powered by Jive Software

Can I use reverse proxy with openfire to hide my server domain?

Hello,
I’m trying to make my private XMPP server using openfire and conversations app.
But I got a problem to make it.
For example, Domain of openfire server is A.com and domain of nginx reverse proxy server is B.com
And I tried username @ B,com to login in my conversations app.
But It said “Stream opening error” and can’t connect.
Is it possible to connect via username @ B,com?
My purpose is hiding my real host openfire server’s IP(domain) to client!
Just wanna show proxy domain when user try to login :slight_smile:

Even I tried to use connection manager, It doesn’t work for me (I’m not sure If I used correctly… )

Thank you for reading.

The XMPP domain name that is configured for Openfire and the hostname/IP address of the server(s) that is running Openfire do not need to be the same (or indeed relate to each-other).

There is no hiding the XMPP domain name from the server, as this value is used throughout the protocol. It forms a part of all of the XMPP addressing that’s going on.

As a rule of thumb: never use an IP address as the value for your XMPP domain name.

On the TCP/IP level, you can use different addresses though. You’d typically map between the XMPP-level and TCP-level addressing with DNS SRV records. In its simplest form, you would have record like these that map the XMPP client and server services for the XPP domain example.net to the hostname that’s providing the services (server.example.net)

_xmpp-client._tcp.example.net. 86400 IN SRV 5 0 5222 server.example.net.
_xmpp-server._tcp.example.net. 86400 IN SRV 5 0 5269 server.example.net.

Beyond this, you have limited options, that often result in half-backed hacks. You might be able to get a kind of reverse-proxy setup for just the BOSH / HttpBind endpoints, but your mileage will vary.

Thank you for answering me Guus :smiley:

I have some questions ab these.

  1. Can I use this connection manager with my latest openfire server? https://www.igniterealtime.org/projects/openfire/connection_manager.jsp
    I tried and it connected to my server (a.com), but I can’t connect like username@b.com(cm domain)… The client says can’t find server.

  2. Overwise, Can u suggest how to make A.com is openfire server, B.com is like proxy and
    If I try to connect username@B.com, pass through proxy B server and connect A.com(openfire server)?

In addition, the reason of avoiding direct connect to openfire server is security problems!

The Connection Manager project is currently unmaintained, and has not had important updates for several years. I do no recommend using it.

The Ignite Realtime community does not produce software to act as a proxy. You might get somewhere with setting up generic reverse proxies (for BOSH) or things like Metre for server-to-server traffic - but to be frank: these add more complexity than fix generic security issues.

My advice for you would be to first learn to understand all of the networking aspects of running an XMPP domain, before preemptively putting things like proxies in place “for security”.

Thank you for replying:)
I understood what u r saying!
Have a great day