I just installed Openfire for the first time yesterday and I summarized all the painful learning I had to do to get things working into a blog post. I never found a comprehensive single document explaining how to install and get both File Uploads and Group Chat working, so I wrote one.
Seeing what steps I took may help Openfire developers understand what a real user’s perspective is on getting things installed, because I think what I was trying to do was a fairly common scenario, and yet took me all day because I had to piece things together from various random sources.
Here it is:
Hi Clay, thanks for sharing this! It’s a pretty comprehensive guide!
The one thing that you might consider adding, is support for federation. With the firewall settings that you’ve configured now, users on other servers won’t be able to interact with users on your server. If that is intentional, then consider disabling the server-to-server functionality in the admin console. Otherwise, add 5269 and 5270 to your firewall!
As for the duplicate hotdeploy directories: those shouldn’t be needed. Only the one that’s mentioned in the admin console will be used by Openfire.
Although you’re using the hotdeploy method, I do not think you’ve added a script that will ensure that new certificates generated by certbot will automatically be copied into the hotdeploy directory. If you do that, then you won’t have to manually do this every three months (when the old certificate expires)!
An interesting add-on to your guide would be instructions on how to configure Openfire to do audio and video calls. We’ve touched on this topic earlier: https://discourse.igniterealtime.org/t/preparing-openfire-for-audio-video-calls-with-conversations
I haven’t learned about Openfire federation yet, but I will now! Thanks for the port info. My server works for sending/recieving messages to other users on other XMPP servers, but I think you’re talking about something different, that I might be missing. It seems to be working great except I’m not sure why avatars don’t always show up in Dino and/or Gagim.
Also thanks for the hotdeploy tip. I’ll fix that too. For now I was planning to manually copy new certs after certbot renew, but I will eventually automate it, and add those instructions to the doc. Anything new I tweak in configs will be added to the doc.
Adding audio/video support is a great idea too. Great to know Openfire supports that! I’m also a big fan of IPFS, and I noticed there’s a plugin for that too! Really looking forward to the future with Openfire!
Communicating with users on other XMPP servers is called ‘federating’. It basically means that servers will connect to each-other in the background, when a user on one server sends a message to a user on another server.
For your server to accept these server-to-server connections, you will need to open up the corresponding port(s) in your firewall (5269/5270). Your guide didn’t include that. You’re saying that it’s already working - maybe you can connect to other domains, but with the firewall that you documented, I do not believe that those other domains can send data back to you.
Ok appreciate the clarification. I just checked my firewall ports and discovered 5269 (but not 5270) was indeed open (probably from when I had tried out a different XMPP server),
So now I’ve opened both 5269+5270, and updated the blog. Thanks.
great blog. Also, keep in mind that you can use wildcard certs if you are worried about the subdomain parts. Lets Encrypt will provide wildcards although its a tad more work and your DNS provider needs to support it.
Right, I could maybe mention that wild cards are an option in the blog too. I knew about wildcards for subdomain certs, but it was my first time ever even creating any subdomain, and I was trying to do what I thought most likely to be easiest to not mess up. Very much appreciate the tip.