What are the pros and cons of making a server public? (i.e. connecting it to the general jabber universe out there?)
How would I go about doing that?
To answer my second question, as far as I can tell from what I have been reading, all you need to do to make a server accessible on the wider jabber network is allow s2s (server to server connections).
The way I understand it is that once a user on your server adds someone from another server, the two servers will communicate and enable the two users to talk.
As far as I read, in order for this to work, you should use a CA signed SSL certificate as many server don’t allow self signed certs. Can anyone confirm?
My first question still stands, any cons to allowing s2s?
As far as i remember, yeah, self-signed certificates are no go. That’s because i have never tested that feature. Other that opening one port in your firewall to be able to communicate with other servers there is no cons, i think.
PartisanEntity wrote:
As far as I read, in order for this to work, you should use a CA signed SSL certificate as many server don’t allow self signed certs. Can anyone confirm?
In my experience, most servers either accept self signed certificates or fallback to unencrypted connections.
As far as I’m concerned there are no cons to opening up your server to the public, so long as you take the necessary precautions to protect it (ie. lock down the box as you would any publically accessible server).
If your goal is to run a public XMPP server, then you may want to take a peek at the very nice Registration and Client Control plugins (found inside Openfire admin interface --> Plugins --> Available Plugins). Registration plugin will create a web portal for users to create accounts on (you can edit the html i think to say whatever you want), as auto-assign new users to a group (like a general group or whatever). The Client Control plugin will allow you to provide a nice easy way to download the latest Spark IM Client or whatever XMPP client you prefer, as well as control some other user action stuff.
For a CA signed SSL cert, google “Godaddy SSL” and the first few links will bring up their discounted SSL certs (going for $6 right now I think). It should work for your purposes.
Thanks very much for all the feedback.
I just tested connecting my server (running openfire 3.8.2 on ubuntu 12.04) to jabber.org and it worked (even though I have a self-signed cert).
However I had to set Server Connection security to “optional” in order for it to work bidirectionally. I had previously selected “required”.
So, jabber.org allows non ssl connections probably. I have only tried s2s with igniterealtime.org openfire server, and it probably requires ssl and doesn’t accept self signed.