powered by Jive Software

Securing the admin console

It is sometime useful to “secure” the admin interface, for example, having the XMPP service to bind to a public IP address, and the admin interface to bind only to localhost, or to an intranet address.

I use this to proxy-pass the admin console behind Apache’'s HTTPs configured to accept SSL connections only from people having a very specific certificate.

I have a small patch that allows the admin console Jetty service to bind to a specific network interface configured in the openfire.xml configuration file, and that allows to have the admin web-application to be deployed somewhere else but “/” (root), to ease reverse proxying when this is necessary.

It’‘s a patch against 3.3.1, I tried to create an issue in Jira for it, but apparently I have no karma, and in the forum I can’'t see a way to somehow attach text files!

Any clues?