Opening port for Webchat

ceoph · September 11, 2009, 9:30am

Hi all,

I would like using Webchat (with fastpath webchat plugin) on my internet site.

Which port I must open in my firewall to provide openfire server over internet ?

I would have a minus opening port, no security holes …

What security risks I have by putting an openfire server over internet ?

I know I must block port 9090 to don’t acces to admin interface by internet. But there are other ?

Thanks in advance for your help.

Bea_Eagle · September 11, 2009, 2:16pm

The webchat function is by default accessed from port 9090, via url http://your.openfire.server:9090/webchat/, however with Apache, this port can be proxied to port 80 (or 443/SSL if desired), see http://www.igniterealtime.org/community/docs/DOC-1876. You don’t really need any other ports open to the outside, unless your Spark agents are trying to login from non-internal IPs. If that is the case, then 5222 would need to be opened.

ceoph · September 14, 2009, 6:30am

Hi,

Thanks for your response.

How enable access to webchat without permit access to admin console ??

ceoph · September 14, 2009, 10:27am

I’m exactly in same case of you.

My server name is server-interne.internaldomain.local and my xmpp.domain is webchat.externaldomain.com

I use a reverse proxy based on Apache, and put SetEnv directiv in Virtual Host Directive, but I don’t have any logo about workgroup status (http://webchat.externaldomain.com/webchat).

I try to install your plugins but without help.

My openfire version is 3.6.3.

When I try to connect by this url, I’m in always in queue::

http://webchat.externaldomain.com/webchat/start.jsp?workgroup=mywork@workgroup.w ebchat.externaldomain.com&location=http://webchat.externaldomain.com/webchat///webchat.externaldomain.com/webchat/start.jsp?workgroup=mywork@workgroup.webcha t.externaldomain.com&location=http://webchat.externaldomain.com/webchat/

Do you have any idea ?

Thanks in advance

Bea_Eagle · September 14, 2009, 2:33pm

Are you using Spark client to service the queues? Openfire should be configured with Agents, and the Spark Fastpath tab should appear. Is this the case? If yes, can you connect without using the ProxyPass, e.g. going to http://webchat.externaldomain.com:9090/webchat/ and clicking the ‘Online’ link there? If so, there may be a proxypass caching issue.

Bea_Eagle · September 14, 2009, 2:35pm

I had password protected the root, via mod_auth, but found Google’s Chrome would trigger the auth pop-up because it was searching for favicon.ico in the root. I had considered using Apache RewriteRules as a resolution, but this did not work with SSL. My current thinking is to present the Admin console in a non-root URL, but I could not figure out how to do that. Anyone else know?