History: How to install Openfire Meetings on ClearOS
Preview of version: 155
Openfire can be installed with the following command on a ClearOS 7 box:
yum --enablerepo=clearos-contribs-testing install app-openfire
You may see an error on install - "fg: no job control'. it's non-fatal and will be cleaned up. In the ClearOS menu, go to "Server - Communication and Collaboration - Openfire" in the menu. You can start/stop the service as well as find a link to the admin console.
Next steps: scope out what is required to simplify the wizard process (e.g. automatic database provisioning, LDAP settings, SSL certificate, ports, domain name handling (subdomain instead of non-standard ports and SRV, logs, etc.).
The RPM spec file and systemd extras can be found on Github @ https://github.com/eglooca/openfire
The app is here: https://github.com/eglooca/app-openfire
To plug into the rest of ClearOS: https://github.com/eglooca/app-openfire-plugin
[root@meet ~]# yum --enablerepo=clearos-contribs-testing install app-openfire Loaded plugins: clearcenter-marketplace, fastestmirror ClearCenter Marketplace: fetching repositories... Loading mirror speeds from cached hostfile * clearos: clearos.bhs.mirrors.ovh.net * clearos-centos-verified: mirror1-orem.clearos.com * clearos-contribs: clearos.bhs.mirrors.ovh.net * clearos-contribs-testing: clearos.bhs.mirrors.ovh.net * clearos-epel-verified: mirror1-orem.clearos.com * clearos-fast-updates: download4.clearsdn.com * clearos-infra: clearos.bhs.mirrors.ovh.net * clearos-verified: mirror1-orem.clearos.com * private-clearcenter-dyndns: download2.clearsdn.com:80 * private-clearcenter-verified-updates: download4.clearsdn.com:80 Resolving Dependencies --> Running transaction check ---> Package app-openfire.noarch 1:1.1.1-1.v7 will be installed --> Processing Dependency: app-openfire-core = 1:1.1.1-1.v7 for package: 1:app-openfire-1.1.1-1.v7.noarch --> Running transaction check ---> Package app-openfire-core.noarch 1:1.1.1-1.v7 will be installed --> Processing Dependency: openfire for package: 1:app-openfire-core-1.1.1-1.v7.noarch --> Running transaction check ---> Package openfire.x86_64 0:4.1.0-3 will be installed --> Processing Dependency: java-headless >= 1:1.7.0 for package: openfire-4.1.0-3.x86_64 --> Running transaction check ---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.111-1.b15.el7_2 will be installed --> Processing Dependency: tzdata-java >= 2015d for package: 1:java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64 --> Processing Dependency: lksctp-tools for package: 1:java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64 --> Processing Dependency: jpackage-utils for package: 1:java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64 --> Running transaction check ---> Package javapackages-tools.noarch 0:3.4.1-11.el7 will be installed --> Processing Dependency: python-javapackages = 3.4.1-11.el7 for package: javapackages-tools-3.4.1-11.el7.noarch ---> Package lksctp-tools.x86_64 0:1.0.13-3.el7 will be installed ---> Package tzdata-java.noarch 0:2016h-1.el7 will be installed --> Running transaction check ---> Package python-javapackages.noarch 0:3.4.1-11.el7 will be installed --> Processing Dependency: python-lxml for package: python-javapackages-3.4.1-11.el7.noarch --> Running transaction check ---> Package python-lxml.x86_64 0:3.2.1-4.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================================================== Installing: app-openfire noarch 1:1.1.1-1.v7 clearos-contribs-testing 7.5 k Installing for dependencies: app-openfire-core noarch 1:1.1.1-1.v7 clearos-contribs-testing 7.4 k java-1.8.0-openjdk-headless x86_64 1:1.8.0.111-1.b15.el7_2 clearos-centos-verified 31 M javapackages-tools noarch 3.4.1-11.el7 clearos-centos-verified 73 k lksctp-tools x86_64 1.0.13-3.el7 clearos-centos-verified 87 k openfire x86_64 4.1.0-3 clearos-contribs-testing 22 M python-javapackages noarch 3.4.1-11.el7 clearos-centos-verified 31 k python-lxml x86_64 3.2.1-4.el7 clearos-centos-verified 758 k tzdata-java noarch 2016h-1.el7 clearos-centos-verified 180 k Transaction Summary ======================================================================================================================================================================== Install 1 Package (+8 Dependent packages) Total download size: 54 M Installed size: 132 M Is this ok [y/d/N]: y Downloading packages: (3/9): java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm | 31 MB 00:00:01 (4/9): javapackages-tools-3.4.1-11.el7.noarch.rpm | 73 kB 00:00:00 (5/9): lksctp-tools-1.0.13-3.el7.x86_64.rpm | 87 kB 00:00:00 (7/9): python-javapackages-3.4.1-11.el7.noarch.rpm | 31 kB 00:00:00 (8/9): python-lxml-3.2.1-4.el7.x86_64.rpm | 758 kB 00:00:00 (9/9): tzdata-java-2016h-1.el7.noarch.rpm | 180 kB 00:00:00 (1/3): app-openfire-core-1.1.1-1.v7.noarch.rpm | 7.4 kB 00:00:00 (2/3): app-openfire-1.1.1-1.v7.noarch.rpm | 7.5 kB 00:00:00 (3/3): openfire-4.1.0-3.x86_64.rpm | 22 MB 00:00:01 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 12 MB/s | 54 MB 00:00:04 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : tzdata-java-2016h-1.el7.noarch 1/9 Installing : lksctp-tools-1.0.13-3.el7.x86_64 2/9 Installing : python-lxml-3.2.1-4.el7.x86_64 3/9 Installing : python-javapackages-3.4.1-11.el7.noarch 4/9 Installing : javapackages-tools-3.4.1-11.el7.noarch 5/9 Installing : 1:java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64 6/9 Installing : openfire-4.1.0-3.x86_64 7/9 /var/tmp/rpm-tmp.F46DFI: line 1: fg: no job control Installing : 1:app-openfire-core-1.1.1-1.v7.noarch 8/9 Installing : 1:app-openfire-1.1.1-1.v7.noarch 9/9 Verifying : openfire-4.1.0-3.x86_64 1/9 Verifying : python-javapackages-3.4.1-11.el7.noarch 2/9 Verifying : 1:app-openfire-1.1.1-1.v7.noarch 3/9 Verifying : python-lxml-3.2.1-4.el7.x86_64 4/9 Verifying : lksctp-tools-1.0.13-3.el7.x86_64 5/9 Verifying : javapackages-tools-3.4.1-11.el7.noarch 6/9 Verifying : 1:java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64 7/9 Verifying : 1:app-openfire-core-1.1.1-1.v7.noarch 8/9 Verifying : tzdata-java-2016h-1.el7.noarch 9/9 Installed: app-openfire.noarch 1:1.1.1-1.v7 Dependency Installed: app-openfire-core.noarch 1:1.1.1-1.v7 java-1.8.0-openjdk-headless.x86_64 1:1.8.0.111-1.b15.el7_2 javapackages-tools.noarch 0:3.4.1-11.el7 lksctp-tools.x86_64 0:1.0.13-3.el7 openfire.x86_64 0:4.1.0-3 python-javapackages.noarch 0:3.4.1-11.el7 python-lxml.x86_64 0:3.2.1-4.el7 tzdata-java.noarch 0:2016h-1.el7 Complete! [root@meet ~]#
The skeleton app so far:
Background
ClearOS is an operating system for your Server, Network, and Gateway systems. It is designed for homes, small to medium businesses, and distributed environments. ClearOS is commonly known as the Next Generation Small Business Server, while including indispensable Gateway and Networking functionality. It delivers a powerful IT solution with an elegant user interface that is completely web-based. Simply put.. ClearOS is the new way of delivering IT. Source: https://www.clearos.com/
Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance. Source: http://www.igniterealtime.org/projects/openfire/index.jsp
Openfire Meetings is an Openfire plugin that uses WebRTC and the Jitsi Videobridge to provide high quality, scalable video conferences for your Openfire users.You will also need the Openfire Meetings Chrome extension for screen sharing, co-browsing and application sharing. Source: https://www.igniterealtime.org/projects/openfire/plugins/ofmeet/readme.html
The Openfire Fastpath Plugin adds support for managed queued chat requests, such as a support team might use. For example, a web based "Live Support" interface can point a potential customer at a workgroup representing the Sales team. Members of that workgroup will receive notification that a someone is waiting and when someone from that workgroup accepts, the customer and the team member will be connected to communicate with each other.
Assumptions
- This guide assumes your ClearOS server will be the main server for your domain. Thus, your website (powered by Tiki) will be on the same server. E-mails could also be handled (with Roundcube on ClearOS) but are also easily handled by your domain name provider.
Information
To Install Openfire 4.x on ClearOS 7.x within the WikiSuite environment follow the next steps.
1.- Install a fresh ClearOS Server, be sure to run the latest Software updates to the core system
2.- Make sure the clearos-epel repository is enabled
3- Include in the installation of:
a. The Web Server
b. and the Directory Server(Open LDAP)
Configure domain name
How to set domain name on ClearOS
Configure Firewall
ClearOS's Firewall should configured to block all ports, and open the following:
| Port | TCP/UDP | Access Control | Application | Description |
| 22 | TPC | Administrative | SSH | Terminal access |
| 25 | TCP | Public | OFMeet | SMTP: For emails for Openfire Meeting Planner |
| 80 | TCP | Public | (generic) | Web server (HTTP) |
| 81 | TCP | Administrative | ClearOS | Webconfig |
| 143 | TCP | Public | OFMeet | IMAP: For emails for Openfire Meeting Planner |
| 443 | TCP | Public | (generic) | Web server (HTTPS) |
| 587 | TCP | Public | OFMeet | SMTPFor emails for Openfire Meeting Planner if you use Gmail |
| 993 | TCP | Public | OFMeet | IMAPS For emails for Openfire Meeting Planner |
| 4443 | TCP | Public | OFMeet | RTP over TCP for Jitsi Videobridge |
| 5000 | TCP | Public | OFMeet | Media proxy for video conference |
| 5222 | TCP | Public | Openfire | The standard port for clients to connect to the server. On this port plain-text connections are established, which, depending on configurable security settings, can (or must) be upgraded to encrypted connections. |
| 5223 | TCP | Public | Openfire | The port used for clients to connect to the server using the old SSL/TLS method. Connections established on this port are established using a pre-encrypted connection. This type of connectivity is commonly referred to as the "old-style" or "legacy" method of establishing encrypted connections. Configuration details can be modified in the security settings. |
| 5269 | TCP | Public | Openfire | The port used for remote servers to connect to this server. Connections established on this port are established using a pre-encrypted connection. This type of connectivity is commonly referred to as the "old-style" or "legacy" method of establishing encrypted connections. Configuration details can be modified in the security settings. |
| 7070 | TCP | Public | Openfire | The port used for unsecured HTTP client connections. |
| 7443 | TCP | Public | Openfire | The port used for secured HTTP client connections. |
| 8843 | (unknown) | Public | OFMeet | WOOT realtime collaborative editing |
| 9090 | TCP | Administrative | Openfire | The port used for unsecured (HTTP) Admin Console access. |
| 9091 | TCP | Administrative | Openfire | The port used for secured (HTTPS) Admin Console access. |
| 50000-60000 | UDP | Public | OFMeet | Media proxy for video conference |
Notes:
- Ports 7070 and 9090 are used for plain HTTP traffic. Each have a more secure HTTPS counterpart: 7443 and 9091 respectively. Consider disabling the HTTP ports, which could hurt interoperability and performance., but will increase security.
- An earlier draft of this page listed ports 5229 and 5349 (for Openfire). There is no known application for these ports. Where they included by mistake?
Configure OpenLDAP
1.-Initialize your OpenLDAP service through the Webconfig-Open LDAP Directory Server Module (https://yourserver.wikisuite.org:81/app/openldap_directory).
2.-On the Directory Server Settings page set the server mode and Base Domain (https://yourserver.wikisuite.org:81/app/openldap_directory/settings/edit)
3.-On the Directory Server Policies page set the Publish Policy and Accounts access according to your requirements (https://yourserver.wikisuite.org:81/app/openldap_directory/policies/edit)
4.-Don't forget to create one or two users as they will be use in the Openfire configuration phase. Use: (https://yourserver.wikisuite.org:81/app/users/add)
Install Openfire
1.-Login to your ClearOS via SSH using root
2.-Install the Openfire RPM
Type:
rpm -ivh http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.0.2-1.i386.rpm yum install libvpx-devel
todo: replace above with wget following by rpm command
For Openfire to work on ClearOS 64-bit the 32-bit zlib library is required.
Source: https://community.igniterealtime.org/thread/43673
Type:
yum --enablerepo=clearos-centos install zlib.i686
And type "y" when requested.
3.- Start the Openfire service:
Type:
/etc/init.d/openfire start
And check the status
/etc/init.d/openfire status
Configure Openfire
Use a web browser to connect to the admin console. The default port for the web-based Initial setup admin console is 9090. Initial setup and administration can be done from a remote computer using LAN IP address instead or hostname if it is resolvable by the remote computer. i.e. (http://yourserver.wikisuite.org:9090). Source: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/install-guide.html
1.-The first screen will request you to choose your preferred language and press continue.
2.-For the second screen, Type your host domain and press continue. The Default Admin Console Port is 9090 and the Secure Admin Console Port is 9091.
3.-Select to use the "Embedded Database" and press continue.
4.-Choose "Directory Server (LDAP)" as the user and group system to use with the server and press continue.
5.-Configure the connection settings for your LDAP directory and press "Test Settings". (Connections settings such as password can be obtained from OpenLDAP Directory Setup (https://yourserver.wikisuite.org:81/app/openldap_directory)
- For Administrator DN in Openfire, use the Bind DN from ClearOS
- For Password, use the Bind Password from ClearOS
6.-Once the test has been successful press "Save and Continue"
7.-Configure how the server finds and loads users from your LDAP directory and press "Test Settings" Don't forget to check Store avatar in database if not provided by LDAP
8.-Once the test has been successful press "Save and Continue"
9.-Configure how the server finds and loads groups from your LDAP directory and press "Test Settings".
10.-Once the test has been successful press "Save and Continue"
11.-Choose one or more users from your LDAP directory to be administrators by entering their usernames. Press "Save and Continue"
12.- You Can test the user settings by clicking on the "Test" icon.
13.- Once the test has been successful press "Continue"
14.-Setup is complete! Click on "Login to Admin Console"
15.-Log in to the Admin Console.
16.- You should restart Openfire through your secure shell console.
Type:
service openfire restart
17.- Now you can login to your Admin Console through the Secure port at (https://yourserver.wikisuite.org:9091)
Install Openfire Meetings Plugin
1.- Login to your Openfire Admin Console with a administrator user.
2.- Click on the Plugins Tab to manage Plugins
3.- Click on the available plugins link and scroll down to find the Openfire Meetings plugin
4.- Click on then ¨+¨ to add the plugin to the Openfire server
5.- For security, Openfire Meetings Plugin creates an user focus. You need to create this user focus in ClearOS (https://yourserver.wikisuite.org:81/app/users). Then , go back in Openfire Meeting plugin tab, click on Setting in left menu and Security section for change the password for same that a ClearOS User's Focus.
Source: http://www.igniterealtime.org/projects/openfire/plugins/ofmeet/readme.html
Install Openfire Fastpath plugin
1.- Go to the Openfire plugins administration console (https://yourserver.wikisuite.org:9091/plugin-admin.jsp)
2.- Click on the "Available plugins" tab and look for the Fastpath plugin. Click on the "+" sign to install.
3.- Once the plugin has been successfully installed, you can proceed to configure in its own console.
4.- Refresh the Openfire console and the Fastpath tab should be available, click on it to configure Workgroups (https://yourserver.wikisuite.org:9091/plugins/fastpath/workgroup-summary.jsp)
Notes:
- You can find a Quick start guide here:https://community.igniterealtime.org/docs/DOC-1513
- Here is a live example: http://avan.tech/Fastpath and some notes from Guus (keep or delete what you think)
- The snippet is provided on the Openfire Admin Console (Fastpath -> Workgroup Manager -> Workgroup Settings -> Text)
- jivelive.jsp is available on http://evoludata.com:9090/webchat/jivelive.jsp - perhaps you'll need to edit the snippet above, if you're redirecting access to that resource through a reversed proxy.
- There's a simple landing page here: http://evoludata.com:9090/webchat/
Configure email
Going to https://yourserver.demo.wikisuite.org/webmail to access to Roundcube, then login with your username and password.
In ClearOS
You can to set the options about to sending the emails
https://example.org:81/app/smtp
You can to set the options about to getting the emails
https://example.org:81/app/imap
In Openfire
Edit the email setting in a server manager tab like on an image:
https://example.org:9091/system-email.jsp
Edit the email listener in a Meeting tab like on an image:
https://example.org:9091/plugins/ofmeet/ofmeet-email-listener.jsp
Adding admins
1.-There is no ClearOS group for the Openfire admins. Instead: Server -> Server Manager -> System Properties -> admin.authorizedJIDs
Edit server properties (https://yourserver.wikisuite.org:9091/server-properties.jsp)
2.- Find the admin.authorizedJIDs property, edit it and add comma separated full JIDs. In our specific case user at example.org. "Click on Save Property"
3.- Openfire needs a restart, Login to your ClearOS via SSH using root and type:
service openfire restart
Configure SSL
As of Openfire 3.2 certificate management can be performed from the Admin Console. (And in 4.0, code has been revamped)
Once the setup process is completed Openfire will create self-signed certificates for the assigned Openfire's domain. Most users should either get the created certificates signed by a Certificate Authority or replace the created certificates with your own certificates. Source: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guide.html
- You can access the certificate store at: https://yourserver.wikisuite.org:9091/security-certificate-store-management.jsp
- Manage the existing certificates in the Openfire Identity Certificate Store
- Import Private Key and Certificate
As ClearOS also manages SSL certificates, they can co-exist independently as their storage files are different and independent. i.e. Openfire generated certificates will only be used within Openfire applications.
Avoiding non-standard ports
In some contexts, (corporate environments, captive portals in Internet cafes, etc.), some ports can be blocked. Thus, if you want to get rid of port number, you can put the following apache configuration (Apache 2.4+ so you need ClearOS 7.x):
ProxyPass /ofmeet/ http://localhost:7070/ofmeet/ ProxyPassReverse /ofmeet/ http://localhost:7070/ofmeet/ ProxyPass /ofmeetws/ wss://localhost:7070/ofmeetws/ ProxyPassReverse /ofmeetws/ wss://localhost:7070/ofmeetws/
Team room
To create a private room
Go on "Group Chat" tab.
Then going to "create new room" on left menu.
Then fill out the appropriate fields (Minimum Room ID, Room Name and Description). Finish with click on save changes button.
For use the private room
- Web access with CandyChat
Go on https://example.org:7443/ofmeet/candy.html
then login with your account access.
- WebRTC access
With https://example.org:7443/ofmeet/ (from which you can pick a room)
- XMPP client access
with Spark in a login session, click on "Action" tab then a "joint a chatroom" option. In a new pop up, double-click in a list on a right chatroom.
with Jitsi in a login session, click on "File" tab then a "joint a chatroom" option. In a new pop up, select a right account and write a chatroom name.
Remote Control of Keyboard and Mouse
This requires users install an app on their desktop (Windows / GNU/Linux / MacOSX) and to have the Openfire plugin for Chrome plugin.
How to use
- You as the person who is actively sharing a screen can select the panel of a participant on the film strip. If video is NOT working, you will not get any video panels. If you do, then you can select any and then click on remote control icon. The person on the other end will be notified that they have control of your desktop
- You as a participant can request for remote control of an active screenshare from the desktop owner by clicking on the remote control icon. The owner will receive a popup windows requesting an accept or decline. If request is accepted, then remote control will be given
STUN / TURN server
- Todo later Marc: discuss with Dele (What / How to install and what ports to open)
Advanced configuration
- If your XMPP server is not on the same server as your website, and you want to support (typically older) XMPP clients which don't support SRV records, you will need something like http://sourceforge.net/p/penloadbalancer/wiki/penctl.1/
Linking workaround
Specially when using any RedHat 7 based distribution, Java shiped in RPM has not all the required symbols. You must do this workaround.
yum install java-1.7.0-openjdk java-1.7.0-openjdk-devel cd /opt/openfire mv jre jre.1 ln -s /usr/lib/jvm/java/jre/ jre
Latest Ofmeet release
Ofmeet available in the Openfire plugin may be outdated. You can get the latest ofmeet from here: https://github.com/igniterealtime/community-plugins/
You need to download the ofmeet.jar file.
Todo
- update to use Java 8
Make sure these installation instructions provide great security
- Secure by default. Remove all http and force https
- Ref: http://wiki.xmpp.org/web/Securing_XMPP#Openfire
- Not like this:
- Verify that documenting leads to respecting Public Statement Regarding Ubiquitous Encryption on the XMPP Network
Related links
- http://igniterealtime.org/projects/openfire/documentation.jsp
- https://www.clearos.com/clearfoundation/social/community/how-to-install-openfire-3-7-1-on-cos-6-3-64bit-manual-install
- http://rtcquickstart.org/guide/RTCQuickStartGuide.pdf
- How to install Spark
Troubleshooting