Thursday, November 29 2007 @ 03:48 PM EST
XMPP is an open technology for instant messaging and presence information. It provides the opportunity to build an open source and free messaging server to handle many applications in varied environments. We are going to setup a XMPP server on a LAN to handle communications between LAN and WAN contacts. By running our own server we can gain some insight into how XMPP and Jabber work, create an efficient and easy to use internal communications setup, connect our server to other servers and services including WAN communications, and last, but not least, we can have our own private communications using SSL. Read on for more on XMPP and how we actually set it all up.
We will be using Openfire, a nice XMPP server written in Java and is one of the most feature-full Jabber servers out there. There are two versions, one licensed for commercial use, and one licensed under GNU. Accordingly, we will use the GNU version for our server. Some of the nice benefits we hope to achieve with this project are creating a private communications network using SSL, enable private file transfers, create an easy to use and manage communications forum for our LAN and have the ability to communicate with those outside of our LAN (even on separate jabber networks), and give us some insight into the inner workings of some of our everyday communications tools.
We will be installing Openfire on an Kubuntu 7.10 machine on our LAN. Our machine was pretty loaded spec-wise, but after some testing, it seemed to become apparent that a lower spec machine would probably do the job as well. I'll highlight the basic steps to the setup now and then we'll jump right in.
1- Obtain openfire for Linux
2- Prepare our machine for the openfire server and create an openfire user and group to run the server under
3- Setup our database
4- Install and configure openfire
5- Setup our server to start on boot
6- Configure our firewall to handle our server for external communications with the WAN
7- See our server in action
Lastly, we will discuss some caveats.
[1] First we want to grab Openfire here. We want to grab the tar.gz form of Openfire and while we are here we will also grab the Linux version of Spark. Spark is a nice client that we can use for the actual communications. Our server will allow connections from any jabber supported client such as pidgin(gaim), adium, etc., but I'll show you some of the workings with Spark as I have found it to be a nice cross-platform entity. Since we grabbed the tar.gz form of the Openfire server, it does not include Java. So in step 2 we will need to make sure we have Java 5 installed. Download the server and client into a writable directory such as your home or desktop.
[2] Now we need to prepare our machine for the server. Unarchive the server and move it to a good direcotry:
tar xzvf openfire_3_4_1.tar.gz
sudo mv openfire /usr/bin/
Next we will create a user to run a server under to keep things a little safer and tidier and give that user the ownership of our newly created openfire directory.
sudo groupadd ofire
sudo useradd -d /usr/bin/openfire -g ofire ofire
sudo passwd ofire
sudo chown -R ofire:ofire /usr/bin/openfire
We also now need to make sure Java is ready for Openfire.
sudo apt-get install java5-*
Follow the instructions for installing java...you will need to download the java5 documentation and put in /tmp according to the installer:
sudo chown root:root jdk-1_5_0-doc.zip
sudo mv jdk-1_5_0-doc.zip /tmp
[3] Openfire will use a database for operations and we will setup one using mysql. We will install mysql and then set up our openfire database, give it proper permissions, and use some information given in the openfire directory to setup the rest of the necesities.
sudo apt-get install mysql-server-5.0 mysql-client-5.0
mysql -u root -p [when prompted enter the password you setup when you installed mysql above]
CREATE DATABASE openfire;
GRANT all on openfire.* to ofire@localhost IDENTIFIED BY password(remember_this_for_setup_later_in_webgui);
cd /usr/bin/openfire/resources/database
cat openfire_mysql.sql | sudo msyql -p openfire ;
[4] Now it is finally time to start up our server and do the installation procedures by navigating to 9090 on the server.
su - ofire
cd /usr/bin/openfire/bin
./openfire start
Now if you are on the server itself, run:
http://localhost:9090
Else, if you are on your LAN, run:
http://IP.OF.YOUR.SERVER:9090
Follow the onscreen instructions and remember to use the password you used to setup the openfire database above and the user ofire when you get to the database page. And also remember that we are using MySQL. Now you are set! Configure your heart away.
[5] To get openfire to start on boot we will add a provided boot script to init.d and we will have to edit a line in the script.
sudo ln -s /usr/bin/openfire/bin/openfire /etc/init.d/
Now open with script and scroll to line 262 where the state nohup is and append the following the end of the line - DO NOT include the quotation marks, as they are here only in presentation:
">../logs/STDOUT.log >../logs/STDERR.log"
You can do this with nano, for example by doing the following:
sudo nano /usr/bin/openfire/bin/openfire
Now you can type Ctrl-W followed by nohup (searches for nohup line) and to verify this is the write line you can type Ctrl-C and see that it says you are currently at line 262. Then append that line with the line shown above.
It should now say on line 262 at the very end:
"-DopenfireHome=$app_home -Dopenfire.lib.dir=$app_home/lib >../logs/STDOUT.log 2>../logs/STDERR.log &"
Now we need to give it execute permissions and to update rc and we are set.
sudo chmod +x /etc/init.d/openfire
sudo update-rc.d openfire defaults
[6] Now we want to configure our firewall to allow for communications with the WAN. This will vary depending on your firewall. So I will tell you the ports and then please consult your firewall documentation on how to open them if you need that assistance. We use monowall so I will kinda give a quick overview with using that.
You will need to do this for each of the ports (for a range you can do at once):
Log into monowall and then choose NAT and add a new rule.
Type in the port for TCP from the list below and then choose your LAN internal IP of your openfire server and input the same port. Then give it a descriptive name and be sure to choose the box at the bottom to auto-add rule. Then click ok and apply the changes.
5222-5223 : for the basic client connections and for client ssl respectively
5269 : for server to server connection if you want to connect to those on other IM servers
7777 : for file transfers
[7] Now you can use your spark client to create an account and login or you can use clients like adium or pidgin. I won't go into specifics for each client, but if you need help feel free to shoot me a message or post a comment and I will help as best I can. Below you can see a few quick screen shots of Spark running.
Now for a few caveats. I won't provide workarounds here as that is always part of the fun of exploring new projects. A few I have fixed and others I haven't, so I am curious to see if any discussion below ensues as to some ideas.
-When on the LAN you will need to adjust your server to the IP of the openfire server (or host) and when you are afar accessing from the WAN then you need to redirect to your domain of your home. See one of our earlier tutorials when we discuss WAN IP addresses and so forth. So just remember that when you come home from work and can't figure out when you aren't connecting to your openfire server.
-There seems to be issues creating new users with some clients. Pidgin seems to be ok, but Adium and iChat don't seem to be working. However, they can connect just fine. So initially you can just create an account for those users yourself in your admin page [http://your.openfire.server.ip:9090]
So far that is all we have. There are a lot of configuration options in the actual openfire server as well as in the clients themselves. Explore and check the documentation. I'll post some more details as I come across new aspects and we may even explore some of the plugins at a later point such as VOIP via Asterisk and so forth. Like I said, feel free to comment or send me a message if you have any questions about our setup or run across any snags. The openfire forums are also a good stomping ground as well. Good luck and happy chatting on your new private server!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment