Setting up Openfire Jabber/XMPP Server on CentOS

So you want to set up your own private chat network for friends or family, or maybe your company uses the major chat providers like AIM, Yahoo, MSN, or Google for interoffice communication, but you want more control and to keep the network traffic inside your LAN. Whatever your case may be, this guide will show you how to do it with Ignite Realtime’s Openfire Jabber Server for Linux.

Before we get started…

There are two preliminary steps to complete before we install Openfire. They aren’t essential to its functionality (you can skip them if you’d like), but they’ll make things easier when it comes to managing the administration for you and your users. Those two steps are setting up a DNS alias for the server hostname and creating a MySQL database for the backend instead of using the included embedded database.

» Create a DNS Host Name for your Jabber Server

For this guide I’ll use the hostname ‘jabber’ for my Openfire server. I run my own DNS server so I’ll be editing my zone file to add the new alias. If you use a third-party service for DNS on your domain then you should know how to add new aliases. If you don’t then you should consult their Support documentation for more information.

Open your zone file in a text editor and add your new alias. Yours may look something like this example when you’re done. The highlighted line is what I added.

$TTL    21600
$ORIGIN mydomain.com.

@       IN      SOA     ns1.my-name-server.com. admin.my-name-server.com. (
                        2007122301      ; serial
                        3600            ; refresh
                        600             ; retry
                        86400           ; expiry
                        21600 )         ; minimum

                IN      NS      ns1.my-name-server.com.
                IN      NS      ns2.my-name-server.com.

                IN      MX      10      mx1.my-mail-server.com.
                IN      MX      20      mx2.my-mail-server.com.

                IN      A       10.0.0.100

www             IN      A       10.0.0.100
ftp             IN      A       10.0.0.100
jabber          IN      A       10.0.0.100

Save your changes, flush the cache and reload the zone.

[[email protected] ~]# rndc flush
[[email protected] ~]# rndc reload

» Create the MySQL Database for Openfire Data

Sometimes a tool like phpMyAdmin comes in handy for managing MySQL databases, however I don’t have it installed on this server. Instead, I’ll be adding my Openfire database from the MySQL console. All we need to do is create the database, add a user account that has full control over that database, and reload (flush) the privileges.

[[email protected] ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 3 to server version: 5.0.22

Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

mysql> CREATE DATABASE `openfire`;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'openfire'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)

mysql> GRANT USAGE ON *.* TO 'openfire'@'localhost' IDENTIFIED BY 'password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON `openfire`.* TO 'openfire'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.02 sec)

mysql> quit
Bye
[[email protected] ~]#

Now that all the preliminaries are out of the way, we can move onto installing Openfire.

Download and Install the Openfire Software

Openfire can be downloaded from the Ignite Realtime web site. As of this writing, the latest version available for download is Openfire 3.4.2 for Linux.

We’ll start by downloading the Openfire RPM via wget.

[[email protected] ~]# wget -O openfire-3.4.2-1.i386.rpm http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
--12:18:13-- http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
Resolving www.igniterealtime.org... 63.246.20.125
Connecting to www.igniterealtime.org|63.246.20.125|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40451331 (39M) [application/x-rpm]
Saving to: `openfire-3.4.2-1.i386.rpm'

100%[=====================================================================>] 40,451,331   368K/s   in 1m 52s

12:20:05 (354 KB/s) - `openfire-3.4.2-1.i386.rpm' saved [40451331/40451331]

[[email protected] ~]#

Now install the RPM, start the Openfire service, verify it is actively running, and set it to auto-start whenever your server is rebooted.

[[email protected] ~]# rpm -ivh openfire-3.4.2-1.i386.rpm
Preparing...                ########################################### [100%]
   1:openfire               ########################################### [100%]
[[email protected] ~]# /etc/init.d/openfire start
Starting openfire:
[[email protected] ~]# ps -ef | grep -i openfire
root      2508     1  0 07:35 pts/0    00:00:00 su -s /bin/sh -c /opt/openfire/jre/bin/java -server  -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath "/opt/openfire/lib/startup.jar" -jar "/opt/openfire/lib/startup.jar" daemon
daemon    2511  2508 37 07:35 ?        00:00:07 /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath /opt/openfire/lib/startup.jar -jar /opt/openfire/lib/startup.jar
root      2526  2414  1 07:35 pts/0    00:00:00 grep -i openfire
[[email protected] ~]# chkconfig --level 235 openfire on
[[email protected] ~]#

Open Ports in your Firewall

If you have a firewall in place you’ll need to open some ports before we can start configuring Openfire through its web interface. Openfire uses ports 5222, 7777, 9090, 9091 for client connections, file transfer proxy, HTTP web administration and the secured administration respectively. If you use iptables tables like I do, add these lines to your /etc/sysconfig/iptables rules file and reload.

-A INPUT -p tcp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9091 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9091 -j ACCEPT

Then reload iptables to accept the new directives.

[[email protected] ~]# iptables-restore < /etc/sysconfig/iptables

Configure Openfire through its Web Interface

1. Launch your favorite browser and go to http://your_jabber_server_ip_address:9090 or if you set up a DNS alias http://jabber.mydomain.com:9090 to go to the Openfire web interface. You’ll be greeted by Openfire’s setup tool. In the first step, select your language. Here we choose English.

Openfire Setup: Language Selection Screen

2. The next step is to set the server domain. If you opted for an IP address name, enter your server’s IP. If you opted to create a DNS alias, enter the DNS server domain. Here we created jabber.mydomain.com so we’ll enter that. By default, the Openfire web interface console ports are 9090 and 9091 for standard and secure respectively. You can use other ports if you wish (NOTE: you’ll have to change your firewall settings if you use different ports), but for this guide, we’re sticking with the default values.

Openfire Setup: Server Settings Screen

3. You have two choices regarding which database to use for Openfire to store its data: an external database like MySQL, MSSQL, PostgreSQL, etc… or to use the bundled embedded database. If you setup a MySQL database like we did in this guide then select the Standard Database Connection option. If you didn’t, the only choice is to use the Embedded Database.

Openfire Setup: Database Settings Screen

4. To set up your database connection, select the appropriate driver from the Database Driver Presets list (we set up a MySQL database so we’ll select MySQL). The page will refresh and you need to fill in the necessary information (the database host, name, username, and password). You should have this information from when you setup your MySQL database. Per this guide, MySQL is on the same server as my Openfire installation (localhost) and I created a database called ‘openfire’ with a username of ‘openfire’ and set a password.

Openfire Setup: Database Settings Configuration Screen

5. The profile step has to do with the users and groups of chat members and where Openfire will store that information (new users, user groups, etc…). We won’t opt for LDAP to store this information. It is much more convenient to save it in our in our database.

Openfire Setup: Profile Settings Configuration Screen

6. We’re almost done. Enter the administrator email address (your email address) and set a password for your Openfire server.

Openfire Setup: Admin Account Screen

7. Now you’re done! Pat yourself on the back. Click the Login to admin console button.

Openfire Setup: Setup Complete Screen

8. Type in the Openfire admin password you entered in Step 6 and click the Login button.

Openfire Setup: Admin Login Screen

Welcome to the Openfire Administration Console. Take a look around and get familiar with the layout.

Openfire: Administration Console Screen

Time to Make Some Openfire Configuration Changes

Your Openfire installation will work out of the box and you can skip this section if you want, but for this tutorial, I wanted to make some changes. Namely, I want my server to follow some rules so there is no chaos.

  1. I don’t want any other servers to be able to communicate with mine (it’s private and self-sufficient)
  2. I define the member base so anonymous users cannot create accounts (ideal for an office environment)
  3. Finally, all communication between clients and the server is encrypted (force jabber clients to use SSL)

Follow along if you want to use any of these features or jump ahead to the Creating Users and Groups for Jabber Clients section.

1. Onhttps://web.archive.org/web/20110106203704/http://www.tonybhimani.com/2007/12/31/openfire-jabberxmpp-server-on-ce the left under Server Settings, click the Server to Server link. In the top panel Service Enabled, choose the Disabled option and click Save Settings.

Openfire: Administration Console 'Server to Server' Screen

2. Click the Registration & Login link in the left side menu. Disable both options under Inband Account Registration and Anonymous Login. We’ll leave the Change Password option alone to let users update their passwords as they see fit. Click the Save Settings button at the bottom of the page.

Openfire: Administration Console 'Registration & Login' Screen

3. Click the Security Settings link on the left. Under Client Connection Security, choose the Required option to force jabber clients to use SSL (NOTE: If the client doesn’t support SSL and this option is enabled, the client will not be able to connect to the server). Click the Save Settings button.

Openfire: Administration Console 'Security Settings' Screen

Openfire SSL Certificates

Openfire creates self-signed SSL Certificates by default. Remember the port 9091 from before? If you ever want to access this administration console from a Secure Connection, then you’ll need to restart the Openfire HTTP Server.

Click the Server Certificates link on the left menu.

Openfire: Administration Console 'Server Certificates' Screen

Click the link in the highlight section.

Openfire: HTTP Restart Link

Openfire will restart the HTTP Web Server and kick you back to the login screen. Log back in and the SSL Certificate should now be in use and you can access the console from SSL.

Creating Users and Groups for Jabber Clients

Since we’re creating a jabber server for a mock office environment, we prohibit anonymous users from creating accounts. Because of this, we will manage all users and groups on a global scale through our Openfire server. This means, all groups and users will be pushed to the clients that log in so they don’t have to add every single user account or group to their client. Also, any changes happen in real-time on the client (new users or groups added, removed, etc…). Kind of cool, huh? This is accomplished through Contact Group List Sharing.

We’ll be creating a mock Developer “Devel” group and add some users to it. Click on the Users/Groups tab on the top.

1. Go to Create New User under the Users section on the left. Fill in the UsernamePassword, and Confirm Password fields and click the Create User button.

Openfire: Administration Console 'Create New User' Screen

Repeat this process to add all the users you want on your server.

Openfire: Administration Console 'User Properties' Screen

2. Go to Create New Group under the Groups section on the left. Fill in the Group Name and an optional Description. Click the Create Group button.

Openfire: Administration Console 'Create Group' Screen

3. The group has been added. Now we’ll share the contact list so it’s global to all Jabber clients that connect to our server. Under the Contact List (Roster) Sharing section, click the Enable contact list group sharing option. In the name field, type in the same name as set for the group. Click the Save Contact List Settings button.

Openfire: Administration Console 'Edit Group' Screen

4. Scroll down the page and type in a username to the Add User field and click the Add button.

Openfire: Administration Console 'Members of This Group' Screen

Now we have one member in our group. Repeat this for each user you want to be assigned to this group.

Openfire: Administration Console 'Members of This Group' Screen

Setting up a Jabber Client (Spark 2.5.8 for Windows)

Our Openfire Jabber Server is useless unless we have clients connect to it and communicate through it. We’ll use Spark from Ignite Realtime. If that doesn’t suit you then you are open to use another jabber client since there are many of them out there (see the client from jabber.org).

1. Download Spark, install it, and launch it.

2. Type in your Openfire user credentials (Username and Password). In the Server field, type in the Openfire Servers IP address or DNS alias. Click the Login button.

Spark: Client Login Screen

3. The contact list will appear once you have successfully logged in. The shared group(s) will be visible (NOTE: groups with no online users will be hidden unless you select the Show empty groups option from the Contacts menu) along with the users of those groups. My contacts are not online as you can see from the picture below.

Spark: Contact List Window

You’re done. You now have the essentials of configuring your own Jabber server and clients.