Right off the bat, if this is already addressed somewhere, please accept my apologies. I’ve spent a LOT of time looking for it and I can’t find anything that works. http://community.igniterealtime.org/docs/DOC-1525 looked promising but I couldn’t make the instructions work for me. If I have “port:7070” in my SparkWeb index.html file, everything works fine. If I change that to “port:80”, nothing happens when I click the Login button. I have both configurations posted right now. Unfortunately, the network on which I want to use SparkWeb blocks access to port 7070.
http://openfire.srmserver.com/ is configured on with “port:80”
http://openfire.srmserver.com/7070.html is an identical file with “port:7070”.
I’m new to xmpp in general and SparkWeb in particular but I’m not completely new to networking. http://openfire.srmserver.com/http-bind/ brings me to the jetty “400 Bad Request” page, which I expect since it’s not expecting a GET request. I can’t just forward port 80 on the gateway to port 7070 on the Openfire box because the gateway proxies for other servers on the network. I figure it has to be something to do with my apache proxying setup but I can’t seem to figure out how to fix it. HELP!!!
General configuration
I have a gateway server (known internally as gw.entlab.local, externally as *.srmserver.com) which runs apache as a reverse proxy to internal systems. It also uses iptables to directly forward ports to internal servers for things like email, ssh, etc. It has three interfaces. One goes to the internet, one to our lab network and one to our “production” network. Our Openfire server (openfire.entlab.local) is on our production network at 192.168.0.15.
Configuration of gw.entlab.local
There are two key configuration files, the apache virtual host that points to openfire.entlab.local and the iptables entries.
/etc/apache2/sites-enabled/openfire
<VirtualHost *:80>
ServerName openfire.srmserver.com
ServerAdmin webmaster@localhost ProxyRequests off
ProxyPreserveHost On
ProxyPass /http-bind/ http://openfire.entlab.local:7070/http-bind/
ProxyPassReverse /http-bind/ http://openfire.entlab.local:7070/http-bind/
ProxyPass / http://openfire.entlab.local/
ProxyPassReverse / http://openfire.entlab.local/ ErrorLog ${APACHE_LOG_DIR}/openfire-error.log # Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn CustomLog ${APACHE_LOG_DIR}/openfire-access.log combined </VirtualHost>
/etc/firewall.d/rc.firewall (relevant portion only)
IPTABLES="/sbin/iptables" [snip] $IPTABLES -A PREROUTING -t nat -i $EXTIF -s 0/0 -p tcp --dport 5222 -j DNAT --to 192.168.0.15:5222
$IPTABLES -A FORWARD -p tcp -s 0/0 -o $PROIF -d 192.168.0.15 --destination-port 5222 -j ACCEPT
$IPTABLES -A PREROUTING -t nat -i $EXTIF -s 0/0 -p tcp --dport 7070 -j DNAT --to 192.168.0.15:7070
$IPTABLES -A FORWARD -p tcp -s 0/0 -o $PROIF -d 192.168.0.15 --destination-port 7070 -j ACCEPT
$IPTABLES -A PREROUTING -t nat -i $EXTIF -s 0/0 -p tcp --dport 7777 -j DNAT --to 192.168.0.15:7777
$IPTABLES -A FORWARD -p tcp -s 0/0 -o $PROIF -d 192.168.0.15 --destination-port 7777 -j ACCEPT
Configuration of openfire.entlab.local
I have apache installed on this server as well. SparkWeb has been extracted to /var/www.
Relevant system properties
xmpp.httpbind.client.requests.polling 0
xmpp.httpbind.client.requests.wait 10
xmpp.httpbind.scriptSyntax.enabled true
httpbind.enabled true
/var/www/crossdomain.xml (just copied from the admin console with port 80 added)
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="80,5222,5223,7070,7443" secure="true"/>
</cross-domain-policy>
getConfig from /var/www/index.html
function jive_sparkweb_getConfig()
{
return {
server: "openfire.srmserver.com",
location: window.location.href,
port: 80,
connectionType: "http",
bindPath: "/http-bind/",
autoLogin: "false",
policyFileURL: "http://openfire.srmserver.com/crossdomain.xml"
};
}