DevDungeon
- Labs
Knowledge
Social
DevDungeon
Knowledge
Social
Openfire is not in the Debian repositories, but it is easy to install and configure because they provide an official .deb
package. You can download the packages from https://www.igniterealtime.org/downloads/.
After downloading the .deb
package, install it with apt
. Openfire doesn't come with a JRE, sothe installer will also install the default-jre-headless
package to run openfire.
# Download curl -L -o openfire_4.6.2_all.deb \ "https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_4.6.2_all.deb" # Install apt install ./openfire_4.6.2_all.deb # Confirm it's running systemctl status openfire # Verify it's listening on port 9090 netstat -ntlp # apt install net-tools
It will only be listening on port 9090 until you finish setting it up. Visit your host in a web-browser on port 9090. For example http://xmpp.devdungeon.com:9090 and follow the setup wizard. If you want to use an external database like MySQL or PostgreSQL, you'll have to set that up first.
After you run setup, restart to enable HTTPS on 9091 by default.
To disable HTTP and force HTTPS only, edit /etc/openfire/openfire.xml
and set the 9090
port to -1
. The HTTPS port is 9091
by default. Restart the server.
To enable the REST API, go to the admin web portal and to Plugins | Available Plugins
and enable REST API
. Then go to Server | Server Settings | REST API
and set to Enabled
.
To enable a web chat client (Converse.js) enable the inVerse plugin. Then go to Web Clients
in the main menu after enabling and it will give you the URL to use.
If you need to re-run setup to redo how you setup user profiles, edit /etc/openfire/openfire.xml
and set the value for <setup>true</setup>
to false and restart server.
If you need to recover access because you lost the admin password, edit /etc/openfire/openfire.xml
and uncomment the line <oneTimeAccessToken>secretToken</oneTimeAccessToken>
and restart. Provide a secret token, and then the web portal will have a special prompt waiting for that special token. After logging in with the secret token, you can reset the admin password. It will automatically delete that one time token from the config once consumed, so leave in a commented version for reference.
If you're setting up OpenLDAP, the user id might need to be changed from uid
to cn
and the group mapping might need to be changed from cn
to ou
. When asked to provide an admin username, provide the simple username after LDAP mapping, e.g. nanodano
. There are some more docs at https://www.igniterealtime.org/projects/openfire/documentation.jsp including a dedicated LDAP guide there.
After finishing the setup through the web interface, you can login to the web portal using the admin you setup, and the server is ready for use. You'll also see a lot more stuff listening.
# Openfire will open many ports netstat -ntlp
The landing page of the admin web portal will have a full list of all ports and what they are for.
Also refer to the section below about DNS Entries for more tips.
To turn on HTTP File uploads (PEP-0378) go to plugins and enable HTTP File Upload
plugin.
To setup custom SSL certs, follow instructions at https://meetrix.io/blog/xmpp/openfire_ssl.html: Go to plugins and enable Certificate Manager
. Then go to Server → TLS/SSL Settings and click 'Manage Store Contents' and click on the text 'imported here'. Then paste in the contents of your key and certificate files. If using LetsEncrypt.org/certbot, they'll be in somewhere like /etc/letsencrypt/live/example.com/
. The private key file is privkey.pem
and the certificate file is cert.pem
(or wait, fullchain.pem
is better?). Click save. You can remove the self-signed cert afterwards.