Openfire is an open source XMPP messaging and collaboration platform. XMPP is a widely adopted and open messaging protocol that is easily used from any operating system on any platform. The design of Openfire means that it is easily extended with plugins that are available from their website.
In this tutorial, you will install an Openfire server on Ubuntu 20.04 with a signed TLS/SSL certificate that will secure you and your users' data.
You will need the following before you start this tutorial:
A basic understanding of the Linux command line. You must be familiar with navigating the file system, editing files and managing services.
An Ubuntu 20.04 server. Openfire does not need many system resources so any sized server of virtual machine will be enough.
A sudo enabled non-root user on your server.
A domain name that resolves to the public IP of your server.
Before you start this tutorial, log into your server as the non-root user.
First, perform a system update to make sure that your local package database and your system are up-to-date. This will avoid any errors when you install Openfire.
The following two commands will update your system:
sudo apt update
sudo apt upgrade
Next, download the latest Openfire Debian package from the downloads page of their website. Find the Debian package in the list of Linux download options:
Then, right click on the link and select Copy link location:
Next, on your server command line, use the following command to download the Debian install package:
curl -L <URL> -o <INSTALL_PACKAGE_NAME>
Use your system’s paste function to paste in the URL that you copied from the Openfire website.
The -L option tells curl to follow the redirection to the actual file and the -o sets the name of the downloaded file. If we substitute the actual URL and file name for version 4.6.1 as shown in the screenshot this gives us the command:
Import this schema file into the openfire_db database with the following command:
sudo mysql openfire_db <openfire_mysql.sql
The database is now ready for Openfire to start using.
Registering A TLS/SSL Certificate
The default configuration for Openfire is to use a self-signed certificate to secure communications. This was acceptable when TLS/SSL certificates cost a significant amount of money per year. Now that there are many free certificate providers there is little point in using a self-signed certificate.
We will use Certbot utility to register and maintain a Let’s Encrypt signed certificate. The recommended installation method for Certbot is as an Ubuntu Snap.
First, update your local snap instance:
sudo snap install core
sudo snap refresh core
Next, install Certbot:
sudo snap install --classic certbot
Now, create a symlink so that Certbot appears in your environment’s $PATH:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
You can now use the certbot utility to register your certificate:
You will now have the signed certificate, CA chain and key files in /etc/letsencrypt/live/<YOUR_DOMAIN>. However, Openfire will not be able to read them until you change the permissions and ownerships on this directory.
Use the following commands to change the permissions and ownerships on the certificate files that Openfire needs access to: