Httpfileupload Error 404

Openfire Plugins
1

I use OpenFire 4.9.2.

Clients cannot upload voice notes, images, etc either using Gajim or Conversations on Android mobile.

When checking in the OpenFire Admin, and trying to access the httpupload folder, I get a 404 error.
This is on Debian 12.

Where on Linux do I need to create the /httpupload folder?

I created /usr/share/openfire/httpfileupload but that didn’t seem to work

2

it doesnt matter where the directory is, as long as openfire have ownership it will work.
sudo chown -R openfire:openfire /usr/share/openfire/httpfileupload

3

The folder permissions are already set.

Yet, I cannot upload any attachments or voicenotes.

image
image1581×603 34.9 KB

image
image829×259 6.64 KB

The logs doesn’t

4

Does the client offer you the option to upload data, or doesn’t it provide this option at all?

When data is being uploaded, what is logged:

  • in Openfire?
  • by the client?

Is the URL that is being announced by Openfire directly accessible to clients? Have you verified that no networking infrastucture blocks requests (like proxies, firewalls, etc)?

5

I use OpenFire on Docker Container.

2025.02.18 14:52:25.968 INFO [Jetty-QTP-BOSH-97]: nl.goodbytes.xmpp.xep0363.Servlet - Processing GET request... (192.168.1.83 requesting from /httpfileupload/)
2025.02.18 14:52:25.968 INFO [Jetty-QTP-BOSH-97]: nl.goodbytes.xmpp.xep0363.Servlet - ... responded with NOT_FOUND. Unable to parse UUID from request URI.
2025.02.18 14:52:34.440 INFO [Jetty-QTP-BOSH-1029]: nl.goodbytes.xmpp.xep0363.Servlet - Processing GET request... (192.168.1.83 requesting from /httpfileupload/)

and same error

6

How can you possibly know its the same error? the author didnt even show any logs.
On your case its obviously that the network side is working(at least internally) since your get request is arriving at the server. but where is the put request?
maybe you are trying to load a file that was uploaded before a reboot? and using the /tmp directory(that will delete everything on reboot?).
I dont mean to sound mean or anything. just i dont see how you arrived at the conclusion that it was the same error.

7
  1. Openfire logs gives me the following error: " javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown 2025.02.19 16:54:39.824 ERROR [socket_c2s-thread-3]: org.jivesoftware.openfire.nio.NettyConnection - Problem during connection close or cleanup"
  2. The Android client, Conversations gives the following error: “http upload failed because response code was 405”
  3. The Windows client, Gajim gives me an error: “The signing certificate authority is not known”
  4. When I access the published URL, https://mydomain:7443/httpfileupload, I get a 404 not found error.
  5. And when I access https://mydomain:7443, I get a " HTTP ERROR 403 Forbidden" error.

I have replaced the TLS certificate yet still get the errors.

8

looks like a certificate issue. without knowing more its hard to guess better than what the logs are telling you.
and your number 4 and 5, are OK not telling anything out of the normal. the not found indicate that network wise your setup is OK.

9

Yes, I see it is a certificate issue as well. But where do I check?

You say, “without knowing more”. - what more can I share with you?

10

You only showed us your shin(for a lack of a better analogy). Did you set up your domain certs?(like from letsencrypt or zerossl)
because with everything complaining about it. i am guessing that no? maybe the clients can still connect manually with you allowing it. but are not working when transfering files via http?(this didnt used to be an issue in the past, but things change so idk , might be causing issues these days?)

11

I setup the TLS Certificate in Certificate Manager.
Is there another way?

Also, I see this error in the logs:

java.lang.NullPointerException: Cannot invoke “org.jivesoftware.openfire.keystore.IdentityStore.getAllCertificates()” because the return value of “org.jivesoftware.openfire.spi.ConnectionConfiguration.getIdentityStore()” is null

12

Usually, people just collect chunks of logs that show everything happening and clean whatever is sensitive.
That being said, i am pretty sure that your problem is your certificate.
What do you mean by: I setup the TLS Certificate in Certificate Manager.?
One can manually issue a certificate(again with letsencrypt or whatever) and set them up there manually. But i am not sure that you are talking about that, it seems that you are talking about self signed certificates?(in which case it might not work).
Usually most people use the Openfire plugin Certificate manager, which helps to automate on renewals and so on…
The process is basically this: step number 1, Getting the certificate(you can get manually, but most people use Certbot or Acme.sh the latter being my preferred). And step number 2, After getting the certificate then we just put it on the directory that the plugin(Certificate Manager) is watching for it. Its also necessary that when the certificate arrives at that directory its ownership belong to Openfire itself(which can be accomplished in many ways).

Here are some links, you can read their documentation that will help you in obtaining the certificates.

As i said you can get it manually too. the easiest way to get one manually in my opnion will be zerossl: https://zerossl.com/

13

I setup the self signed certificate in OpenFire > TLS Certificates > [Manage Store Contents

But now the keystore file is totally corrupt.
I tried various ways to re-create the file but keep getting the same error:

Screenshot from 2025-02-23 12-11-31
Screenshot from 2025-02-23 12-11-311914×614 108 KB

Are there any specific commands I need to run, in say acme to setup the certificates for OpenFire?

14

Acme.sh has a great documentation to guide you. I cant give you specifics because i dont even know your domain registrar, or whatever company you are utilizing.
In case you feel lost, maybe try the Zerossl manual approach, better to learn. after getting it just click on “click here to import a signed…” As shown in your screenshot.

15

I have reverted an older backup I have of this OpenFire server. And now the SSL Certificate works fine and doesn’t give me an error.

The HTTP file uploads still don’t work. Looking at the logs, I see the following:

2025.02.23 14:07:26.726 INFO [pool-9-thread-3]: nl.goodbytes.xmpp.xep0363.Component - Entity ‘rudia@mydomain/gajim.SDZ4LVZX’ tries to obtain slot.
2025.02.23 14:07:26.726 INFO [pool-9-thread-3]: nl.goodbytes.xmpp.xep0363.Component - Entity ‘rudia@mydomain/gajim.SDZ4LVZX’ obtained slot for ‘Firefox_wallpaper.png’ (1245125 bytes). PUT-URL: https://mydomain:7443/httpfileupload/ljVzJbNB4wpCgqws2gyvLRjMdRg/Firefox_wallpaper.png GET-URL: https://mydomain:7443/httpfileupload/ljVzJbNB4wpCgqws2gyvLRjMdRg/Firefox_wallpaper.png
2025.02.23 14:07:28.460 INFO [Jetty-QTP-BOSH-268]: nl.goodbytes.xmpp.xep0363.Servlet - Processing PUT request… (172.10.1.53 submitting to /httpfileupload/ljVzJbNB4wpCgqws2gyvLRjMdRg/Firefox_wallpaper.png)
2025.02.23 14:07:37.239 INFO [Jetty-QTP-BOSH-268]: nl.goodbytes.xmpp.xep0363.clamav.ClamavMalwareScanner - Unsuccessful ping of the Clamav daemon. Trying to re-initialize the client.
xyz.capybara.clamav.ClamavException: xyz.capybara.clamav.CommunicationException: Error while communicating with the server
at xyz.capybara.clamav.ClamavClient.sendCommand(ClamavClient.kt:164) ~[clamav-client-2.1.2.jar:?]
at xyz.capybara.clamav.ClamavClient.ping(ClamavClient.kt:62) ~[clamav-client-2.1.2.jar:?]
at nl.goodbytes.xmpp.xep0363.clamav.ClamavMalwareScanner.scan(ClamavMalwareScanner.java:78) [httpfileuploadcomponent-1.7.0.jar:?]
at nl.goodbytes.xmpp.xep0363.Servlet.doPut(Servlet.java:208) [httpfileuploadcomponent-1.7.0.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:526) [jetty-servlet-api-4.0.6.jar:?]
at nl.goodbytes.xmpp.xep0363.Servlet.service(Servlet.java:79) [httpfileuploadcomponent-1.7.0.jar:?]

Further down in the logs, I see this:

at xyz.capybara.clamav.commands.Command.send(Command.kt:18) ~[clamav-client-2.1.2.jar:?]
at xyz.capybara.clamav.ClamavClient$availableCommands$2.invoke(ClamavClient.kt:53) ~[clamav-client-2.1.2.jar:?]
at xyz.capybara.clamav.ClamavClient$availableCommands$2.invoke(ClamavClient.kt:53) ~[clamav-client-2.1.2.jar:?]
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74) ~[kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
at xyz.capybara.clamav.ClamavClient.getAvailableCommands(ClamavClient.kt:53) ~[clamav-client-2.1.2.jar:?]
at xyz.capybara.clamav.ClamavClient.sendCommand(ClamavClient.kt:159) ~[clamav-client-2.1.2.jar:?]
… 47 more
2025.02.23 14:07:37.241 INFO [Jetty-QTP-BOSH-268]: nl.goodbytes.xmpp.xep0363.Servlet - … responded with BAD_REQUEST. Malware scanner execution failed.
java.io.IOException: Clamav daemon not reachable on 127.0.0.1:3310
at nl.goodbytes.xmpp.xep0363.clamav.ClamavMalwareScanner.initialize(ClamavMalwareScanner.java:56) ~[httpfileuploadcomponent-1.7.0.jar:?]
at nl.goodbytes.xmpp.xep0363.clamav.ClamavMalwareScanner.scan(ClamavMalwareScanner.java:81) ~[httpfileuploadcomponent-1.7.0.jar:?]
at nl.goodbytes.xmpp.xep0363.Servlet.doPut(Servlet.java:208) [httpfileuploadcomponent-1.7.0.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:526) [jetty-servlet-api-4.0.6.jar:?]
at nl.goodbytes.xmpp.xep0363.Servlet.service(Servlet.java:79) [httpfileuploadcomponent-1.7.0.jar:?]
at org.igniterealtime.openfire.plugins.httpfileupload.CORSServlet.service(CORSServlet.java:55) [httpfileupload-1.4.2.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) [jetty-servlet-api-4.0.6.jar:?]
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1410) [jetty-servlet-10.0.18.jar:10.0.18]

I don’t see anything in the docs about setting up clamav, or malware scanner.

16

try disabling the clamav thing, by changing the system property:
plugin.httpfileupload.clamavEnabled to false.

Server>Server Manager>System Properties