首页 > 代码库 > 04 - Install Openfire

04 - Install Openfire

               

1、下载安装

 

cd /usr/local/src 

sudo wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_4_1_0.tar.gz  -O openfire_4_1_0.tar.gz

sudo tar -zvxf openfire_4_1_0.tar.gz

sudo mv  openfire   /tpc/

 

 

2、修改配置文件:

sudo vi /tpc/openfire/conf/openfire.xml

修改conf 目录下openfire.xml 文件里的数据库连接池, 在<local>en</local> 后添加

<connectionProvider>

    <className>org.jivesoftware.database.DefaultConnectionProvider</className>

  </connectionProvider> 

  <database>

    <defaultProvider>

      <driver>org.postgresql.Driver</driver> 

      <serverURL>jdbc:postgresql://10.3.0.13:5432/openfire</serverURL>  

<username encrypted="false">postgres</username>

      <password encrypted="false">mypassword</password>

 

     <testSQL>select 1</testSQL> 

     <testBeforeUse>false</testBeforeUse> 

     <testAfterUse>false</testAfterUse> 

     <minConnections>5</minConnections> 

     <maxConnections>25</maxConnections> 

     <connectionTimeout>1.0</connectionTimeout>

   </defaultProvider>

  </database> 

  <setup>false</setup>

 

 

修改Java_home

sudo vi /tpc/openfire/bin/openfire

 

INSTALL4J_JAVA_HOME_OVERRIDE=/tpc/jdk1.8

 

 

 

 

 

修改openfire数据库里 ofproperty 的几条记录 

"admin.authorizedJIDs"   "1@www.thepopsystem.com"

"jdbcProvider.connectionString""jdbc:postgresql://10.3.0.13:5432/popsystem6?user=postgres&password=xxxxx"

"xmpp.domain"  " www.thepopsystem.com"

"provider.auth.className";"org.jivesoftware.openfire.auth.JDBCAuthProvider"

"provider.group.className";"org.jivesoftware.openfire.group.JDBCGroupProvider"

"provider.user.className";"org.jivesoftware.openfire.user.JDBCUserProvider"

具体配置如下:

 技术分享

技术分享

 

 

重新启动openfire

 

sudo /tpc/openfire/bin/openfire start

如果报找不到openfireHome

Vi /etc/profile

添加 export openfireHome=/tpc/openfire

 

 

  

 9090 仅对TPC开放

打开 5222  9090 端口。

sudo ufw allow 5222

sudo ufw allow 5223

sudo ufw allow 7070

sudo ufw allow 1099

sudo ufw allow 9090

 

修改Apache的mod_jk

添加JHB映射

 JkMount /JHB/ workersystem6

 

 

 

 

如果过几秒就出现如下的信息,原因是Ubuntu 本机没有解析到 www.thepopsystem.com

技术分享

解决方法:

sudo vi /etc/hosts

添加  10.3.0.13  www.thepopsystem.com  然后重启机器

 

也有可能 \WebRoot\resources\js\utils\UtilsMerger.js  最后几行

把openfire IP 或者域名不对,需要配置成 www.thepopsystem.com

 

 

 

 

进入管理界面

http://10.3.0.11:9090/

 

技术分享

技术分享

 

 技术分享

 

 

可以跳过设置密码的这一步.

 

SKIP This STEP, 必须重新启动Openfire, 否则报用户名密码错误!!!!

用户名 admin  密码 admin

直接丢弃脱机消息,因为TPC已经实现了这部分功能

 技术分享

 

 

如果在servermanager 界面 Server Name:   system6.thepopcompany.com  出现感叹号。

需要在”Server settings”—>“删除已有的证书”, 重启服务器,然后登陆,直接点击更新证书即可。

  

 

3、设置开机自动启动,关机自动关闭

sudo vi /etc/rc.local 

添加

/tpc/openfire/bin/openfire start

 

4、启动Openfire:

 

sudo /tpc/openfire/bin/openfire start

 

 

5. Support HTTPS

 因为走得是内网, 因而Openfire 无需加密,哪怕是在 https://www.thepopsystem.com 的域名内。不会报不安全的错误。

 

Finally ................................

如果通过各种方法后, 还存在 Lost Connection with openfire, 那就是重新恢复openfire数据库, 修改对应的domain name 和 admin account后,重启Openfire,问题解决.  

  sudo /tpc/openfire/bin/openfire stop

  sudo systemctl stop postgresql           --  kill all the connections of openfire

  sudo systemctl start postgresql        

 user pgadmin delete the existing openfire database and create empty openfiredatabase

  sudo -u postgres pg_restore -h 127.0.0.1 -U postgres -d openfire /tpc/tempfiles/openfire_2016-09-20.backup

 修改数据库Openfire ofproperty 库里的这两条数据

"admin.authorizedJIDs"   "1@www.thepopsystem.com"

"xmpp.domain"  " www.thepopsystem.com"

 

  sudo /tpc/openfire/bin/openfire start

 

 

 

 6 . Restart Openfire

      sudo  /tpc/openfire/bin/openfire stop

      sudo  rm /tpc/openfire/logs/*.*

      sudo  /tpc/openfire/bin/openfire start

      sudo  more /tpc/openfire/logs/all.log

 

 

 

 

 

 -----------------------------------------------------------------------------  下面仅供参考,没有测试通过   -------------------------------------------------------------------------------------------

https://community.igniterealtime.org/thread/54027

http://download.igniterealtime.org/openfire/docs/latest/documentation/ssl-guide.html

 

 A. First change certificate from perm to X509 pem type

           C:\openssl\bin>openssl x509 -outform der -in www.thepopsystem.cer -out www.thepopsystem.com.pem

    

 B. Import server certificates, the default password of keystore is changeit

           sudo /tpc/jdk1.8/bin/keytool -import -keystore /tpc/openfire/resources/security/keystore -alias www.thepopsystem.com -file /tpc/apache2.4/conf/ssl2017/www.thepopsystem.com.pem

 

技术分享

  type Yes.

 C. Remove default certificates

           After importing your certificate you must remove the default certificates using the keytool.

           First list all the certificates in this store  

               sudo /tpc/jdk1.8/bin/keytool -list -keystore /tpc/openfire/resources/security/keystore

技术分享

 

 

               sudo /tpc/jdk1.8/bin/keytool -delete -keystore /tpc/openfire/resources/security/keystore -alias 10.3.0.13_rsa

       sudo /tpc/jdk1.8/bin/keytool -delete -keystore /tpc/openfire/resources/security/keystore -alias 10.3.0.13_dsa

 

 

 

http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i/8224863#8224863

Step one: Convert x509 Cert and Key to a pkcs12 file

openssl pkcs12 -export -in server.crt -inkey server.key                -out server.p12 -name [some-alias]                -CAfile ca.crt -caname root

Note: Make sure you put a password on the p12 file - otherwise you‘ll get a null reference exception when you try to import it. (In case anyone else had this headache). (Thanks jocull!)

Note 2: You might want to add the -chainoption to preserve the full certificate chain. (Thanks Mafuba)

 

openssl pkcs12 -export -in server.crt -inkey server.key  -out server.p12 -name [some-alias]  ca.crt -caname root

sudo /tpc/jdk1.8/bin/keytool -storepasswd -keystore /tpc/openfire/resources/security/keystore
openssl pkcs12 -export -in  www.thepopsystem.cer -inkey www.thepopsystem.com.key -out testkeystorethepopsystem.p12 -name www.thepopsystem.com -CAfile globalsign.crt -caname globalsign




Step two: Convert the pkcs12 file to a java keystore

keytool -importkeystore         -deststorepass [changeit] -destkeypass [changeit] -destkeystore server.keystore         -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password         -alias [some-alias]

sudo /tpc/jdk1.8/bin/keytool -
importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /tpc/openfire/resources/security/keystore -srckeystore /tpc/apache2.4/conf/ssl2017/testkeystorethepopsystem.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias www.thepopsystem.com

 

 

 

 

 

 

 

 

 D. Configure Openfire

    Open the Openfire Admin Console in your favorite browser and add or change the following system properties:

  • xmpp.socket.ssl.active -- set to ‘true‘ to active SSL
  • xmpp.socket.ssl.port -- the port to use for SSL (default is 5223 for XMPP)
  • xmpp.socket.ssl.storeType -- the store type used ("JKS" is the Sun Java Keystore format used by the JDK keytool). If this property is not defined, Openfire will assume a value of "JKS".
  • xmpp.socket.ssl.keystore -- the location of the keystore file relative to your Openfire installation root directory. You can leave this property blank to use the default keystore.  NOT set it using default
  • xmpp.socket.ssl.keypass -- the keystore/key password default is changeit
  • xmpp.socket.ssl.truststore -- leave blank to not use a truststore, otherwise the location of the truststore file relative to your Openfire installation root directory.
  • xmpp.socket.ssl.trustpass -- the truststore/key password you changed in step 6.

 E. Restart Openfire

      sudo  /tpc/openfire/bin/openfire stop

      sudo  rm /tpc/openfire/logs/*.*

      sudo  /tpc/openfire/bin/openfire start

      sudo  more /tpc/openfire/logs/all.log

 

 

 

04 - Install Openfire