TUTORIALS

How to Install Openfire on Ubuntu

Elliot Cooper

View GitHub Repo

Introduction

Openfire is an open source XMPP messaging and collaboration platform. XMPP is a widely adopted and open messaging protocol that is easily used from any operating system on any platform. The design of Openfire means that it is easily extended with plugins that are available from their website.

In this tutorial, you will install an Openfire server on Ubuntu 20.04 with a signed TLS/SSL certificate that will secure you and your users' data.



Prerequisites

You will need the following before you start this tutorial:

  • A basic understanding of the Linux command line. You must be familiar with navigating the file system, editing files and managing services.
  • An Ubuntu 20.04 server. Openfire does not need many system resources so any sized server of virtual machine will be enough.
  • A sudo enabled non-root user on your server.
  • A domain name that resolves to the public IP of your server.

Before you start this tutorial, log into your server as the non-root user.

Installing Openfire

First, perform a system update to make sure that your local package database and your system are up-to-date. This will avoid any errors when you install Openfire.

The following two commands will update your system:

sudo apt update

sudo apt upgrade

Next, download the latest Openfire Debian package from the downloads page of their website. Find the Debian package in the list of Linux download options:

Then, right click on the link and select Copy link location:

Next, on your server command line, use the following command to download the Debian install package:

curl -L <URL> -o <INSTALL_PACKAGE_NAME>

Use your system’s paste function to paste in the URL that you copied from the Openfire website.

The -L option tells curl to follow the redirection to the actual file and the -o sets the name of the downloaded file. If we substitute the actual URL and file name for version 4.6.1 as shown in the screenshot this gives us the command:

curl -L https://igniterealtime.org/downloadServlet?filename=openfire/openfire_4.6.1_all.deb -o openfire_4.6.1_all.deb

Install the Openfire installation package along with the Java Runtime Environment that Openfire needs along with all dependencies:

sudo apt install ./openfire_4.6.1_all.deb openjdk-11-jre

Installing A MariaDB Database

Openfire needs a database to store messages and configuration. A dedicated database server is the preferred option as it is more performant. We will use the a MySQL server MariaDB in this tutorial.

First, install MariaDB:

sudo apt install mariadb-server

Next, we need to create a database for Openfire to use. Open the MariaDB console:

sudo mysql

Create a new database called openfire_db with the following command:

CREATE DATABASE openfire_db;

Next, create a new database user called openfire:

CREATE USER openfire;

Then, give the openfire user full access to the openfire_db database:

GRANT ALL ON openfire_db.* TO openfire@localhost IDENTIFIED BY '<STRONGPASSWORD>';

Finally, exit the MySQL console with:

exit;

You now have an empty database on your server but Openfire needs this database to have a specific schema before it can start to use it.

Openfire provides a schema in their GitHub repository that will correctly format the empty database. Download it with the following command:

wget https://raw.githubusercontent.com/igniterealtime/Openfire/master/distribution/src/database/openfire_mysql.sql

Import this schema file into the openfire_db database with the following command:

sudo mysql openfire_db <openfire_mysql.sql

The database is now ready for Openfire to start using.

Registering A TLS/SSL Certificate

The default configuration for Openfire is to use a self-signed certificate to secure communications. This was acceptable when TLS/SSL certificates cost a significant amount of money per year. Now that there are many free certificate providers there is little point in using a self-signed certificate.

We will use Certbot utility to register and maintain a Let’s Encrypt signed certificate. The recommended installation method for Certbot is as an Ubuntu Snap.

First, update your local snap instance:

sudo snap install core

sudo snap refresh core

Next, install Certbot:

sudo snap install --classic certbot

Now, create a symlink so that Certbot appears in your environment’s $PATH:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

You can now use the certbot utility to register your certificate:

sudo certbot certonly --standalone --agree-tos --email <YOUR_EMAIL> -d <YOUR_DOMAIN>

You will now have the signed certificate, CA chain and key files in /etc/letsencrypt/live/<YOUR_DOMAIN>. However, Openfire will not be able to read them until you change the permissions and ownerships on this directory.

Use the following commands to change the permissions and ownerships on the certificate files that Openfire needs access to:

sudo chmod 0755 /etc/letsencrypt/{live,archive}

sudo chmod 640 /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem

sudo chgrp openfire /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem

Setting Up Openfire

You are now ready to browse to the web-based setup wizard to complete the installation of your Openfire server.

Enter the following URL into your browser:

http://<YOUR_DOMAIN>:9090

The first page allows you to set the language that you want to use on the web admin console in:

Check the language you want to use and click on Continue to proceed to the Server Settings section.

Enter your domain name into the following fields:

  • XMPP Domain Name:
  • Server Host Name (FQDN):

Also, enter a strong password into the Property Encryption Key fields. Keep a note of this password.

Click Continue to proceed on to the Database Settings page.

Select the Standard Database Connection option to use the MariaDB server you created earlier.

Click on Continue  to move on to the database configuration section.

Enter the following details into the numbered fields shown in the screenshot:

  1. Select MySQL from the drop down list.
  2. This will be pre-filled when you select MySQL. Do not change it.
  3. Edit the database server URL. Make the following changes:
  1. HOSTNAME = localhost
  2. DATABASENAME = openfire_db
  1. Enter the database user you created; openfire
  2. Enter the password you set.

Click Continue to proceed on to the Profile Settings page.

Leave this set to Default for maximum compatibility. Click Continue to move on to the Admin Account creation page.

This option step allows you to create the first admin user. You should create an admin user as you will need it to log into the admin console.

Enter an email address and username for the admin user and click Continue to finish the setup and reach the Setup Complete! page.

You are now ready to login to your Openfire admin console by clicking on the Login to the admin console button to proceed.

Configuring Openfire Admin Console

When you click the Login to the admin console button you will get taken to the login page:

Just enter admin as the username and not the email address you set along with the password. Then login by clicking Login.

When you login you will be taken to the admin console landing page, which will give you information about your server and the latest Openfire news.

First, configure Openfire to use the TLS/SSL certificate you registered earlier. Start by navigating as shown here:

Delete the self signed certificate by clicking on the red "x":

Import the certificate you registered by clicking on the imported here link at the end of the text:

On the page that follows, you will need to copy and paste the contents of two of the TLS/SSL certificate files you registered earlier.  

The two files are shown here with the commands to print their contents from the command line:

Private Key = sudo cat /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem

Certificate = sudo cat /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain.pem

Click Save to finish importing those files.

You need to restart the Openfire server to load the new certificates:

sudo systemctl restart openfire.service

You should now logout of the admin console and log back in using the secure HTTPS URL:

https://<YOUR_DOMAIN>:9091

Let’s Encrypt certificates are only valid for 90 days so you must install a plugin that will automatically import the new certificate when it is renewed by Certbot.

Install this plugin by navigating to:

Then scroll down until you see the Certificate Manager plugin. Click on the green cross to install it:

After that has installed you need to tell it where to look for the new certificates. Navigate as shown below to the new Management section:

Then fill in the Directory field, indicated at 4, with the path to your Let’s Encrypt certificate directory.

This directory is at  /etc/letsencrypt/live/<YOUR_DOMAIN>/

Click Save Settings to complete this page.

Creating A New User

Navigate to the page where you can add new users to your Openfire server:

Create a new user as follows:

  1. Click on Users/Groups.
  2. Click on Create New User.
  3. Enter the user’s details.
  4. Click Create User to add the user to your Openfire instance.

This user can now connect to your Openfire server and start chatting.

Conclusion

Your Openfire server is now up and running and offering messaging services to your users over encrypted channels.

You can extend the functionality of your Openfire server with plugins from the Openfire website greatly enhancing its capability and utility.