac, copy the bluebubbles-server folder that you backed up, back to the ~/Library/Application\ Support/ folder.

7. Re-download and install the latest BlueBubbles Server from the GitHub

8. Run the BlueBubbles Server

9. If everything is running properly, you can shutdown your old Mac

If done correctly, your BlueBubbles server should use the same settings from your old Mac, including your Firebase setup, Certificates, etc.

Enjoy!

Why Wouldn't the FaceTime Features Work in a Virtual Machine?

Virtual machines typically do not have a microphone or webcam plugged into it, so when FaceTime tries to load and use the default audio/video devices, it fails and causes calls to fail.

What Can I Do to Fix It?

A possibly way to fix the issue is to install "virtual" audio/video devices on your Mac so that FaceTime can use those.

1. Download & install a virtual audio device:

2. Download & install a virtual video device:

   • Open OBS and Start the Virtual Camera

Now that you have virtual devices setup for both your audio/video inputs, FaceTime calling/answering should be more reliable.

Why is the app taking up so much storage?

You likely receive a fair amount of images, videos, and other attachments from your friends. You may not realize, but after a long time these start to take up a lot of storage space.

How can I clear the storage?

Luckily, there is a quick way to resolve this issue, built right into the BlueBubbles app.

1. Open the BlueBubbles App

2. Open Settings via the 3 dot menu

3. Scroll down to the bottom and click on Reset

Now, check the storage space used by the app, and it should be significantly less.

Currently, we don't automatically purge old attachments, however, it's something that we may implement in the future.

Amphetamine (Recommended)

Amphetamine is a free app on the macOS App Store that allows you to better control when your mac device or VM goes to sleep. With this app, you'll be able to prevent your mac from sleeping due to inactivity, from turning off the display, as well as when you close your laptop lid.

This solution is the best all-around solution, with the only downside being that you need to download an additional App.

1. Open the TextEdit app on your Mac

2. Copy & paste the following XML into the new text file: Note: Modify the "Program" string value to the location of your BlueBubbles.app, and/or replace {username} with your macOS username

   This will make sure that the specified program will be run when you first login to your Mac (RunAtLoad

Why are my messages not sending?

Typically, when you are having issues sending messages to international phone numbers (non-US), it is due to a missing region code. When the BlueBubbles Server receives a request to send a message, it will do the following:

1. Checks if the phone number has a region code (i.e. +1

SIM / eSIM Swapping Methods

The following guide is maintained by a BlueBubbles community member and is a really good resource to find out information about registering your phone number using SIM-swapping

What's the problem?

The BlueBubbles Server may open to a blank white screen (no UI). This will prevent you from setting up the server and/or interacting with it.

Here is what the issue would look like:

By default, BlueBubbles has the Ngrok & Cloudflare proxy services built-into the server for you to utilize. However, these services are run by third parties and are by default, using a free license tier for the respective services. These guides will show you how you can self-host or utilize an existing license of a proxy or dynamic DNS service, to use with BlueBubbles.

Goal

The goal of this page is to show you how you can do some automation around iMessage using the BlueBubbles Server and the webhook events that it emits.

What's the issue?

When sending attachments via BlueBubbles, upload speeds are incredibly slow when connected over your LAN (localhost/local IP)

This guide is written with the intention caddy is deployed on the same mac as your bluebubbles server but the process is similar if you have a remote caddy server.

Benefits:

• Works nonstandard ports

Requirements

• A duckdns account with a domain

• A setup bluebubbles server

• The ability to portforward your mac mini or reverse proxy to a machine that can be portforwarded (ex: aws, gcp, oracle, etc)

Steps to setup caddy

1. Download caddy with duckns and move it to your home folder with the following command

Intel Macs:

curl -o ./caddy https://caddyserver.com/api/download?os=darwin&arch=amd64&p=github.com/caddy-dns/duckdns&idempotency=8875705962096

Apple Silicon:

curl -o ./caddy https://caddyserver.com/api/download?os=darwin&arch=arm64&p=github.com/caddy-dns/duckdns&idempotency=28552737821716

1. Make caddy executable with the command chmod 755 ./caddy

2. Download the template caddy file with the following command:

curl -o ./Caddyfile https://raw.githubusercontent.com/Rihcus/BB-dynamic-dns-duckdns/main/Caddyfile

1. Edit the Caddyfile

• replace the example domains with your domains

• replace xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx with your duckdns token

• Optional adjust the https/http or bluebubbles server ports as needed

1. For testing purposes set your duckdns domain to the local ip of your bluebubbles server using the duckdns web portal

1. test the config with ./caddy run

2. if the config works and you can access your domain via https use ./caddy start to make it auto run

3. Setup portforwarding (not covered in this guide)

Credit

Guide created by @Deemo in the BlueBubbles Discord

Requirements

• NGINX Proxy Manager with port 80 and 443 forwarded properly

• Bluebubbles server running and accessible from the machine which is running NGINX

How to

1. Set Proxy Service to Dynamic DNS. Set your hostname to be https://bb.yourdomain.com

   • Keep Use Custom Certificate off

Credit

Guide created by @pablito in the BlueBubbles Discord

API Wrappers

• (Java)

Most of the code below is boilerplate code. The important pieces to change are lines 9 and 64-104.

On line 9, you need to set your server password.

Lines 64-104 define which events are handled, and how they are being handled. Those are likely the lines you want to modify the most to customize the functionality.

Why would you want to use a SSL certificate with BlueBubbles?

When using a dynamic DNS with BlueBubbles, traffic is not encrypted by default and communication is done over HTTP. In setups such as ones using the Cloudflare or Ngrok proxy services, they get their traffic encrypted via the secure tunnel that is created, and can be accessed using HTTPS.

In order to use a Dynamic DNS setup and have your traffic encrypted, you'll need to setup certificates for the BlueBubbles server to use.

How to generate SSL certificates

Installing CertBot

Open Terminal on your Mac and follow these instructions

1. Install CertBot using the instructions on their website, up to and including step 4:

2. Go to the following link to see if your dynamic DNS provider is supported by CertBot:

   • Scroll down to the bottom to find 3rd-party plugins

Configuring CertBot

The following will setup a directory in your home folder called certbot where all your configs and certificates will be stored.

Run the following commands in Terminal:

1. mkdir -p ~/certbot/config ~/certbot/work ~/certbot/logs ~/.config/letsencrypt

   • This will create the 4 required directories

2. echo "config-dir = ~/certbot/config\nwork-dir = ~/certbot/work\nlogs-dir = ~/certbot/logs\nkey-type = rsa" > ~/.config/letsencrypt/cli.ini

Creating your Certificate

You will now create your certificate using the dynamic DNS plugin you identified in step 4 of Installing CertBot.

Run the following command in Terminal, replacing {{plugin_flag}} with your plugin's CLI flag:

certbot certonly {{plugin_flag}}

Cloudflare Example Plugin Flag: --dns-cloudflare

Configure auto-renewal of your Certificate

By default, your certificate only lasts a set amount of time. In order to automatically renew your certificate, you will need to configure an app called cron on your Mac.

1. Open Terminal and run the following command to open cron's configuration:

   • crontab -e

2. Hit the i key on your keyboard once

The cron configuration is now saved and your certificate will auto-renew. To check that the renewal process is working, wait at least 12 hours, then check the certbot logs located at ~/certbot/logs/letsencrypt.log. If you don't see any recent logs, then it's possible the paths in the crontab are not correct. Run the following command and verify the output matches the paths in the crontab entry.

• echo "\nPython Path: $(command -v python3) \nCertbot Path: $(command -v certbot) \n"

Port-forwarding and Dynamic DNS setup

In order to use a dynamic DNS, you'll need to setup port-forwarding so incoming requests to your router will be forwarded to your Mac.

Follow the guide here on how to do that:

Loading your certificates into the BlueBubbles Server

1. Open the BlueBubbles Server

2. Open the Settings tab

3. Set your Proxy Service to Dynamic DNS

If it all worked correctly you should be able to now configure your clients to point to your new secure server URL!

Tailscale is a mesh VPN software that uses WireGuard technology. It also include other fun features like Tailscale Funnel.

Tailscale Funnel allows you to publicly expose your machine's local services without needing to purchase a domain & set up port forwarding. It hosts your machine's domain on their Funnel Servers. The Funnel Server accepts requests & sends a TCP proxy to your machine where TLS cert is terminated. Simple, secure & only requires a few short commands.

Requirements

• Tailscale account

• Enable in the .

• Open the page in the admin console and click the Add Funnel to policy button

1. Download Tailscale from the or

2. Login from the top right menu icon & enable start on login from preferences

3. Add alias for the Tailscale CLI to your shell configuration by entering the command below into terminal.

Alternatively, you can use /Applications/Tailscale.app/Contents/MacOS/Tailscale <command>

1. Proxy requests to BlueBubbles's local web server on the default port 1234. Make sure to check your setup in case a different port is being used. Supported serve ports are 443, 8443, or 10000.

1. Enable the funnel to route proxy traffic over Tailscale funnel servers. Again, supported ports are 443, 8443, or 10000 - match with what you chose in Step 4. Replace port 1234 with your BlueBubble's local web server.

1. Check the funnel status with the following - you should see (Funnel on):

1. Finally, copy the entire URL that you see in step 6 to the BlueBubbles Proxy Service drop-down menu:

Thanks to @bobspop in Discord for creating this guide. Updated by @ampersandru

Sometimes VMs/Hackintoshes/Patched Macs can be a bit finnicky to disable SIP - oftentimes you will only end up with SIP partially disabled when running csrutil disable in the terminal.

Here are some steps that have worked for our users running various different unofficial macOS.

OpenCore Legacy Patcher

Use the OpenCore Configurator and check the following boxes:

Once complete, build OpenCore again and reboot. Done!

OpenCore Big Sur

1. Mount the EFI Partition using OpenCore

2. Open the config.plist file in the OC folder (I opened in OpenCore)

3. Create two entries:

VMWare

Method 1

1. Start by booting to macOS and opening a Terminal application window. Next, enter the command given below. This will create a NVRAM variable with the desired value, but misspelled variable name. This misspelling will be corrected in a later step.\

2. Shutdown macOS. Add the following to the bottom of the VMX file:\

   Save the VMX file and boot up macOS.\

3. You should be brought to the Boot Manager screen below. Select the

Method 2 (Requires VMWare Workstation Pro)

1. Shutdown your VM

2. Choose Power on to Firmware from the Virtual Machine menu

3. Select “Enter Setup”

SIP should now be disabled and you can proceed with setting up the Private API!

BlueBubbles as a systemd service

Introduction

If you do not have a physical Mac at your disposal and if you already have a Linux home server, it is relatively easy to turn BlueBubbles into a systemd service which you can configure to run at startup. This way, when your home server starts or reboots, it BlueBubbles automatically starts up.

BlueBubbles does have to be initially configured manually, including a full install of a macOS VM. However, using Docker-OSX makes this configuration much easier. If you are not already running BlueBubbles in a Docker-OSX container, first follow our guide on Configuring BlueBubbles in a container with Docker-OSX.

Guide

Once you are done configuring Docker-OSX and your BlueBubbles install:

Inside the VM

1. . This will make the boot faster and allow the BlueBubbles server to start automatically.

2. In your BlueBubbles server settings, enable "Startup with MacOS".

3. If using the Private API, ensure that MacForce launches at start:

MacForge Preferences > "General" tab > Check "Launch MacForce at Login"

On your Linux host

1. Create a new systemd service:

2. Enter the following:

It's recommended that you replace the value of ExecStart with the script you made in Step 11 of the Configuring BlueBubbles in a container with Docker-OSX guide. If you do choose to paste the above code block into your new systemd service file, you will at least need to replace $PWD (in the -v options) with the full path to your Docker OSX virtual disks.

Alternatively, it is possible to point to the script file you saved. In that case, replace the ExecStart line with this instead:

NOTE: If using podman, replace docker.service with podman.service and the docker run command with podman run.

3. Reload the systemd daemons:

4. Enable the service to start it at boot, and activate it now:

How are notifications delivered?

Notifications and URL changes are delivered via Google Firebase Messaging (FCM). During the setup of the BlueBubbles Server, you will be given the option to setup a Google Firebase project, linked to your Google account. This allows the BlueBubbles Server to dispatch notifications to your Android device without an open connection to the server. It will also allow the server to write your latest server URL to your Google Firebase's Firestore.

I completed the Firebase setup, but still am not receiving notifications or URL changes

If you have completed the Firebase setup, but are still not receiving notifications, it may be caused by a variety of issues. Here are a few:

• You originally set up your phone with a Firebase project, but changed it at a later point (possibly accidentally)

  • Maybe you previously did the manual Firebase setup in the past, and more recently used the new automatic Firebase setup using the Continue with Google in the Server.

  • If you have any sender mismatch ID errors on your server, that will indicate this case.

How to fix notifications

Regardless of the issue, here are some ways to fix the issue.

Check your Mac's internet connection

Sometimes you have a network outage or some other issue. Make sure that your Mac is still connected to the internet.

Make sure your Mac's time is synced

Sometimes -- especially when using a macOS VM -- your Mac's time can go out of sync. As in, the time does not match up with the actual time in your time zone.

You can check to see if your Mac's time is synced by going to . It will tell you if your time is off, and by how much. It's ok to be a few milliseconds off, however, you do not want to be minutes off.

To fix it, you can open your Mac's System Preferences and open Date & Time settings. Next, unlock the settings page by typing your password.

If your time does not re-sync after entering your password, you can try changing your time zone temporarily, then changing it back to the original.

Check if your VPN, proxy, or DNS blocker is interfering

In some cases, having a VPN, proxy, or DNS blocker may cause interference with registering your device with your Google Firebase project. As a result, you may not be able to register your device with your server, and subsequently, prevent notifications and URL changes to be dispatched to your Android device.

The following apps/tools have been seen to cause issues:

• Blockada

• Adguard

• PiHole

If you are using any of these apps/tools (or similar), and are not able to register your device with the server, disabling them during the BlueBubbles setup may fix the registration issues.

Re-register your Android device

1. Open your BlueBubbles Server and open the Devices tab

2. Use the Manage drop-down and select Clear Devices to remove your registered devices

You should now see your new device ID registered with the server, and should start receiving notifications!

Reboot your Mac

I know... the classic, "have you turned it off and then on again?" line. It may sound odd, but rebooting your Mac can fix a number of issues, not just this issue.

Reset your BlueBubbles app on Android

Sometimes none of the solutions seem to work. Your next best option is to just reset the Android app.

1. Open your BlueBubbles App on Android and backup your settings & themes using the Settings -> Backup & Restore page

2. Navigate back to your Android launcher's home screen

3. Open the BlueBubbles App's settings (through Android)

Install Google Play Services via MicroG (for custom ROMs)

If you are using custom ROM for your Android device, it could just be that you do not have Google Play Services installed. Unfortunately, that is required to receive notifications properly. You will need to install Google Play Services via MicroG.

If nothing seems to work...

If none of these solutions seem to work, I think the culprit is likely your macOS environment. Make sure to check the BlueBubbles Server's errors/alerts and look for anything to indicate what the culprit might be.

Server Installation

On the macOS device you'd like to use for the server, open the . Scroll to the bottom and download the .dmg file.

Locate the downloaded .dmg in your Downloads folder in Finder. Right click (or Ctrl + Left click) the .dmg file to Open the app. (Do not open the .dmg from the Downloads Center in the Dock!)

Pros:

• Static URL, so no need to update Dynamic DNS in BlueBubbles server

• Auto start at boot

is a modern, open-source sharing platform built on . It's an alternative to Cloudflare or Ngrok for BlueBubbles users who need high bandwidth and stable connections.

zrok Benefits

• High bandwidth: zrok offers a 5GB data transfer limit per 24 hours on their free tier, with pricing options to purchase more bandwidth if needed.

iServices are 99% likely to not run on your unofficial Mac until you successfully spoof the required items to disguise your VM as a real Mac.

OpenCore

If you made your macOS install using OpenCore, follow their guide to enable iServices.

VMWare

If you made your macOS inside VMWare, here is how you can enable iServices:

1. Follow the OpenCore guide linked above, but only complete the following sections (make sure to save all information from these sections for later use):

   • Using GenSMBIOS

     • You will want to use the model number MacPro7,1

1. Save the .vmx file inside Notepad, boot it up, and try signing into your Apple ID from within the iMessage app. If all went well, you will be able to sign in and send messages.

Error Messages

• You cannot sign into iMessage at this time ... contact Apple Support and provide the code below. This issue can be one of two things:

  • Go to System Preferences and go in iCloud, make sure you are logged in - if yes, proceed to the below:

  • You will need to do what the popup says and call Apple Support.

Clearing Failed Login Attempts

Run the following in terminal:

Reboot once done.

Pre-requisites

1. NodeJS:

Before you begin, make sure that the following pre-requisites apply to you. If any of them do not apply to you, this will not be possible for you, and you may need to stick to the build-in proxy services, pay for one, or self-host a reverse proxy.

Pre-requisites

Why does this happen?

This will sometimes occur after disabling SIP (System Integrity Protection) on your Mac during the setup for the Private API. We are unsure exactly why this happens, but we know how to fix it.

How can this be fixed?

MacOS maintains a database of the allowed permissions. All we need to do is modify this database and manually add the BlueBubbles Server to the "allow" list for the Contacts permission.

Technical Level of Effort: Medium

Steps to fix the issue

1. Open up the Terminal app on your Mac

   • Use the CMD + Space hotkey combo to open Spotlight Search and type Terminal

2. Run the following command to make a backup of the TCC.db

BlueBubbles should now be able to access your macOS Contacts!

References

This page will guide you on setting up your own reverse proxy, given that you own a server to use for it. In order for this setup to work, you will need control of a server. This is typically a Linux server but could theoretically be any operating system. This guide will be for setting up a reverse proxy on Linux specifically. This will also assume that you have a Linux server on the same local network as your BlueBubbles server, as having the proxy and server on different networks adds several layers of complexity.

Overview

While the built-in proxy services in BlueBubbles are simple and easy to use, many users want a completely self-hosted setup where they control all pieces of the system. More specifically, control over the server, client, proxy, and domain. This eliminates almost all dependence on third-party resources and services.

The best use-case for this is that you already run a personal server of some sort and maybe you're already running a proxy for services running on this personal server. There is arguably more privacy in owning and controlling the proxy that handles your BlueBubbles traffic, or maybe you just enjoy learning about and/or managing application and server tools.

That said, the built-in options to BlueBubbles are more well-suited for the majority of users as they are generally reliable, secure, and (most importantly) easy to configure.

Pros & Cons

Pre-requisites

• A server at your disposal on the same local network (LAN) as your BlueBubbles server

• A static IP or DHCP reservation configured for your BlueBubbles server on your LAN

• A static or reliable way to reach your home WAN IP (publicly addressable IP). This could be:

Variables

Of course, there are certain things that will vary depending on your configuration and setup. The following variables will be used as placeholders in the example configurations below. They will appear in the example configurations exactly as they appear here.

Nginx

The following is the recommended configuration for BlueBubbles to work behind an Nginx proxy. For easiest configuration, this should be placed in a new file at /etc/nginx/conf.d/bluebubbles.conf

After creating this file and filling in the appropriate values, restart the Nginx service with systemctl restart nginx.service (you may need sudo).

SSL

If you plan to use SSL (recommended), see the SSL Configuration section at the bottom of this guide.

Other considerations

• The directory conf.d may be named something else like vhosts.d, depending on your Linux distribution

• You can change client_max_body_size to whatever you want. You can use M and G to denote Megabytes and Gigabytes respectively, or you can set this to 0 (with no units) to put no restriction on the max client body size. This changes the max file size that can be sent through the proxy to BlueBubbles. For more information, you can see the

Apache

Before writing your config, these apache modules are required for the config to work:

• mod_proxy

• proxy_http

• proxy_wstunnel

The following is the recommended configuration for BlueBubbles to work behind an Apache proxy. This should be placed in a new file at /etc/httpd/conf.d/bluebubbles.conf

After creating this file and filling in the appropriate values, restart the apache service with systemctl restart httpd (you may need sudo)

SSL

If you plan to use SSL (recommended), see the SSL Configuration section at the bottom of this guide.

Other considerations

On certain Linux distributions, the configuration directory may be at /etc/apache2/vhosts.d/ or /etc/httpd/vhosts.d/

For reference, the following is the minimum viable configuration for BlueBubbles to work behind an Apache proxy. This configuration does not need the mod_headers module.

HAProxy

The following is the recommended configuration template for HAProxy. This should be in /etc/haproxy/haproxy.cfg.

Keep in mind that HAProxy ACL configurations can be complex. For more information on configuring HAProxy ACLs, see .

There are a few variables specific to HAProxy here:

After writing/changing these files, reload HAProxy with systemctl restart haproxy (you may need sudo)

SSL

If you plan to use SSL (recommended), see the SSL Configuration section at the bottom of this guide.

SSL configuration

If you do not use SSL/HTTPS (used interchangeably here), traffic sent from your client to your server will be sent in plain text. This includes message content and your BlueBubbles password. As such, configuring SSL is highly recommended if you intend to connect to your BlueBubbles server over the internet.

To access your BlueBubbles to use HTTPS, you need to use an SSL certificate and configure your proxy to either terminate or pass through the SSL traffic. Here we will provide example configurations that have SSL certificates configured and link to more resources for configuring SSL on your proxy.

Keep in mind that you can only use SSL if you have a domain -- it will not work with only an IP address.

What is SSL termination?

The easiest way to use this is to use something called "SSL termination" or "SSL offloading." This just means that the connection from client to server uses HTTPS (encrypted traffic) to the proxy, then the proxy communicates with the backend server using HTTP (unencrypted/plaintext traffic). As long as the proxy server and backend server live on the same private network, there are minimal security concerns with this setup, as the unencrypted traffic is sent over a trusted, private network.

The primary alternative to SSL termination is SSL passthrough, in which the traffic is not decrypted at the proxy, but instead is passed through to the server where the traffic is decrypted. There are other alternatives such as two-way SSL in which the client talks to the proxy on one SSL connection, then the proxy opens a different SSL connection to talk with the backend server over an encrypted channel.

For simplicity's sake, we will only be covering SSL offloading configuration in this guide.

Certbot, the easy solution

The simplest solution for SSL certificate management and configuration is . Certbot is a tool built by the Electronic Frontier Foundation (EFF) and leverages to issue free certificates and then automatically install them in your existing server/proxy configuration. Certbot supports automatic SSL configuration for Apache, Nginx, HAProxy, and Plesk.

If you are using HAProxy, there are some added layers of complexity, but Certbot can still be used to seamlessly automate the management and renewal of SSL certificates. Skip to the section Certbot on HAProxy.

This is highly recommended as the solution for configuring SSL/HTTPS. This solution is easy, robust, and automated. Unless you have a good reason not to use Certbot, we highly recommend this option.

Certbot configuration steps

If you are using HAProxy, skip to the section Certbot on HAProxy.

On almost all Linux systems, the configuration is simple:

1. Install certbot with your distribution's package manager

   • You may also need to install the certbot addon for your specific proxy, e.g. certbot-nginx (package names vary by distro)

2. Configure your service as you normally would, with HTTP-only

Certbot on HAProxy

Per Certbot's website: "Certificate installation with HAProxy is complicated." There are a few things that makes Certbot with HAProxy somewhat complicated:

• HAProxy is not a web server, so it can not be used in standalone mode to run an HTTP server and respond to Let's Encrypt's HTTP-01 challenges

• HAProxy requires a single .pem file that includes both the public certificate and the private key. This is not automatically generated by Certbot.

However, there are several guides available online which show you how to generate a certificate, install it, and then automate the renewal process. In short, it works by diverting HTTP calls to the .well-known directory (where HTTP-01 challenges are stored) to the localhost where Certbot is running its own web server during the challenge. Then, the new certificate and key are combined into a .pem file with a simple bash script.

• (Recommended)

An example configuration file may be provided in the future after more testing can be done.

Self-configured SSL

To reiterate: Certbot is highly recommended as an easy solution for SSL configuration and management. If you do intend to configure SSL yourself, we have provided example configurations below and references to further reading on the subject. If you're having trouble, feel free to join our Discord and ask questions there (linked in the header above).

These example configuration files are the auto-generated files by Certbot and are provided for reference.

Nginx

Contents of /etc/nginx/conf.d/bluebubbles.conf (could also be /etc/nginx/vhosts.d/bluebubbles.conf, depending on distro)

Contents of /etc/letsencrypt/options-ssl-nginx.conf

Apache

Contents of /etc/httpd/conf.d/bluebubbles.conf (could also be /etc/apache2/vhosts.d/bluebubbles.conf, depending on Linux distribution)

HAProxy

If you intend to use Certbot with HAProxy, please reference the above section "Certbot on HAProxy"

For HAProxy, you need to have a .pem file that includes both the public certificate and the private key. If you don't already have this, you can simply create a .pem file that contains the appended content of both the .key and .cer/.crt files. Example: cat mydomain.key mydomain.crt >> output.pem

Contents of /etc/haproxy/haproxy.cfg

Contribution Notes

This guide is a contribution by @JustBen on our Discord

Disclaimer

This guide is not for beginners. However, these steps should make it relatively easy to get up and running with a macOS Docker container running BlueBubbles on a Linux host. Before starting, you should familiarize yourself with the Linux CLI and be at least familiar with containerization and Docker (or Podman).

This guide is provided with no guarantees or warranty. If you encounter any problems, the community may be able to provide help in the Discord (linked in the header of this page), but we cannot guarantee that this will work for every configuration.

This guide has only been tested with MacOS Ventura, though it should work with only minor modifications for older versions.

Goal

This guide will walk you through setting up BlueBubbles on a macOS VM running in a . With the given configuration, your container will be accessible by VNC on port 5999.

Pre-requisites

You must have all of these already setup/installed in order to continue with the guide.

• A Linux host

• Comfort with bash

• Packages:

Installation

1. Create a directory for all the container resources

2. Create a virtual disk:

3. Run:

This will take a while because it's downloading the image for Docker-OSX and generating a unique serial number and bootdisk for your mac VM.

You may see a handful of errors particularly related to ALSA. These can be safely ignored.

NOTE: If using Podman, you can add --rmi to also remove the image after setup. However, this flag can be annoying if you need to start/stop this step repeatedly to troubleshoot because it will re-download the image every time NOTE: If using Podman as a non-root user, the additional flag --network slirp4netns:port_handler=slirp4netns must be added.

4. With your vnc viewer, open a connection to your IP on port 5999. If you're using tigervnc and running this on the same phost, you can use vncviewer localhost:5999. The password will be vncpass unless you changed it in the command.

5. If presented with a boot loader (a black screen with some icons in the center), select the option MacOS Base System to boot into the recover/install menu.

6. Before installing, you have to format the drive with APFS for a macOS install. Go into Disk Utility and find your drive. Click "Erase". Fill in the name for the drive that you want, then leave the rest as defaults and click "Erase". Close out of Disk Utility.

NOTE: On Ventura, you may have to use "MacOS extended (Journaled)" instead of APFS. See for more information.

7. Click on "reinstall macOS" and install macOS as normal.

8. Once you're on your desktop, test sending an iMessage to yourself. If it does not succeed, it's likely best to restart from the beginning, though our Discord community may be able to help.

9. Before shutting down your VM, run this in a new terminal with the same user:

This copies the generated bootdisk and serial number information out of the container and saves it as bootdisk.qcow2 so it can be used for all your future boots.

10. Shutdown your VM then take down the container.

The container and image will automatically be removed from your system (to keep things clean) because of the --rm and --rmi options we passed above.

11. Save this into a file (e.g. start-bluebubbles.sh) and make sure you have execute permissions to run it (chmod +x start-bluebubbles.sh).

This new docker run command should cut down on boot time and general overhead.

As before, errors related to ALSA can be safely ignored.

It is HIGHLY RECOMMENDED that you replace $PWD in the above command (after both -v flags) with an absolute path. For example, replace $PWD/maindisk.qcow2:/image with /home/yourname/bluebubbles/maindisk.qcow2:/image. This allows you to more easily run this script from any working directory (as you may want to do with a systemd service file).

To change the VNC password, change data=vncpass to data=<yourpassword> in the EXTRA environment variable.

NOTE: As before, if using Podman as a non-root user, the additional flag --network slirp4netns:port_handler=slirp4netns must be added.

12. Start up the container again (by running the script file you made in step 11). It might take a little while the first time as it pulls down a new container image, but it'll be quicker to boot after this first time. Once it's up, you can connect again with VNC on port 5999 with password vncpass (unless you changed it).

13.

14. When you want to start the container again, run the script you made in step 11. As before, you can connect to your VM with VNC on port 5999 with vncpass or the password you set. To stop the container, run:

Private API notes

• To install the BlueBubbles Private API features, just follow the normal guide .

• When disabling SIP, follow the instructions for "Physical Mac, INTEL" on the Private API installation documentation.

  • To clarify, do NOT follow the documentation for . Everything you need is in the standard Private API installation guide.

On the off-chance that you are unable to get the BlueBubbles App to connect to your BlueBubbles Server, and you also do not have remote access set up (i.e. TeamViewer or VNC), you can use this guide to force restart your server.

Steps

This will restart the BlueBubbles Server, not your Mac itself

1. Login to your

2. Select/Open the Firebase project linked to your BlueBubbles set up

   • This is likely named something like bluebubbles-e82d1, where the part after the dash is randomly generated

3. The next steps will depend upon whether you've used the automated Firebase set up or the manual Firebase setup

Once the nextRestart field has been edited, the server will detect the modification, and restart. This restart process may take a couple of minutes, so be patient.

If the BlueBubbles Server has successfully restarted, your serverUrl should update with the newly assigned URL (if you are using a proxy service)

Reasons Why You May Not Get a New Server URL

• Your BlueBubbles Server is not running

• Your Mac Server may be offline or not connected to the internet

• Your home network is blocking connections to Firebase

• Your home network is blocking connections to your proxy service

This document will guide you on how to setup a macOS virtual machine on your Windows operating system. This guide has a lot of steps, but I promise it's not hard. It's mainly to provide all the context and information to make the setup easy to follow. I've also broken the steps down into multiple sections in order to make it easier to understand.

Before You Begin

Make sure that your PC has Virtualization enabled in the BIOS. If you do not know if you have virtualization enabled, open Task Manager's Performance tab:

If virtualization is disabled, you need to boot into your PC's BIOS and enable it. Now, enabling it will be different per-vendor, however, here are 2 YouTube videos that may help:

Downloading a Fresh Copy of macOS

The first step in setting up a virtual machine is getting an image that is compatible with our virtualization software, in this case, VMWare. To do this, we will use OpenCore. The following instructions are a shortened form of the full OpenCore Install Guide:

Note: This method is preferred over downloading an existing ISO from the internet because you never know when the integrity of an ISO from the internet might be compromised.

Pre-requisites

• You should have Python installed:

Instructions

1. Download the latest release of OpenCore.

   • Download Link:

   • Choose the zip file labeled with RELEASE

Converting the macOS System Image to a VMWare Disk

Now that you have the BaseSystem.dmg file, we will now need to convert it into a format that VMWare can understand and load. In order to do that, we need to use yet another open-source tool called QEMU. Follow the steps below to learn how to use it.

Installing QEMU

This is a short guide to show you how to install QEMU, an open-source tool for working with disk images.

1. Download QEMU for Windows.

   • Download Link:

   • You will see a bunch of folders with years on them. Ignore those. Download the qemu-w64-setup-XXXXXXXX.exe

Creating the VMDK

Now that we've installed QEMU, we need to use it to convert the BaseSystem.dmg to a VMWare .vmdk disk image.

1. Open Explorer and navigate into your Documents folder (where your BaseSystem.dmg is located).

2. Holding Shift on your keyboard, right-click your explorer window and select Open PowerShell window here.

Preparing & Unlocking VMWare

In order for you to even be able to load a macOS system into VMWare, you will need to use a third-party program called Auto-Unlocker to patch your VMWare installation.

Pre-requisites

• You should have either VMWare Workstation Player (free), or VMWare Workstation Pro (paid) installed

  • VMWare Workstation Player (free): ()

  • VMWare Workstation Pro (paid):

Instructions (VMWare 16)

1. Download Auto-Unlocker.

2. Extract the downloaded zip file.

Instructions (VMWare 15 or Older)

1. Download Unlocker.

2. Extract the downloaded zip file.

Setting up the Virtual Machine

Creating the Virtual Machine

This section will detail how to create the base virtual machine using the recovery disk we created earlier.

Pre-requisites

• You should have either VMWare Workstation Player (free), or VMWare Workstation Pro (paid) installed

  • VMWare Workstation Player (free): ()

  • VMWare Workstation Pro (paid):

Instructions

1. Open VMWare and click File -> New Virtual Machine

2. Select Custom Installation and start navigating through the New Virtual Machine setup screens.

3. On the Guest Operating System Installation

Patching the Virtual Machine (iServices)

This section will detail how to patch your virtual machine in order to properly run macOS and get iServices setup.

1. Navigate to your virtual machine's files

   • The virtual machine's files are located here: C:\Users\<username>\Documents\Virtual Machines\

2. Create a backup of your virtual machine's .vmx