Bitnami Openfire for Microsoft Azure

Description

Openfire is a real-time collaboration server based on the XMPP (Jabber) protocol. Openfire is easy to administer and is optimized for security and performance.

First steps with the Bitnami Openfire Stack

Welcome to your new Bitnami application running on Microsoft Azure! Here are a few questions (and answers!) you might need when first starting with your application.

What credentials do I need?

You need two sets of credentials:

The application credentials that allow you to log in to your new Bitnami application. These credentials consist of a username and password.
The server credentials that allow you to log in to your Microsoft Azure server using an SSH client and execute commands on the server using the command line. These credentials consist of an SSH username and key.

What is the administrator username set for me to log in to the application for the first time?

Username: admin

What SSH username should I use for secure shell access to my application?

SSH username: bitnami

What are the default ports?

A port is an endpoint of communication in an operating system that identifies a specific process or a type of service. Bitnami stacks include several services or servers that require a port.

Remember that if you need to open some ports you can follow the instructions given in the FAQ to learn how to open the server ports for remote access.

Port 22 is the default port for SSH connections.

Bitnami opens some ports for the main servers. These are the ports opened by default: 80, 443, 5222, 5223.

What is the default configuration?

Openfire configuration file

You can find the Openfire configuration files in the /opt/bitnami/apps/openfire/conf. Apart from this, the Openfire installation folder is located in /opt/bitnami/apps/openfire/, which has the following contents:

bin/: Openfire's binaries files.
bnconfig: Bitnami tool for Openfire.
changelog.html: Openfire's changelog file.
conf/: Openfire's configuration files.
documentation/: Openfire's documentation.
lib/: Libraries for Openfire.
LICENSE.html: Openfire's license file.
logs/: Openfire's logs.
pluigns/: Plugins for Openfire.
resources/: Openfire's resources.
scripts/: Openfire's initialization scripts.

In addition to this this, you can find the following directories:

MySQL located in /opt/bitnami/mysql.
Apache located in /opt/bitnami/apache2.
Java located in /opt/bitnami/java.

Openfire ports

Openfire use different ports to offer different services. The default ports list is:

5222 - Client to Server - The standard port for clients to connect to the server.
5223 - Client to Server - The port used for clients to connect to the server using the SSL/TLS method.
7070 - HTTP Binding - The port used for unsecured HTTP client connections.
7443 - HTTP Binding - The port used for secured HTTP client connections.
5269 - Server to Server - The port used for remote servers to connect to this server.
5275 - External Components - The port used for external components to connect to the server.
5276 - External ComponentsThe port used for external components to the server using the SSL/TLS method.
5262 - Connection Manager -The port used for connection managers to connect to the server.
5263 - Connection Manager -The port used for connection managers to the server using the SSL/TLS method.
9090 - Admin Console - The port used for unsecured Admin Console access.
9091 - Admin Console - The port used for secured Admin Console access.
7777 - File Transfer Proxy - The port used for the proxy service (FTP) that allows file transfers to occur between two entities on the XMPP network.
5229 - Flash Cross Domain - Service that allows Flash clients connect to other hostnames and ports.

XMPP Clients use 5222 and 5223 to connect to the server depending on the use of secure or unsecured connections. Both ports must be opened in your server to be able to connect a client to the server. You can connect to your Administration Panel using the default web server ports 80 or 443 (for secured connections) since Apache will act as a proxy redirecting those requests to the corresponding Openfire port.

You can easily change the ports configuration using the Administration Panel. Follow the next steps:

Log in to the Openfire Administration Panel.
Browse to the "Server -> Server Manager -> Server Information" menu item, and click on "edit properties" button.
Edit the configuration as you desire and click on "Save Properties" button.

You can find more information about Openfire at Openfire's official documentation.

Openfire log file

The Openfire error.log file is created at /opt/bitnami/openfire/logs/error.log.

How to connect to the Openfire Administration Panel?

You can connect to the Openfire Administration Panel by browsing to http://SERVER-IP:/. The default username is admin. Refer to the detail page for your cloud server for password credentials.

How to start or stop the services?

Each Bitnami stack includes a control script that lets you easily stop, start and restart services. The script is located at /opt/bitnami/ctlscript.sh. Call it without any service name arguments to start all services:

$ sudo /opt/bitnami/ctlscript.sh start

Or use it to restart a single service, such as Apache only, by passing the service name as argument:

$ sudo /opt/bitnami/ctlscript.sh restart apache

Use this script to stop all services:

$ sudo /opt/bitnami/ctlscript.sh stop

Restart the services by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh restart

Obtain a list of available services and operations by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh

How to access the administration panel?

Access the administration panel by browsing to http://SERVER-IP//.

How to enable a plugin on Openfire?

To enable a plugin in Openfire follow the steps below:

Log in to the Openfire Administration Panel.
Browse to the "Plugins -> Available Plugins" menu item.
Once you find the plugin you are looking for in the list, click the "Install" button to download and install it.
Once the plugin is installed, you will able to use it unless the plugin requires further steps to configure it.

You can later on delete the plugin you installed if you wish. You just have to browse to "Plugins -> Plugins", find your plugin in the list and click the "delete" button.

[![Openfire plugin installation](/images/img/apps/openfire/openfire-install-plugins-3-bf277885.png){: .img-medium}](/images/img/apps/openfire/openfire-install-plugins-3-bf277885.png)

You can also install a plugin by uploading the .jar plugin file directly. You just have to browse to "Plugins -> Plugins", choose your .jar file and upload it.

[![Openfire plugin installation](/images/img/apps/openfire/openfire-install-plugins-4-4712d7da.png){: .img-medium}](/images/img/apps/openfire/openfire-install-plugins-4-4712d7da.png)

Find out more about Openfire's plugins.

How to create a full backup of Openfire?

Backup

The Bitnami Openfire Stack is self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

Follow these steps:

Change to the directory in which you wish to save your backup:
```
  $ cd /your/directory
```

Stop all servers:

  $ sudo /opt/bitnami/ctlscript.sh stop

Create a compressed file with the stack contents:

  $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami

Restart all servers:

  $ sudo /opt/bitnami/ctlscript.sh start

You should now download or transfer the application-backup.tar.gz file to a safe location.

Restore

Follow these steps:

Change to the directory containing your backup:
```
  $ cd /your/directory
```

Stop all servers:

  $ sudo /opt/bitnami/ctlscript.sh stop

Move the current stack to a different location:

  $ sudo mv /opt/bitnami /tmp/bitnami-backup

Uncompress the backup file to the original directoryv

  $ sudo tar -pxzvf application-backup.tar.gz -C /

Start all servers:

  $ sudo /opt/bitnami/ctlscript.sh start

If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

How to upgrade Openfire?

It is strongly recommended to create a backup before starting the update process. If you have important data, create and try to restore a backup to ensure that everything works properly.

You can upgrade the application only without modifying any other stack components. Follow these steps:

Stop your server:
```
 $ sudo /opt/bitnami/ctlscript.sh stop
```

Copy the etc/, var/ and openfire_home/ folders in the openfire/ folder:

 $ mkdir ~/openfire_backup
 $ sudo cp -r /opt/bitnami/openfire/conf ~/openfire_backup/
 $ sudo cp -r /opt/bitnami/openfire/scripts ~/openfire_backup/

Download the latest version of Openfire and uncompress it:
```
 $ tar -xvf openfire_4_0_2.tar.gz
```

Copy the uncompressed folder to /opt/bitnami/openfire:

 $ cp -r openfire_4_0_2.tar/* /opt/bitnami/openfire/

Recover your backup files:

 $ sudo cp -r ~/openfire_backup/* /opt/bitnami/openfire/

Restart your server:

 $ sudo /opt/bitnami/ctlscript.sh restart

How to create an SSL certificate?

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

Follow the steps below:

Generate a new private key:

 $ sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048

Create a certificate:
```
 $ sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
```
IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

Until the certificate is received, create a temporary self-signed certificate:

 $ sudo openssl x509 -in /opt/bitnami/apache2/conf/cert.csr -out /opt/bitnami/apache2/conf/server.crt -req -signkey /opt/bitnami/apache2/conf/server.key -days 365

Back up your private key in a safe location after generating a password-protected version as follows:
```
 $ sudo openssl rsa -des3 -in /opt/bitnami/apache2/conf/server.key -out privkey.pem
```
Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:
```
 $ sudo openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key
```

Find more information about certificates at http://www.openssl.org.

How to enable HTTPS support with SSL certificates?

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

Use the table below to identify the correct locations for your certificate and configuration files.

Variable	Value
Current application URL	https://[custom-domain]/
	Example: https://my-domain.com/ or https://my-domain.com/appname
Apache configuration file	/opt/bitnami/apache2/conf/bitnami/bitnami.conf
Certificate file	/opt/bitnami/apache2/conf/server.crt
Certificate key file	/opt/bitnami/apache2/conf/server.key
CA certificate bundle file (if present)	/opt/bitnami/apache2/conf/server-ca.crt

Copy your SSL certificate and certificate key file to the specified locations.

NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.

If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:

Variable	Value
Apache configuration file	/opt/bitnami/apache2/conf/bitnami/bitnami.conf
Directive to include (Apache v2.4.8+)	SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"
Directive to include (Apache < v2.4.8)	SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"

NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.

Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
```
 $ sudo chown root:root /opt/bitnami/apache2/conf/server*

 $ sudo chmod 600 /opt/bitnami/apache2/conf/server*
```
Open port 443 in the server firewall. Refer to the FAQ for more information.
Restart the Apache server.

You should now be able to access your application using an HTTPS URL.

How to force HTTPS redirection with Apache?

Add the following to the top of the /opt/bitnami/apps/openfire/conf/httpd-prefix.conf file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

After modifying the Apache configuration files:

Open port 443 in the server firewall. Refer to the FAQ for more information.
Restart Apache to apply the changes.

How to debug Apache errors?

Once Apache starts, it will create two log files at /opt/bitnami/apache2/logs/access_log and /opt/bitnami/apache2/logs/error_log respectively.

The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.
The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

If no error is found, you will see a message similar to:

Syntax OK

Updating the IP address or hostname

Openfire requires updating the IP address/domain name if the machine IP address/domain name changes. The bnconfig tool also has an option which updates the IP address, called --machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/openfire.

$ sudo /opt/bitnami/apps/openfire/bnconfig --machine_hostname NEW_DOMAIN

If you have configured your machine to use a static domain name or IP address, you should rename or remove the /opt/bitnami/apps/openfire/bnconfig file.

$ sudo mv /opt/bitnami/apps/openfire/bnconfig /opt/bitnami/apps/openfire/bnconfig.disabled

NOTE: Be sure that your domain is propagated. Otherwise, this will not work. You can verify the new DNS record by using the Global DNS Propagation Checker and entering your domain name into the search field.

You can also change your hostname by modifying it in your hosts file. Enter the new hostname using your preferred editor.

$ sudo nano /etc/hosts

Add a new line with the IP address and the new hostname. Here's an example. Remember to replace the IP-ADDRESS and DOMAIN placeholders with the correct IP address and domain name.

IP-ADDRESS DOMAIN

How to create a Virtual Network peering?

To connect two instances internally you can enable a Virtual Network (VNet) peering from the Azure Portal. Depending if the instances were launched in the same or in different resource groups, there are two methods for performing a internal connection: sharing a virtual network or enabling a virtual network peering.

How to find the MySQL database credentials?

Database username: root.
Database password: The same as the application password. Find out how to obtain application credentials.

How to connect to the MySQL database?

You can connect to the MySQL database from the same computer where it is installed with the mysql client tool.

$ mysql -u root -p

You will be prompted to enter the root user password. This is the same as the application password.

How to debug errors in your database?

The main log file is created at /opt/bitnami/mysql/data/mysqld.log on the MySQL database server host.

How to change the MySQL root password?

You can modify the MySQL password using the following command at the shell prompt. Replace the NEW_PASSWORD placeholder with the actual password you wish to set.

$ /opt/bitnami/mysql/bin/mysqladmin -p -u root password NEW_PASSWORD

How to reset the MySQL root password?

If you don't remember your MySQL root password, you can follow the steps below to reset it to a new value:

Create a file in /home/bitnami/mysql-init with the content shown below (replace NEW_PASSWORD with the password you wish to use):
```
 UPDATE mysql.user SET Password=PASSWORD('NEW_PASSWORD') WHERE User='root';
 FLUSH PRIVILEGES;
```
If your stack ships MySQL v5.7.x, use the following content instead of that shown above:
```
 UPDATE mysql.user SET authentication_string=PASSWORD('NEW_PASSWORD') WHERE User='root';
 FLUSH PRIVILEGES;
```
TIP: Check the MySQL version with the command /opt/bitnami/mysql/bin/mysqladmin --version or /opt/bitnami/mysql/bin/mysqld --version.

Stop the MySQL server:

 $ sudo /opt/bitnami/ctlscript.sh stop mysql

Start MySQL with the following command:

 $ sudo /opt/bitnami/mysql/bin/mysqld_safe --pid-file=/opt/bitnami/mysql/data/mysqld.pid --datadir=/opt/bitnami/mysql/data --init-file=/home/bitnami/mysql-init 2> /dev/null &

Restart the MySQL server:

 $ sudo /opt/bitnami/ctlscript.sh restart mysql

Remove the script:
```
 $ rm /home/bitnami/mysql-init
```

How to access phpMyAdmin?

For security reasons, phpMyAdmin is accessible only when using 127.0.0.1 as the hostname. To access it from a remote system, you must create an SSH tunnel that routes requests to the Web server from 127.0.0.1. This implies that you must be able to connect to your server over SSH in order to access these applications remotely.

IMPORTANT: Before following the steps below, ensure that your Web and database servers are running.

NOTE: The steps below suggest using port 8888 for the SSH tunnel. If this port is already in use by another application on your local machine, replace it with any other port number greater than 1024 and modify the steps below accordingly. Similarly, if you have enabled Varnish, your stack's Web server might be running on port 81. In this case, modify the steps below to use port 81 instead of port 80 for the tunnel endpoint.

Accessing phpMyAdmin on Windows

Watch the following video to access phpMyAdmin on Windows through an SSH tunnel using a private key:

In order to access phpMyAdmin via SSH tunnel you need an SSH client. In the instructions below we have selected PuTTY, a free SSH client for Windows and UNIX platforms. The first step is having PuTTY configured. Please, check how to configure it in the section how to connect to the server through SSH using an SSH client on Windows.

Once you have your SSH client correctly configured and you tested that you can successfully access to your instance via SSH, you need to create an SSH tunnel in order to access phpMyAdmin. For doing so, follow these steps:

In the "Connection -> SSH -> Tunnels" section, add a new forwarded port by introducing the following values:
- Source port: 8888
- Destination: localhost:80
This will create a secure tunnel by forwarding a port (the "destination port") on the remote server to a port (the "source port") on the local host (127.0.0.1 or localhost).
Click the "Add" button to add the secure tunnel configuration to the session. (You'll see the added port in the list of "Forwarded ports").
In the "Session" section, save your changes by clicking the "Save" button.
Click the "Open" button to open an SSH session to the server. The SSH session will now include a secure SSH tunnel between the two specified ports.
Access the phpMyAdmin console through the secure SSH tunnel you created, by browsing to http://127.0.0.1:8888/phpmyadmin.
Log in to phpMyAdmin by using the following credentials:
- Username: root
- Password: application password. (Refer to our FAQ to learn how to find your application credentials).

Here is an example of what you should see:

If you are unable to access phpMyAdmin, verify that the SSH tunnel was created by checking the PuTTY event log (accessible via the "Event Log" menu):

Accessing phpMyAdmin on Linux and Mac OS X

To access the application using your Web browser, create an SSH tunnel, as described below.

Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
You have two options to configure the SSH tunnel: connect to the server using a private key (recommended) or connect to the server using a SSH password. Follow the instructions below per each option:
- Option 1: Connect to the server using a private key
  - Make sure that you have your SSH credentials (.pem key file) in hand.
  - Run the following command to configure the SSH tunnel. Remember to replace KEYFILE with the path to your private key and SERVER-IP with the public IP address or hostname of your server:
```
  $ ssh -N -L 8888:127.0.0.1:80 -i KEYFILE bitnami@SERVER-IP
```
- Option 2: Connect to the server using a SSH password
  - Run the following command, remembering to replace SERVER-IP with the public IP address or hostname of your server. Enter your SSH password when prompted.
```
 $ ssh -N -L 8888:127.0.0.1:80 bitnami@SERVER-IP
```

NOTE: If successful, the above commands will create an SSH tunnel but will not display any output on the server console.

Access the phpMyAdmin console through the secure SSH tunnel you created, by browsing to http://127.0.0.1:8888/phpmyadmin.
Log in to phpMyAdmin by using the following credentials:
- Username: root
- Password: application password. (Refer to our FAQ to learn how to find your application credentials).

Here is an example of what you should see:

How to modify PHP settings?

The PHP configuration file allows you to configure the modules enabled, the email settings or the size of the upload files. It is located at /opt/bitnami/php/etc/php.ini.

For example, to modify the default upload limit for PHP, update the PHP configuration file following these instructions.

After modifying the PHP configuration file, restart both Apache and PHP-FPM for the changes to take effect:

$ sudo /opt/bitnami/ctlscript.sh restart apache
$ sudo /opt/bitnami/ctlscript.sh restart php-fpm

How to modify the allowed limit for uploaded files?

Modify the following options in the /opt/bitnami/php/etc/php.ini file to increase the allowed size for uploads:

; Maximum size of POST data that PHP will accept.
post_max_size = 16M

; Maximum allowed size for uploaded files.
upload_max_filesize = 16M

Restart PHP-FPM and Apache for the changes to take effect.

$ sudo /opt/bitnami/ctlscript.sh restart apache
$ sudo /opt/bitnami/ctlscript.sh restart php-fpm

How to upload files to the server with SFTP?

Although you can use any SFTP/SCP client to transfer files to your server, the link below explains how to configure FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X). It is required to use your server's private SSH key to configure the SFTP client properly. Choose your preferred application and follow the steps in the link below to connect to the server through SFTP.

How to upload files to the server

Troubleshooting Openfire

How to debug errors in Openfire?

To debug Openfire's errors, check the log files of Openfire at /opt/bitnami/openfire/logs/.

How to change the Openfire admin password?

Change it using the Openfire Administration Panel. Follow the next steps:

Log in to the Openfire Administration Panel.
Browse to the "User/Groups" menu item and click the user "admin" button.
Browse to the "User Options -> Password" menu item, fill with the new password and click the "Update Password" button.

How to connect a client to the Openfire Server?

To connect to Openfire from an XMPP Client, please check that ports 5222 and 5223 are opened for remote access. Refer to the FAQ for more information on this.

You can use any XMPP client but this section documents Spark. Spark is an Open Source, cross-platform IM client optimized for businesses and organizations which is the easiest and best alternative to use in combination wiht Openfire.

Connect your Spark client following the next steps:

Log in to the Openfire Administration Panel and create a new user.
Open your Spark client, fill the required information and click the "login" button. You must indicate your user, password and the IP address or hostname of your Openfire server.

You can find more information about Spark at the official Spark Website

How to create a new group chat room?

Create a new group chat room using the Openfire Administration Panel. You have to follow the next steps:

Log in to the Openfire Administration Panel.
Browse to the "Group Chat -> Room Administration -> Create New Room" menu item, fill the required information, select the desired options and click on the "Save Changes" button.

How to create a new user?

You can easily create a new user using the Openfire Administration Panel. You have to follow the next steps:

Log in to the Openfire Administration Panel.
Browse to the "User/Groups -> Users -> Create New User" menu item, fill the required information and click on the "create user" button.

How to use the REST API plugin on Openfire?

To enable REST API plugin on Openfire follow the next steps:

Log in to the Openfire Administration Panel.
Install the REST API plugin as explained in the instructions.
Browse to the "Server -> Server Settings -> REST API" menu item. Mark "Enabled - REST API requests will be processed" and click the "Save Settings" button.

Once you have installed and enabled the API REST plugin you will be able to send API requests to the Openfire Server.

Find out more about how to send API requests to Openfire using API REST plugin.

How to set the server XMPP domain?

Set the server XMPP domain using the Administration Panel. Follow the steps below:

Log in to the Openfire Administration Panel.
Browse to the "Server -> System Properties" section, scroll to the bottom of the page, click the "Edit" button and set "Property Value" to the desired domain name. After that, click "Save Property".
Connect to your server through SSH and execute the command below:
```
 $ sudo /opt/bitnami/ctlscript.sh restart openfire
```