首页 > 代码库 > 04 - Install Openfire
04 - Install Openfire
1、下载安装
cd /usr/local/src
sudo wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_4_1_0.tar.gz -O openfire_4_1_0.tar.gz
sudo tar -zvxf openfire_4_1_0.tar.gz
sudo mv openfire /tpc/
2、修改配置文件:
sudo vi /tpc/openfire/conf/openfire.xml
修改conf 目录下openfire.xml 文件里的数据库连接池, 在<local>en</local> 后添加
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://10.3.0.13:5432/openfire</serverURL>
<username encrypted="false">postgres</username>
<password encrypted="false">mypassword</password>
<testSQL>select 1</testSQL>
<testBeforeUse>false</testBeforeUse>
<testAfterUse>false</testAfterUse>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>false</setup>
修改Java_home
sudo vi /tpc/openfire/bin/openfire
INSTALL4J_JAVA_HOME_OVERRIDE=/tpc/jdk1.8
修改openfire数据库里 ofproperty 的几条记录
"admin.authorizedJIDs" "1@www.thepopsystem.com"
"jdbcProvider.connectionString""jdbc:postgresql://10.3.0.13:5432/popsystem6?user=postgres&password=xxxxx"
"xmpp.domain" " www.thepopsystem.com"
"provider.auth.className";"org.jivesoftware.openfire.auth.JDBCAuthProvider"
"provider.group.className";"org.jivesoftware.openfire.group.JDBCGroupProvider"
"provider.user.className";"org.jivesoftware.openfire.user.JDBCUserProvider"
具体配置如下:
重新启动openfire
sudo /tpc/openfire/bin/openfire start
如果报找不到openfireHome
Vi /etc/profile
添加 export openfireHome=/tpc/openfire
9090 仅对TPC开放
打开 5222 9090 端口。
sudo ufw allow 5222
sudo ufw allow 5223
sudo ufw allow 7070
sudo ufw allow 1099
sudo ufw allow 9090
修改Apache的mod_jk
添加JHB映射
JkMount /JHB/ workersystem6
如果过几秒就出现如下的信息,原因是Ubuntu 本机没有解析到 www.thepopsystem.com
解决方法:
sudo vi /etc/hosts
添加 10.3.0.13 www.thepopsystem.com 然后重启机器
也有可能 \WebRoot\resources\js\utils\UtilsMerger.js 最后几行
把openfire IP 或者域名不对,需要配置成 www.thepopsystem.com
进入管理界面
http://10.3.0.11:9090/
可以跳过设置密码的这一步.
SKIP This STEP, 必须重新启动Openfire, 否则报用户名密码错误!!!!
用户名 admin 密码 admin
直接丢弃脱机消息,因为TPC已经实现了这部分功能
如果在servermanager 界面 Server Name: system6.thepopcompany.com 出现感叹号。
需要在”Server settings”—>“删除已有的证书”, 重启服务器,然后登陆,直接点击更新证书即可。
3、设置开机自动启动,关机自动关闭
sudo vi /etc/rc.local
添加
/tpc/openfire/bin/openfire start
4、启动Openfire:
sudo /tpc/openfire/bin/openfire start
5. Support HTTPS
因为走得是内网, 因而Openfire 无需加密,哪怕是在 https://www.thepopsystem.com 的域名内。不会报不安全的错误。
Finally ................................
如果通过各种方法后, 还存在 Lost Connection with openfire, 那就是重新恢复openfire数据库, 修改对应的domain name 和 admin account后,重启Openfire,问题解决.
sudo /tpc/openfire/bin/openfire stop
sudo systemctl stop postgresql -- kill all the connections of openfire
sudo systemctl start postgresql
user pgadmin delete the existing openfire database and create empty openfiredatabase
sudo -u postgres pg_restore -h 127.0.0.1 -U postgres -d openfire /tpc/tempfiles/openfire_2016-09-20.backup
修改数据库Openfire ofproperty 库里的这两条数据
"admin.authorizedJIDs" "1@www.thepopsystem.com"
"xmpp.domain" " www.thepopsystem.com"
sudo /tpc/openfire/bin/openfire start
6 . Restart Openfire
sudo /tpc/openfire/bin/openfire stop
sudo rm /tpc/openfire/logs/*.*
sudo /tpc/openfire/bin/openfire start
sudo more /tpc/openfire/logs/all.log
----------------------------------------------------------------------------- 下面仅供参考,没有测试通过 -------------------------------------------------------------------------------------------
https://community.igniterealtime.org/thread/54027
http://download.igniterealtime.org/openfire/docs/latest/documentation/ssl-guide.html
A. First change certificate from perm to X509 pem type
C:\openssl\bin>openssl x509 -outform der -in www.thepopsystem.cer -out www.thepopsystem.com.pem
B. Import server certificates, the default password of keystore is changeit
sudo /tpc/jdk1.8/bin/keytool -import -keystore /tpc/openfire/resources/security/keystore -alias www.thepopsystem.com -file /tpc/apache2.4/conf/ssl2017/www.thepopsystem.com.pem
type Yes.
C. Remove default certificates
After importing your certificate you must remove the default certificates using the keytool.
First list all the certificates in this store
sudo /tpc/jdk1.8/bin/keytool -list -keystore /tpc/openfire/resources/security/keystore
sudo /tpc/jdk1.8/bin/keytool -delete -keystore /tpc/openfire/resources/security/keystore -alias 10.3.0.13_rsa
sudo /tpc/jdk1.8/bin/keytool -delete -keystore /tpc/openfire/resources/security/keystore -alias 10.3.0.13_dsa
http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i/8224863#8224863
Step one: Convert x509 Cert and Key to a pkcs12 file
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name [some-alias] -CAfile ca.crt -caname root
Note: Make sure you put a password on the p12 file - otherwise you‘ll get a null reference exception when you try to import it. (In case anyone else had this headache). (Thanks jocull!)
Note 2: You might want to add the -chain
option to preserve the full certificate chain. (Thanks Mafuba)
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name [some-alias] ca.crt -caname root
sudo /tpc/jdk1.8/bin/keytool
-storepasswd -keystore /tpc/openfire/resources/security/keystore
openssl pkcs12 -export -in www.thepopsystem.cer -inkey www.thepopsystem.com.key -out testkeystorethepopsystem.p12 -name www.thepopsystem.com-CAfile
globalsign.crt-caname globalsign
Step two: Convert the pkcs12 file to a java keystore
keytool -importkeystore -deststorepass [changeit] -destkeypass [changeit] -destkeystore server.keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password -alias [some-alias]
sudo /tpc/jdk1.8/bin/keytool -importkeystore
-deststorepass changeit -destkeypass changeit -destkeystore
/tpc/openfire/resources/security/keystore-srckeystore /tpc/apache2.4/conf/ssl2017/
testkeystorethepopsystem.p12-srcstoretype PKCS12 -srcstorepass changeit -alias www.thepopsystem.com
D. Configure Openfire
Open the Openfire Admin Console in your favorite browser and add or change the following system properties:
- xmpp.socket.ssl.active -- set to ‘true‘ to active SSL
- xmpp.socket.ssl.port -- the port to use for SSL (default is 5223 for XMPP)
- xmpp.socket.ssl.storeType -- the store type used ("JKS" is the Sun Java Keystore format used by the JDK keytool). If this property is not defined, Openfire will assume a value of "JKS".
- xmpp.socket.ssl.keystore -- the location of the keystore file relative to your Openfire installation root directory. You can leave this property blank to use the default keystore. NOT set it using default
- xmpp.socket.ssl.keypass -- the keystore/key password default is changeit
- xmpp.socket.ssl.truststore -- leave blank to not use a truststore, otherwise the location of the truststore file relative to your Openfire installation root directory.
- xmpp.socket.ssl.trustpass -- the truststore/key password you changed in step 6.
E. Restart Openfire
sudo /tpc/openfire/bin/openfire stop
sudo rm /tpc/openfire/logs/*.*
sudo /tpc/openfire/bin/openfire start
sudo more /tpc/openfire/logs/all.log
04 - Install Openfire