Server-to-server communication with BOSH

Hi, we need to enforce that one openfire opens a connection to anther server outside the firewall and not the other way around. XEP-0124 does not restrict the protocol to be used only for client-to-server, but it seems that openfire only implements the server part. To amend this it seems like we have to implement the client part within the openfire server to enable BOSH for server-to-server communication. Does this seem like a correct interpretation? If so, does anybody have thoughts about how it should be done?

Thanks,

Lars

Hi Lars,

using HTTP for web pages is fine, so web based clients can connect to a server which supports XEP-0124. But using HTTP for s2s connections is something which sounds bad. And it does not solve the problem the the external server may want to send messages to your server but it wil fail as it can not connect to your server. Also the remote server likely does not support XEP-0124 for s2s connections.

Opeing the firewall and allowing incomming connections from example.com to yourserver:5269 seems to be much more simple.

LG

Thank you for a helpful response! I totally agree with your thoughts regarding opening the firewall for specific servers. Considering situations where no connections are allowed to be initiated from the outside and we also have Openfire servers inside of firewall, BOSH seemed like a good specification for that. After looking into the specifications I thought that a server from inside the firewall could set up the connection towards another server outside the firewall, enabling the server from the outside to post messages in reply whenever they would be available.

In any case, the server from the inside would need to know which servers to connect to, and quite quickly the whole thing might look like a complex work around with probably no better security.

  • Lars