So you want to set up your own private chat network for friends or family, or maybe your company uses the major chat providers like AIM, Yahoo, MSN, or Google for interoffice communication, but you want more control and to keep the network traffic inside your LAN. Whatever your case may be, this guide will show you how to do it with Ignite Realtime’s Openfire Jabber Server for Linux.
Before we get started…
There are two preliminary steps to complete before we install Openfire. They aren’t essential to its functionality (you can skip them if you’d like), but they’ll make things easier when it comes to managing the administration for you and your users. Those two steps are setting up a DNS alias for the server hostname and creating a MySQL database for the backend instead of using the included embedded database.
» Create a DNS Host Name for your Jabber Server
For this guide I’ll use the hostname ‘jabber’ for my Openfire server. I run my own DNS server so I’ll be editing my zone file to add the new alias. If you use a third-party service for DNS on your domain then you should know how to add new aliases. If you don’t then you should consult their Support documentation for more information.
Open your zone file in a text editor and add your new alias. Yours may look something like this example when you’re done. The highlighted line is what I added.
$TTL 21600 $ORIGIN mydomain.com. @ IN SOA ns1.my-name-server.com. admin.my-name-server.com. ( 2007122301 ; serial 3600 ; refresh 600 ; retry 86400 ; expiry 21600 ) ; minimum IN NS ns1.my-name-server.com. IN NS ns2.my-name-server.com. IN MX 10 mx1.my-mail-server.com. IN MX 20 mx2.my-mail-server.com. IN A 10.0.0.100 www IN A 10.0.0.100 ftp IN A 10.0.0.100 jabber IN A 10.0.0.100
Save your changes, flush the cache and reload the zone.
[[email protected] ~]# rndc flush [[email protected] ~]# rndc reload
» Create the MySQL Database for Openfire Data
Sometimes a tool like phpMyAdmin comes in handy for managing MySQL databases, however I don’t have it installed on this server. Instead, I’ll be adding my Openfire database from the MySQL console. All we need to do is create the database, add a user account that has full control over that database, and reload (flush) the privileges.
[[email protected] ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 3 to server version: 5.0.22 Type 'help;' or 'h' for help. Type 'c' to clear the buffer. mysql> CREATE DATABASE `openfire`; Query OK, 1 row affected (0.00 sec) mysql> CREATE USER 'openfire'@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.01 sec) mysql> GRANT USAGE ON *.* TO 'openfire'@'localhost' IDENTIFIED BY 'password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0; Query OK, 0 rows affected (0.00 sec) mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON `openfire`.* TO 'openfire'@'localhost'; Query OK, 0 rows affected (0.01 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.02 sec) mysql> quit Bye [[email protected] ~]#
Now that all the preliminaries are out of the way, we can move onto installing Openfire.
Download and Install the Openfire Software
We’ll start by downloading the Openfire RPM via wget.
[[email protected] ~]# wget -O openfire-3.4.2-1.i386.rpm http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm --12:18:13-- http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm Resolving www.igniterealtime.org... 18.104.22.168 Connecting to www.igniterealtime.org|22.214.171.124|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 40451331 (39M) [application/x-rpm] Saving to: `openfire-3.4.2-1.i386.rpm' 100%[=====================================================================>] 40,451,331 368K/s in 1m 52s 12:20:05 (354 KB/s) - `openfire-3.4.2-1.i386.rpm' saved [40451331/40451331] [[email protected] ~]#
Now install the RPM, start the Openfire service, verify it is actively running, and set it to auto-start whenever your server is rebooted.
[ro[email protected] ~]# rpm -ivh openfire-3.4.2-1.i386.rpm Preparing... ########################################### [100%] 1:openfire ########################################### [100%] [[email protected] ~]# /etc/init.d/openfire start Starting openfire: [[email protected] ~]# ps -ef | grep -i openfire root 2508 1 0 07:35 pts/0 00:00:00 su -s /bin/sh -c /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath "/opt/openfire/lib/startup.jar" -jar "/opt/openfire/lib/startup.jar" daemon daemon 2511 2508 37 07:35 ? 00:00:07 /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath /opt/openfire/lib/startup.jar -jar /opt/openfire/lib/startup.jar root 2526 2414 1 07:35 pts/0 00:00:00 grep -i openfire [[email protected] ~]# chkconfig --level 235 openfire on [[email protected] ~]#
Open Ports in your Firewall
If you have a firewall in place you’ll need to open some ports before we can start configuring Openfire through its web interface. Openfire uses ports 5222, 7777, 9090, 9091 for client connections, file transfer proxy, HTTP web administration and the secured administration respectively. If you use iptables tables like I do, add these lines to your /etc/sysconfig/iptables rules file and reload.
-A INPUT -p tcp -i eth0 --dport 5222 -j ACCEPT -A INPUT -p udp -i eth0 --dport 5222 -j ACCEPT -A INPUT -p tcp -i eth0 --dport 7777 -j ACCEPT -A INPUT -p udp -i eth0 --dport 7777 -j ACCEPT -A INPUT -p tcp -i eth0 --dport 9090 -j ACCEPT -A INPUT -p udp -i eth0 --dport 9090 -j ACCEPT -A INPUT -p tcp -i eth0 --dport 9091 -j ACCEPT -A INPUT -p udp -i eth0 --dport 9091 -j ACCEPT
Then reload iptables to accept the new directives.
[[email protected] ~]# iptables-restore < /etc/sysconfig/iptables
Configure Openfire through its Web Interface
1. Launch your favorite browser and go to http://your_jabber_server_ip_address:9090 or if you set up a DNS alias http://jabber.mydomain.com:9090 to go to the Openfire web interface. You’ll be greeted by Openfire’s setup tool. In the first step, select your language. Here we choose English.
2. The next step is to set the server domain. If you opted for an IP address name, enter your server’s IP. If you opted to create a DNS alias, enter the DNS server domain. Here we created jabber.mydomain.com so we’ll enter that. By default, the Openfire web interface console ports are 9090 and 9091 for standard and secure respectively. You can use other ports if you wish (NOTE: you’ll have to change your firewall settings if you use different ports), but for this guide, we’re sticking with the default values.
3. You have two choices regarding which database to use for Openfire to store its data: an external database like MySQL, MSSQL, PostgreSQL, etc… or to use the bundled embedded database. If you setup a MySQL database like we did in this guide then select the Standard Database Connection option. If you didn’t, the only choice is to use the Embedded Database.
4. To set up your database connection, select the appropriate driver from the Database Driver Presets list (we set up a MySQL database so we’ll select MySQL). The page will refresh and you need to fill in the necessary information (the database host, name, username, and password). You should have this information from when you setup your MySQL database. Per this guide, MySQL is on the same server as my Openfire installation (localhost) and I created a database called ‘openfire’ with a username of ‘openfire’ and set a password.
5. The profile step has to do with the users and groups of chat members and where Openfire will store that information (new users, user groups, etc…). We won’t opt for LDAP to store this information. It is much more convenient to save it in our in our database.
6. We’re almost done. Enter the administrator email address (your email address) and set a password for your Openfire server.
7. Now you’re done! Pat yourself on the back. Click the Login to admin console button.
8. Type in the Openfire admin password you entered in Step 6 and click the Login button.
Welcome to the Openfire Administration Console. Take a look around and get familiar with the layout.
Time to Make Some Openfire Configuration Changes
Your Openfire installation will work out of the box and you can skip this section if you want, but for this tutorial, I wanted to make some changes. Namely, I want my server to follow some rules so there is no chaos.
- I don’t want any other servers to be able to communicate with mine (it’s private and self-sufficient)
- I define the member base so anonymous users cannot create accounts (ideal for an office environment)
- Finally, all communication between clients and the server is encrypted (force jabber clients to use SSL)
Follow along if you want to use any of these features or jump ahead to the Creating Users and Groups for Jabber Clients section.
1. Onhttps://web.archive.org/web/20110106203704/http://www.tonybhimani.com/2007/12/31/openfire-jabberxmpp-server-on-ce the left under Server Settings, click the Server to Server link. In the top panel Service Enabled, choose the Disabled option and click Save Settings.
2. Click the Registration & Login link in the left side menu. Disable both options under Inband Account Registration and Anonymous Login. We’ll leave the Change Password option alone to let users update their passwords as they see fit. Click the Save Settings button at the bottom of the page.
3. Click the Security Settings link on the left. Under Client Connection Security, choose the Required option to force jabber clients to use SSL (NOTE: If the client doesn’t support SSL and this option is enabled, the client will not be able to connect to the server). Click the Save Settings button.
Openfire SSL Certificates
Openfire creates self-signed SSL Certificates by default. Remember the port 9091 from before? If you ever want to access this administration console from a Secure Connection, then you’ll need to restart the Openfire HTTP Server.
Click the Server Certificates link on the left menu.
Click the link in the highlight section.
Openfire will restart the HTTP Web Server and kick you back to the login screen. Log back in and the SSL Certificate should now be in use and you can access the console from SSL.
Since we’re creating a jabber server for a mock office environment, we prohibit anonymous users from creating accounts. Because of this, we will manage all users and groups on a global scale through our Openfire server. This means, all groups and users will be pushed to the clients that log in so they don’t have to add every single user account or group to their client. Also, any changes happen in real-time on the client (new users or groups added, removed, etc…). Kind of cool, huh? This is accomplished through Contact Group List Sharing.
We’ll be creating a mock Developer “Devel” group and add some users to it. Click on the Users/Groups tab on the top.
1. Go to Create New User under the Users section on the left. Fill in the Username, Password, and Confirm Password fields and click the Create User button.
Repeat this process to add all the users you want on your server.
2. Go to Create New Group under the Groups section on the left. Fill in the Group Name and an optional Description. Click the Create Group button.
3. The group has been added. Now we’ll share the contact list so it’s global to all Jabber clients that connect to our server. Under the Contact List (Roster) Sharing section, click the Enable contact list group sharing option. In the name field, type in the same name as set for the group. Click the Save Contact List Settings button.
4. Scroll down the page and type in a username to the Add User field and click the Add button.
Now we have one member in our group. Repeat this for each user you want to be assigned to this group.
Setting up a Jabber Client (Spark 2.5.8 for Windows)
Our Openfire Jabber Server is useless unless we have clients connect to it and communicate through it. We’ll use Spark from Ignite Realtime. If that doesn’t suit you then you are open to use another jabber client since there are many of them out there (see the client from jabber.org).
1. Download Spark, install it, and launch it.
2. Type in your Openfire user credentials (Username and Password). In the Server field, type in the Openfire Servers IP address or DNS alias. Click the Login button.
3. The contact list will appear once you have successfully logged in. The shared group(s) will be visible (NOTE: groups with no online users will be hidden unless you select the Show empty groups option from the Contacts menu) along with the users of those groups. My contacts are not online as you can see from the picture below.
You’re done. You now have the essentials of configuring your own Jabber server and clients.