Tony Bhimani’s Blog

Where I Share my Linux and Programming Experiences

« CentOS 5.1 Network Install Instructions

Domain Redirection using Apache mod_rewrite and .htaccess »

Openfire Jabber/XMPP Server on CentOS mini-Howto

So you want to set up your own private chat network for friends or family, or maybe your company uses the major chat providers like AIM, Yahoo, MSN, or Google
for interoffice communication, but you want more control and to keep the network traffic inside your LAN. Whatever your case may be, this guide will show you
how to do it with Ignite Realtime’s Openfire Jabber Server for Linux.

Before we get started…

There are two preliminary steps to complete before we install Openfire. They aren’t essential to its functionality (you can skip them if you’d like), but they’ll make
things easier when it comes to managing the administration for you and your users. Those two steps are setting up a DNS alias for the server host name and creating
a MySQL database for the backend instead of using the included embedded database.

» Create a DNS Host Name for your Jabber Server

For this guide I’ll use the host name ‘jabber’ for my Openfire server. I run my own DNS server so I’ll be editing my zone file to add the new alias. If you use a third
party service for DNS on your domain then you should know how to add new aliases. If you don’t then you should consult their Support documentation for more
information.

Open your zone file in a text editor and add your new alias. Yours may look something like this example when you’re done. The highlighted line is what I added.
$TTL 21600
$ORIGIN mydomain.com.

@ IN SOA ns1.my-name-server.com. admin.my-name-server.com. (

2007122301 ; serial
3600 ; refresh
600 ; retry
86400 ; expiry
21600 ) ; minimum

IN NS ns1.my-name-server.com.
IN NS ns2.my-name-server.com.

IN MX 10 mx1.my-mail-server.com.
IN MX 20 mx2.my-mail-server.com.
 IN A 10.0.0.100

www IN A 10.0.0.100
ftp IN A 10.0.0.100
jabber IN A 10.0.0.100

Save your changes, flush the cache and reload the zone.
[root@node1 ~]# rndc flush
[root@node1 ~]# rndc reload

» Create the MySQL Database for Openfire Data

Sometimes a tool like phpMyAdmin comes in handy for managing MySQL databases, however I don’t have it installed on this server. Instead I’ll be adding my
Openfire database from the MySQL console. All we need to do is create the database, add an user account that has full control over that database, and reload (flush)
the privileges.
[root@node1 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 3 to server version: 5.0.22

Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

mysql> CREATE DATABASE `openfire`;

Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'openfire'@'localhost' IDENTIFIED BY 'password';

Query OK, 0 rows affected (0.01 sec)

mysql> GRANT USAGE ON *.* TO 'openfire'@'localhost' IDENTIFIED BY 'password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON `openfire`.* TO 'openfire'@'localhos
Query OK, 0 rows affected (0.01 sec)

mysql> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.02 sec)

mysql> quit
Bye
[root@node1 ~]#

Now that all the preliminaries are out of the way, we can move onto installing Openfire.

Download and Install the Openfire Software

Openfire can be downloaded from the Ignite Realtime web site. As of this writing, the latest version available for download is Openfire 3.4.2 for Linux.
We’ll start by downloading the Openfire RPM via wget.
[root@node1 ~]# wget -O openfire-3.4.2-1.i386.rpm http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.
--12:18:13-- http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
Resolving www.igniterealtime.org... 63.246.20.125
Connecting to www.igniterealtime.org|63.246.20.125|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40451331 (39M) [application/x-rpm]
Saving to: `openfire-3.4.2-1.i386.rpm'

100%[=====================================================================>] 40,451,331 368K/s in 1m 52s

12:20:05 (354 KB/s) - `openfire-3.4.2-1.i386.rpm' saved [40451331/40451331]

[root@node1 ~]#

Now install the RPM, start the Openfire service, verify it is actively running, and set it to auto-start whenever your server is rebooted.
[root@node1 ~]# rpm -ivh openfire-3.4.2-1.i386.rpm
Preparing... ########################################### [100%]
1:openfire ########################################### [100%]
[root@node1 ~]# /etc/init.d/openfire start
Starting openfire:
[root@node1 ~]# ps -ef | grep -i openfire
root 2508 1 0 07:35 pts/0 00:00:00 su -s /bin/sh -c /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopen
daemon 2511 2508 37 07:35 ? 00:00:07 /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/
root 2526 2414 1 07:35 pts/0 00:00:00 grep -i openfire
[root@node1 ~]# chkconfig --level 235 openfire on
[root@node1 ~]#

Open Ports in your Firewall

If you have a firewall in place you’ll need to open some ports before we can start configuring Openfire through its web interface. Openfire uses ports 5222, 7777,
9090, 9091 for client connections, file transfer proxy, http web administration and the secured administration respectively. If you use iptables tables like I do, add
these lines to your /etc/sysconfig/iptables rules file and reload. See my RedHat IPTables Tutorial on XenoCafe for more information on configuring iptables from
the ground up.
-A INPUT -p tcp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9091 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9091 -j ACCEPT

Then reload iptables to accept the new directives.

[root@node1 ~]# iptables-restore < /etc/sysconfig/iptables
Configure Openfire through its Web Interface

1. Launch your favorite browser and go to http://your_jabber_server_ip_address:9090 or if you set up a DNS alias http://jabber.mydomain.com:9090 to go to the
Openfire web interface. You’ll be greeted by Openfire’s setup tool. In the first step, select your language. Here we choose English.

2. The next step is to set the server domain. If you opted for an IP address name, enter your server’s IP. If you opted to create a DNS alias, enter the DNS server
domain. Here we created jabber.mydomain.com so we’ll enter that. By default the Openfire web interface console ports are 9090 and 9091 for standard and secure
respectively. You can use other ports if you wish (NOTE: you’ll have to change your firewall settings if you use different ports), but for this guide we’re sticking
with the default values.

3. You have two choices regarding which database to use for Openfire to store its data: an external database like MySQL, MSSQL, PostgreSQL, etc… or to use the
bundled embedded database. If you setup a MySQL database like we did in this guide then select the Standard Database Connection option. If you didn’t, the only
choice is to use the Embedded Database.
4. To set up your database connection, select the appropriate driver from the Database Driver Presets list (we set up a MySQL database so we’ll select MySQL).
The page will refresh and you need to fill in the necessary information (the database host, name, username, and password). You should have this information from
when you setup your MySQL database. Per this guide, MySQL is on the same server as my Openfire installation (localhost) and I created a database called
‘openfire’ with a username of ‘openfire’ and set a password.

5. The profile step has to do with the users and groups of chat members and where Openfire will store that information (new users, user groups, etc…). We won’t
opt for LDAP to store this information. It is much more convenient to save it in our in our database.
6. We’re almost done. Enter the administrator email address (your email address) and set a password for your Openfire server.

7. Now you’re done! Pat yourself on the back. Click the Login to admin console button.
8. Type in the Openfire admin password you entered in Step 6 and click the Login button.

Welcome to the Openfire Administration Console. Take a look around and get familiar with the layout.
Time to Make Some Openfire Configuration Changes

Your Openfire installation will work out of the box and you can skip this section if you want, but for this tutorial I wanted to make some changes. Namely, I want
my server to follow some rules so there is no chaos.

1. I don’t want any other servers to be able to communicate with mine (it’s private and self sufficient)
2. I define the member base so anonymous users cannot create accounts (ideal for an office environment)
3. Finally, all communication between clients and the server is encrypted (force jabber clients to use SSL)

Follow along if you want to use any of these features or jump ahead to the Creating Users and Groups for Jabber Clients section.

1. On the left under Server Settings, click the Server to Server link. In the top panel Service Enabled, choose the Disabled option and click Save Settings.
2. Click the Registration & Login link in the left side menu. Disable both options under Inband Account Registration and Anonymous Login. We’ll leave the
Change Password option alone to let users update their passwords as they see fit. Click the Save Settings button at the bottom of the page.

3. Click the Security Settings link on the left. Under Client Connection Security, choose the Required option to force jabber clients to use SSL (NOTE: If the
client doesn’t support SSL and this option is enabled, the client will not be able to connect to the server). Click the Save Settings button.

Openfire SSL Certificates

Openfire creates self-signed SSL Certificates by default. Remember the port 9091 from before? If you ever want to access this administration console from a Secure
Connection, then you’ll need to restart the Openfire HTTP Server.

Click the Server Certificates link on the left menu.

Click the link in the highlight section.

Openfire will restart the HTTP Web Server and kick you back to the login screen. Log back in and the SSL Certificate should now be in use and you can access the
console from SSL.

Creating Users and Groups for Jabber Clients

Since we’re creating a jabber server for a mock office environment, we prohibit anonymous users from creating accounts. Because of this, we will manage all users
and groups on a global scale through our Openfire server. This means, all groups and users will be pushed to the clients that log in so they don’t have to add every
single user account or group to their client. Also, any changes happen in real-time on the client (new users or groups added, removed, etc…). Kind of cool, huh? This
is accomplished through Contact Group List Sharing.

We’ll be creating a mock Developer “Devel” group and add some users to it. Click on the Users/Groups tab on the top.

1. Go to Create New User under the Users section on the left. Fill in the Username, Password, and Confirm Password fields and click the Create User button.
Repeat this process to add all the users you want on your server.

2. Go to Create New Group under the Groups section on the left. Fill in the Group Name and an optional Description. Click the Create Group button.
3. The group has been added. Now we’ll share the contact list so it’s global to all jabber clients that connect to our server. Under the Contact List (Roster) Sharing
section, click the Enable contact list group sharing option. In the name field, type in the same name as set for the group. Click the Save Contact List Settings
button.

4. Scroll down the page and type in an user name to the Add User field and click the Add button.
Now we have one member in our group. Repeat this for each user you want assigned to this group.

Setting up a Jabber Client (Spark 2.5.8 for Windows)

Our Openfire Jabber Server is useless unless we have clients connect to it and communicate through it. We’ll use Spark from Ignite Realtime. If that doesn’t suit you
then you are open to use another jabber client since there are many of them out there (see the client from jabber.org).

1. Download Spark, install it, and launch it.

2. Type in your Openfire user credentials (Username and Password). In the Server field, type in the Openfire Servers IP address or DNS alias. Click the Login
button.
3. The contact list will appear once you have successfully logged in. The shared group(s) will be visible (NOTE: groups with no online users will be hidden unless
you select the Show empty groups option from the Contacts menu) along with the users of those groups. My contacts are not online as you can see from the picture
below.
You’re done. You now have the essentials of configuring your own Jabber server and clients.

This is my last tutorial, guide, howto, whatever you want to call it for 2007. Happy New Year!

Tags: CentOS, jabber, Linux, MySQL, openfire, xmpp

This entry was posted on Monday, December 31st, 2007 at 11:13 pm and is filed under CentOS, HOWTOs, Linux, MySQL. You can follow any responses to this entry through the RSS 2.0 feed. You
can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “Openfire Jabber/XMPP Server on CentOS mini-Howto”

1. xpathfinder says:
May 13, 2008 at 11:00 am

Hi, everything songs good, but what happend if you put that server behind a firewall (iptables) and you want to use file transfer, which rules you need to put in
the main firewall, I set up a jabber server in my LAN, file transfers betwen users on the same LAN works fine, but it does not work from user outside my
LAN, I Appreciated your comments.
 Thanks
Xpathfinder

2. snehavpackt says:
October 15, 2008 at 11:17 pm

Hi Tony,

My name is Sneha and I work for Packt, a UK based publishing company specializing in focused IT books. You can read more about us at
http://www.PacktPub.com

We’ve recently published a new book called Openfire Administration that is written by Linux.com’s contributing editor, Mayank Sharma. This book acts as a
guide to building and setting up an efficient and secure Instant Messaging service over a Network. You can read more about this book here:
http://www.packtpub.com/step-by-step-guide-to-openfire-administration/book

I’m contacting you because I’m aware that this topic is one that you have particular interest and knowledge of, and thought that you could share your valuable
comments on the book. If you’d be interested in writing a review on your blog/ website, I’d be delighted to send you a copy. If you could please provide me
with your shipping details, I will go ahead and order a copy right away.

If you have any queries or suggestions please don’t hesitate to contact me.

Kind Regards,
Sneha.

Leave a Reply

You must be logged in to post a comment.

Tony Bhimani’s Blog is proudly powered by WordPress

Entries (RSS) and Comments (RSS).