PORTS TO OPEN
-------------
5222, 5223 – standard jabber c2s ports, should already be open
5269 – standard jabber s2s port, should already be open
9091 – admin server
INSTALLING THE SOFTWARE
-----------------------
cd /afs/dev.mit.edu/project/jabber/for-deployment
rpm -Uvh openfire*.rpm
cp openfire.xml /opt/openfire/conf
cp jaas.conf /opt/openfire/conf
cp mitopenfire.jar /opt/openfire/lib
CREATING THE SSL CERTIFICATES
-----------------------------
cd /opt/openfire/resources/security
/opt/openfire/jre/bin/keytool -genkey -keystore keystore -alias mit.edu_dsa
Enter "changeit" as the password (that's the default; no need to change)
Enter "mit.edu" as the first and last name
Accept the default of "unknown" for the other fields
Answer "yes" when asked if the information is correct
Accept the default when asked for a key password
/opt/openfire/jre/bin/keytool -genkey -keystore keystore -alias mit.edu_rsa -keyalg RSA
Follow the same instructions as above
The above instructions create self-signed certificates. There is more
information at:
http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guide.html
if you want to use signed certificates.
CREATING THE DATABASE
---------------------
This stuff only needs to be performed the first time Openfire is
deployed. Creating the database:
createuser -U postgres openfire
Answer n, n
createdb -E UNICODE -U postgres -O openfire openfire
cd /opt/openfire/resources/database
psql -d openfire -U openfire -f openfire_postgresql.sql
Setting some initial configuration values and populating the database
with roster information from jabberd2:
cd /afs/dev.mit.edu/project/jabber/for-deployment
psql -d openfire -U openfire -f db-setup.sql
perl j2-of.pl
If j2-of.pl spews errors, let me know and I'll fix it.
(I have also written an of-j2.pl for doing the reverse conversion in
case Openfire needs to be backed out.)
STARTING AND STOPPING
---------------------
Openfire will be configured to start at boot after the initial
install. To start and stop it by hand:
service openfire start
service openfire stop
ADMINISTERING
-------------
To use the admin console, connect to https://jabber.mit.edu:9091/
Log in with your Kerberos username and password.
/opt/openfire/conf/openfire.xml contains a list of users authorized to
use the admin console in the authorizedUsernames section.
INSTALLING PLUGINS
------------------
The "Plugins" tab in the admin console allows downloading and
installing of plugins. For now, just install the Enterprise plugin
from the available plugins list.
Once you've installed the Enterprise plugin, you'll need to install
the license file to activate it. Get dev cell tokens and run:
cd /afs/dev.mit.edu/project/jabber/for-deployment/private
cp enterprice.license /opt/openfire/enterprise
Click on the Enterprise tab in the admin console to make sure that
it's working.
LOGS
/opt/openfire/logs
DOCUMENTATION
-------------
http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/index.html
SOURCE CODE
-----------
/afs/dev.mit.edu/project/jabber/repos/mitopenfire (SVN repository)
/afs/dev.mit.edu/project/jabber/src/mitopenfire
Contains the source code for our custom provider modules. Also
contains master copies of our configuration files and scripts under
version control.
http://svn.igniterealtime.org/svn/repos/openfire (SVN repository) http://www.igniterealtime.org/fisheye/viewrep/svn-org/openfire (source browser)
Contains the upstream source code
Right now we are using a stock binary RPM from igniterealtime.org,
so we have no local copy of the Openfire sources.
GENERAL BREAKAGE MODES
----------------------
1. Admin server isn't working
The certificates in /opt/openfire/resources/security may be incorrect.
Make sure they were created properly. Make sure there's an RSA
certificate in there; a DSA one isn't sufficient for https.
Make sure you're connecting via https://jabber.mit.edu:9091/ and that
port 9091 is listed under securePort in the adminConsole section of
/opt/openfire/conf/openfire.xml.
2. Added a new admin user to openfire.xml but he can't log in
Make sure the server has been restarted; changes to openfire.xml don't
take effect until then.
The admin console login may or may not support auto-creation of user
accounts. (Currently it does, but that is likely to change in the 3.4
release.) If necessary, create the account by logging in via XMPP.