Loading...
 

History: How to install Openfire Meetings on ClearOS

Preview of version: 185

Openfire is a real time collaboration (RTC) server supporting XMPP (Jabber) and WebRTC.

Quick upgrade

2018-03-02 New versions Openfire 4.2.2 / app-openfire 1.2.5

How to install
yum --enablerepo=clearos-contribs-testing install app-openfire

How to upgrade
yum --enablerepo=clearos-contribs-testing upgrade openfire app-openfire

Quick install

Openfire can be installed with the following command on a ClearOS 7.2 box:

1)
yum --enablerepo=clearos-contribs-testing install app-openfire


2) Go to "System / Accounts / Users' in the menu to:
- Create some users (make sure the "Openfire User" is enabled in App policies for the user you create)

3) Go to "Server / Communication and Collaboration / Openfire' in the menu to:
- Click "Install and Initialize Built-in Directory" (Grab a coffee, this will take several minutes)
- Click "Configure security Certificates" (TODO: Document what happens when Lets encrypt is enabled : http://wikisuite.org/How-to-install-Let-s-Encrypt-SSL-certificates-on-ClearOS)
- Select the admin user
- Set the XMPP domain
- Set the Openfire hostname from one of the available SSL certificates on the system.

4) Follow the link and log in to Openfire

ClearOS integration includes:
- ClearOS Openfire app
- Openfire
- Plugins: Fastpath, Openfire meetings
- System database provisioning
- LDAP integration
- focus user (openfire-focus) for Openfire meetings
- Letsencrypt




Detailed Install

Assumptions

  • This guide assumes your ClearOS server will be the main server for your domain. Thus, your website (powered by Tiki) will be on the same server. E-mails could also be handled (with Roundcube on ClearOS) but are also easily handled by your domain name provider.

Information

To Install Openfire 4.x on ClearOS 7.x within the WikiSuite environment follow the next steps.

1.- Install a fresh ClearOS Server, be sure to run the latest Software updates to the core system

2.- Make sure the clearos-epel repository is enabled

3- Include in the installation of:

a. The Web Server
b. and the Directory Server(Open LDAP)

A

Configure domain name

How to set domain name on ClearOS

Please note that Openfire is not multi-tenant. So it is designed to handle just one domain name. Ref: OF-162


Configure Firewall


The openfire app will take care of opening the following ports:

Port TCP/UDP Access Control Application Description
5222 TCP Public Openfire The standard port for clients to connect to the server.
5223 TCP Public Openfire Legacy SSL/TLS port for clients to connect to the server.
7443 TCP Public Openfire The port used for secured HTTP client connections.
9091 TCP Administrative Openfire The port used for secured (HTTPS) Admin Console access.


However, you will probably want to open more than thios. ClearOS's Firewall should configured to block all ports, and open the following:

Port TCP/UDP Access Control Application Description
22 TPC Administrative SSH Terminal access
25 TCP Public OFMeet SMTP: For emails for Openfire Meeting Planner
80 TCP Public (generic) Web server (HTTP)
81 TCP Administrative ClearOS Webconfig
143 TCP Public OFMeet IMAP: For emails for Openfire Meeting Planner
443 TCP Public (generic) Web server (HTTPS)
587 TCP Public OFMeet SMTP For emails for Openfire Meeting Planner if you use Gmail
993 TCP Public OFMeet IMAPS For emails for Openfire Meeting Planner
4443 TCP Public OFMeet RTP over TCP for Jitsi Videobridge
5000 TCP Public OFMeet Media proxy for video conference
5222 TCP Public Openfire The standard port for clients to connect to the server. On this port plain-text connections are established, which, depending on configurable security settings, can (or must) be upgraded to encrypted connections.
5223 TCP Public Openfire The port used for clients to connect to the server using the old SSL/TLS method. Connections established on this port are established using a pre-encrypted connection. This type of connectivity is commonly referred to as the "old-style" or "legacy" method of establishing encrypted connections. Configuration details can be modified in the security settings.
5269 TCP Public Openfire The port used for remote servers to connect to this server. Connections established on this port are established using a pre-encrypted connection. This type of connectivity is commonly referred to as the "old-style" or "legacy" method of establishing encrypted connections. Configuration details can be modified in the security settings.
7070 TCP Public Openfire The port used for unsecured HTTP client connections.
7443 TCP Public Openfire The port used for secured HTTP client connections.
8843 (unknown) Public OFMeet WOOT realtime collaborative editing
9090 TCP Administrative Openfire The port used for unsecured (HTTP) Admin Console access.
9091 TCP Administrative Openfire The port used for secured (HTTPS) Admin Console access.
50000-60000 UDP Public OFMeet Media proxy for video conference


Notes:

  • Ports 7070 and 9090 are used for plain HTTP traffic. Each have a more secure HTTPS counterpart: 7443 and 9091 respectively. Consider disabling the HTTP ports, which could hurt interoperability and performance., but will increase security.
  • An earlier draft of this page listed ports 5229 and 5349 (for Openfire). There is no known application for these ports. Where they included by mistake?

Configure OpenLDAP


1.-Initialize your OpenLDAP service through the Webconfig-Open LDAP Directory Server Module (https://yourserver.wikisuite.org:81/app/openldap_directory).

File not found.


2.-On the Directory Server Settings page set the server mode and Base Domain (https://yourserver.wikisuite.org:81/app/openldap_directory/settings/edit)

File not found.


3.-On the Directory Server Policies page set the Publish Policy and Accounts access according to your requirements (https://yourserver.wikisuite.org:81/app/openldap_directory/policies/edit)

File not found.


4.-Don't forget to create one or two users as they will be use in the Openfire configuration phase. Use: (https://yourserver.wikisuite.org:81/app/users/add)

F

Install Openfire


1.-Login to your ClearOS via SSH using root

2.-Install the Openfire RPM

Type:

rpm -ivh http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.0.2-1.i386.rpm
yum install libvpx-devel


todo: replace above with wget following by rpm command

G

For Openfire to work on ClearOS 64-bit the 32-bit zlib library is required.
Source: https://community.igniterealtime.org/thread/43673

Type:

yum --enablerepo=clearos-centos install zlib.i686


H

And type "y" when requested.

I

3.- Start the Openfire service:

Type:

/etc/init.d/openfire start

And check the status

/etc/init.d/openfire status


J

The skeleton app so far:
2017 01 05 Openfire Clearos

Configure Openfire


Use a web browser to connect to the admin console. The default port for the web-based Initial setup admin console is 9090. Initial setup and administration can be done from a remote computer using LAN IP address instead or hostname if it is resolvable by the remote computer. i.e. (http://yourserver.wikisuite.org:9090). Source: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/install-guide.html

1.-The first screen will request you to choose your preferred language and press continue.

K

2.-For the second screen, Type your host domain and press continue. The Default Admin Console Port is 9090 and the Secure Admin Console Port is 9091.

L

3.-Select to use the "Embedded Database" and press continue.

M

4.-Choose "Directory Server (LDAP)" as the user and group system to use with the server and press continue.

N

5.-Configure the connection settings for your LDAP directory and press "Test Settings". (Connections settings such as password can be obtained from OpenLDAP Directory Setup (https://yourserver.wikisuite.org:81/app/openldap_directory)

  • For Administrator DN in Openfire, use the Bind DN from ClearOS
  • For Password, use the Bind Password from ClearOS


O

6.-Once the test has been successful press "Save and Continue"

P

7.-Configure how the server finds and loads users from your LDAP directory and press "Test Settings" Don't forget to check Store avatar in database if not provided by LDAP

Q1
Store Avatar In Database

8.-Once the test has been successful press "Save and Continue"

Q

9.-Configure how the server finds and loads groups from your LDAP directory and press "Test Settings".

R1

10.-Once the test has been successful press "Save and Continue"

R2

11.-Choose one or more users from your LDAP directory to be administrators by entering their usernames. Press "Save and Continue"

S1

12.- You Can test the user settings by clicking on the "Test" icon.

S2

13.- Once the test has been successful press "Continue"

S3

14.-Setup is complete! Click on "Login to Admin Console"

T1

15.-Log in to the Admin Console.

T2

T3

16.- You should restart Openfire through your secure shell console.

Type:

service openfire restart


V

17.- Now you can login to your Admin Console through the Secure port at (https://yourserver.wikisuite.org:9091)

V1

Install Openfire Meetings Plugin


1.- Login to your Openfire Admin Console with a administrator user.

2.- Click on the Plugins Tab to manage Plugins

W

3.- Click on the available plugins link and scroll down to find the Openfire Meetings plugin

X

4.- Click on then ¨+¨ to add the plugin to the Openfire server

X1


5.- For security, Openfire Meetings Plugin creates an user focus. You need to create this user focus in ClearOS (https://yourserver.wikisuite.org:81/app/users). Then , go back in Openfire Meeting plugin tab, click on Setting in left menu and Security section for change the password for same that a ClearOS User's Focus.
Openfire Meeting Security Focus User

Source: http://www.igniterealtime.org/projects/openfire/plugins/ofmeet/readme.html

Install Openfire Fastpath plugin


1.- Go to the Openfire plugins administration console (https://yourserver.wikisuite.org:9091/plugin-admin.jsp)

Aa1

2.- Click on the "Available plugins" tab and look for the Fastpath plugin. Click on the "+" sign to install.

Aa2

3.- Once the plugin has been successfully installed, you can proceed to configure in its own console.

Aa3

4.- Refresh the Openfire console and the Fastpath tab should be available, click on it to configure Workgroups (https://yourserver.wikisuite.org:9091/plugins/fastpath/workgroup-summary.jsp)

Aa4

Notes:

  • You can find a Quick start guide here:https://community.igniterealtime.org/docs/DOC-1513

  • The snippet is provided on the Openfire Admin Console (Fastpath -> Workgroup Manager -> Workgroup Settings -> Text)


Configure Tiki, ConverseJS and OpenFire

To get a transparent authentication between ConverseJS and Openfire, we need
to configure Tiki and install the TikiToken plugin in OpenFire.

1 - Download the latest tikitoken.jar at https://github.com/fabiomontefuscolo/openfire-tikitoken/releases The Tiki Token plugin is now shipping as an optional plugin in Openfire 4.1.5 Just activate as you would for any Openfire plugin.

2 - Upload tikitoken.jar on OpenFire plugins page, at http://yourserver.wikisuite.org:9090/plugin-admin.jsp
001 Upload Tikitoken Jar

3 - Go to server properties page at http://yourserver.wikisuite.org:9090/server-properties.jsp
and setup a new property with name org.tiki.tikitoken.baseUrl and property
value will be your tiki base url, let's suppose http://tiki.wikisuite.org.
003 Set Of Prop

4 - Configure Tiki to talk to OpenFire. Go to community page on admin panels,
(http://tiki.wikisuite.org/tiki-admin.php?page=community), select the XMPP tab,
and:

004 Set Tiki Xmpp

5 - Still on Tiki, go to "Modules" panel (http://tiki.wikisuite.org/tiki-admin_modules.php);

6 - Click on "All modules" tab;

7 - On field Filter type xmpp;

8 - Drag the result to bottom of page, in the closest gray bordered box;
005 Place Xmmp Mod

9 - Just save the popup will appear;

10 - Refresh the page to see the box at the bottom of the page;

Configure email

Going to https://yourserver.demo.wikisuite.org/webmail to access to Roundcube, then login with your username and password.
Login To Roundcube

In ClearOS

You can to set the options about to sending the emails

https://example.org:81/app/smtp
ClearOS   SMTP

You can to set the options about to getting the emails

https://example.org:81/app/imap
ClearOS   IMAP

In Openfire

Edit the email setting in a server manager tab like on an image:
https://example.org:9091/system-email.jsp
Openfire Email Settings
Edit the email listener in a Meeting tab like on an image:
https://example.org:9091/plugins/ofmeet/ofmeet-email-listener.jsp
Openfire Email Listener Setup

Adding admins


1.-There is no ClearOS group for the Openfire admins. Instead: Server -> Server Manager -> System Properties -> admin.authorizedJIDs

Edit server properties (https://yourserver.wikisuite.org:9091/server-properties.jsp)

Y1

2.- Find the admin.authorizedJIDs property, edit it and add comma separated full JIDs. In our specific case user at example.org. "Click on Save Property"

Y2

3.- Openfire needs a restart, Login to your ClearOS via SSH using root and type:

service openfire restart

Configure SSL


As of Openfire 3.2 certificate management can be performed from the Admin Console. (And in 4.0, code has been revamped)

Once the setup process is completed Openfire will create self-signed certificates for the assigned Openfire's domain. Most users should either get the created certificates signed by a Certificate Authority or replace the created certificates with your own certificates. Source: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guide.html

Make sure you use at least 2048-bit key length


Z1

  • Manage the existing certificates in the Openfire Identity Certificate Store


Z2

  • Import Private Key and Certificate


Z3

As ClearOS also manages SSL certificates, they can co-exist independently as their storage files are different and independent. i.e. Openfire generated certificates will only be used within Openfire applications.

Avoiding non-standard ports

In some contexts, (corporate environments, captive portals in Internet cafes, etc.), some ports can be blocked. Thus, if you want to get rid of port number, you can put the following apache configuration (Apache 2.4+ so you need ClearOS 7.x):

ProxyPass /ofmeet/ http://localhost:7070/ofmeet/
ProxyPassReverse /ofmeet/ http://localhost:7070/ofmeet/
ProxyPass /ofmeetws/ wss://localhost:7070/ofmeetws/
ProxyPassReverse /ofmeetws/ wss://localhost:7070/ofmeetws/

Team room

To create a private room

Go on "Group Chat" tab.
Openfire Create Groupchat

Then going to "create new room" on left menu.
Openfire Create New Room

Then fill out the appropriate fields (Minimum Room ID, Room Name and Description). Finish with click on save changes button.

For use the private room

  • Web access with CandyChat

Go on https://example.org:7443/ofmeet/candy.html
then login with your account access.

  • WebRTC access

With https://example.org:7443/ofmeet/ (from which you can pick a room)

  • XMPP client access

with Spark in a login session, click on "Action" tab then a "joint a chatroom" option. In a new pop up, double-click in a list on a right chatroom.
with Jitsi in a login session, click on "File" tab then a "joint a chatroom" option. In a new pop up, select a right account and write a chatroom name.

Remote Control of Keyboard and Mouse

This requires users install an app on their desktop (Windows / GNU/Linux / MacOSX) and to have the Openfire plugin for Chrome plugin.

How to use

  • You as the person who is actively sharing a screen can select the panel of a participant on the film strip. If video is NOT working, you will not get any video panels. If you do, then you can select any and then click on remote control icon. The person on the other end will be notified that they have control of your desktop
  • You as a participant can request for remote control of an active screenshare from the desktop owner by clicking on the remote control icon. The owner will receive a popup windows requesting an accept or decline. If request is accepted, then remote control will be given

STUN / TURN server

  • Todo later Marc: discuss with Dele (What / How to install and what ports to open)

Advanced configuration

Linking workaround

Specially when using any RedHat 7 based distribution, Java shiped in RPM has not all the required symbols. You must do this workaround.

yum install java-1.7.0-openjdk java-1.7.0-openjdk-devel
cd /opt/openfire
mv jre jre.1
ln -s /usr/lib/jvm/java/jre/ jre

Todo

Make sure these installation instructions provide great security

Souce code

Source Packages
https://github.com/WikiSuite/app-openfire http://koji.clearos.com/koji/packageinfo?packageID=303
https://github.com/WikiSuite/app-openfire-plugin http://koji.clearos.com/koji/packageinfo?packageID=311
https://github.com/WikiSuite/openfire http://koji.clearos.com/koji/packageinfo?packageID=302

Troubleshooting



alias

History

Advanced
Information Version
Benoit Grégoire 185
View
Benoit Grégoire 184
View
Benoit Grégoire 183
View
Benoit Grégoire Document that the app will now open some ports. 182
View
Benoit Grégoire 181
View
Benoit Grégoire Update new instructions (Prior to updating entire page) 180
View
Marc Laporte 179
View
Marc Laporte code Plugin modified by editor. 178
View
Marc Laporte code Plugin modified by editor. 177
View
Marc Laporte 176
View
Marc Laporte Now with Let's Encrypt support 175
View
Marc Laporte 174
View
Marc Laporte 173
View
Marc Laporte 172
View
Marc Laporte 171
View
Marc Laporte 170
View
Marc Laporte 169
View
Marc Laporte 168
View
Marc Laporte 167
View
Marc Laporte 166
View
Marc Laporte 165
View
Marc Laporte 164
View
Marc Laporte 163
View
Marc Laporte 162
View
Fabio 161
View
Fabio 160
View
Fabio 159
View
Fabio starting doc about tiki, conversejs and openfire integration 158
View
Marc Laporte 157
View
Marc Laporte Cosmetic change, for easier readability 156
View
guus.der.kinderen 155
View
guus.der.kinderen 154
View
guus.der.kinderen 153
View
guus.der.kinderen Turned firewall settings into a table, added Jitsi proxy ports. 152
View
Marc Laporte 151
View
Marc Laporte 150
View
Marc Laporte 149
View
Marc Laporte Code Plugin modified by editor. 148
View
Marc Laporte 147
View
Marc Laporte 146
View
Marc Laporte 145
View
Marc Laporte 144
View
Marc Laporte 143
View
Marc Laporte Thanks Peter! 142
View
Marc Laporte 141
View
timtech Added a troubleshooting section 140
View
Marc Laporte 139
View
Marc Laporte Suggested by Guus 138
View
Marc Laporte 4.0.2 is out 137
View
Marc Laporte cleanup 136
View