SETUP
-
Windows XP SP2 with all updates through 21 July 2006
-
Sun Java JDK/JRE v1.5.0_07
-
Wildfire v3.0.1
This is half a question, half a comment.
SHORT VERSION
I guess wildfire.xml cannot be used to set any and all system properties that you’'d like; you MUST use the web admin console to set some of them, most notably the system properties explained in the SSL Guide.
LONG VERSION
I am currently testing Wildfire 3.0.1 for possible deployment and I want to understand it as best I can and know what I’'m getting into with respect to updating the software, etc. As part of this process, I was trying to see just how easily I could configure things such that doing a clean build would go quickly/smoothly. Part of that process involves the keystore/truststore files as I intend to run a tight ship with encrypted connections. Now with a clean install, the process seems to be something along the lines of the following (assuming you use LDAP for user authentication):
-
Install Wildfire.
-
Launch Wildfire, then bring up admin console.
-
Define basic properties like domain name, ports to use for admin, database (external/embedded), and admin email and password. At this point you have basic functional IM server which is using its own, self-signed cert.
-
Using LDAP Guide, modify .\conf\wildfire.xml for LDAP authentication, and test as needed.
-
Follow SSL guide, which involves CLI steps that modify the keystore and truststore files in .\resources\security, including changing the default ‘‘changeit’’ password. Build a self-signed cert. (or import a CA one if that’'s your choice) for your domain.
-
Log into web admin console and add system properties, most notably xmpp.socket.ssl.keypass and xmpp.socket.ssl.trustpass, as these must match the passwords you changed in the keystore and truststore files, respectively.
-
Restart Wildfire.
Now mind you, all this has gone quite smoothly so far. I have basic LDAP authentication working. (I’'m not going to worry about using LDAP groups, etc., until a later date). I created my own self-signed cert. and that works just fine as well.
But let’'s say Wildfire 3.0.2 is released, or the time comes to move our installation to a new box or the HD in the current server dies. What is the minimal amount of information I need to backup/restore to get the same config back online.
Now with other XMPP servers, notably jabberd2 and ejabberd, I’'ve figured out what files I need and how to get back online ASAP with minimal fuss. So when I read the following header in the wildfire.xml file:
I assumed that when Wildfire launched, it first read in the wildfire.xml config and adjusted itself accordingly. This would let me do the following to bring a clean build of Wildfire online:
-
Install Wildfire.
-
Drop wildfire.xml, keystore, and truststore in place.
-
Launch Wildfire.
However, I found out that this doesn’'t work. It seems that you cannot simply define any system properties you want in wildfire.xml and expect them to get loaded in, as when I tried using this technique, the error messages I received indicated that Wildfire was still using the default ‘‘changeit’’ passwords, when I had clearly defined new ones in wildfire.xml.
Anyway, not sure if this is by design or a glitch, but thought I should mention it. At this point, to do as I’‘d like, I’'ll have to go into the admin console and manually add in those system properties from the SSL guide in order to get SSL working again.
This is not a major issue, but thought it would be nice if I could drop a copy of Wildfire down, throw down a few files (config file and necessary SSL keys), and voila! Working server.