Xmpp domain with a cluster

Hello there
I need to ask questions related cluster
I have 2 servers with hazelcast configured on them and using the same shared database

The xmpp domain for the 2 servers is example.com
While the domains for the servers is dev1.example.com and dev2.example.com

1- Is that true?
2- If i need to install SSL over them is it applicable with different domains? And will be installed for the xmpp domain or for their main domain?

  1. Yes, that config sounds right.
  2. For SSL you’ll need a cert. for the XMPP domain - example.com. Also, if you wish to access the admin console via HTTPS - because it’s often necessary to access a particular node - you may also require a cert. for dev1.example.com and dev2.example.com.
    2a. For that reason, it’s often simpler to get a wldcard cert. for example.com & *.example.com if at all possible.
  1. So what about Server Host Name (FQDN)? it will be example.com or dev1.example.com?
  2. at https: will make a reverse procy for port 9090 at port 80 then make the https at 443 as normal?

Each host in the cluster has it’s own FQDN - so it would be dev1.example.com and dev2.example.com

I’m not sure of the need for the reverse proxy unless you’re doing load balancing / fail-over. It’s normally not necessary to reverse proxy on port 9090/9091 as that’s for admin use only (exception is typically for SiteMinder based admin console auth). XMPP typically uses 5222 for raw TCP connections or 7070/7443 for BOSH/WebSocket connections.

Greg

greg

when i managed each host with its own FQDN this error appear [DNS configuration appears to be missing or incorrect.]

and for https and reverse proxy
how i will apply https at port 9090 without it?

and can i ask another thing related to http-bind at port 7070?
i created a loadbalancer for port 7070 on AWS to work with a JWT application but it output SID error 404
do you have any idea?

Openfire listens on port 9091 for https - no need to reverse proxy.

The “DNS config appears to be missing” error simply means that the FQDN is not in DNS. If you’re not going to access either host using it’s FQDN can probably be ignored without any issue.

Greg

what about http-bind issue?

That looks more like an AWS question to me - I’ve no idea what a “SID error” is.

Greg