Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Download Openfire Server
23 views
Skip to first unread message
Phillipp Lawler
Jan 3, 2024, 6:45:13 PM1/3/24
to
Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.
I suspect it should be very similar to Windows based migration. Install on a new location, copy files from the old location. Although embedded database and config files might be in separate locations. Depends on Linux OS used. But i think most often it installs into /opt/openfire.
download openfire server
Download https://t.co/lqb1oERBYf
If external database is in use, it depends whether it is installed on the same server as Openfire and has to be moved also, or maybe it is on some other server. Moving external database can be complex. In short it will involve making a dump/snapshot of your current database. Installing database at a new location and then restoring that dump/snapshot to a new database location. Then you should also edit /openfire/conf/openfire.xml and point to a new location of a database in that file at the ConnectionProvider line.
If external database is not on the same server and is not moving, then it should just work after moving Openfire as the connection string should stay the same and work, no matter where Openfire is moving.
Hi, i have just installed a second openfire server (4.4.0) on our network in a different domain. I cannot get server to server communications to work.
I tried the server to server test tool and these are the results: can someone help me understand the output?
Openfire (previously known as Wildfire, and Jive Messenger) is an instant messaging (IM) and groupchat server for the Extensible Messaging and Presence Protocol (XMPP). It is written in Java and licensed under the Apache License 2.0.[1]
Most administration of the server is done through a web interface, which runs on the ports 9090 (HTTP) and 9091 (HTTPS) by default. Administrators can connect from anywhere and edit the server and configuration settings.
Openfire is a powerful instant messaging (IM) and chat server that implements the XMPP protocol. This document will guide you through installing Openfire. For a full list of features and more information, please visit the Openfire website:
After completing the above steps, Openfire will be configured through, and you can use the web-based admin console to administer the server. The URL should be the same as you used to setup the server unless you changed the port during the setup.
Since 4.1.5 version Openfire automatically installs and runs the service (and opens the browser with the web setup page). But you can also use the launcher, if you need to (service has to be stopped before running the launcher). If you used the Openfire installer, a shortcut for starting the graphical launcher is provided in your Start Menu. Otherwise, run openfire.exe in the bin/ directory of your Openfire installation. A button on the launcher allows you to automatically open your web browser to the correct URL to finish setting up the server: :9090
As of 4.1.5 Openfire installs the service automatically. But if you are using older version or want to reinstall the service, you can use the openfire-service.exe executable in the bin directory of the installation to install or uninstall the service.
Note: the graphical launcher is not compatible with the Windows service. If you install the service, you should use service controls as described above to control the server rather than the graphical launcher.
Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime environment of Openfire. You can do this by creating a openfire.vmoptions file in the bin/ directory of your Openfire installation. For the Windows service, you'd create a new text file called openfire-service.vmoptions.
If you are running on a Red Hat or Red Hat like system (CentOS, Fedora, etc.), we recommend using the RPM distributable, as it contains some custom handling of the standard Red Hat like environment. Assuming that you have used the RPM, you can start and stop Openfire using the /etc/init.d/openfire script.
Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime environment of Openfire. If you installed via RPM, you can customize this by editing /etc/sysconfig/openfire and looking at the OPENFIRE_OPTS option. If you installed via .tar.gz, you will need to tweak your startup script to fit your needs.
Plugins add additional features and protocol support to Openfire. After setting up your Openfire installation, you may want to download and install plugins to enhance your server. Plugins can be downloaded from the plugins page on igniterealtime.org or directly inside the administration console.
If you download a plugin from inside the Openfire administration console, it will automatically be installed. If you manually download the plugin (packaged as a .jar file), you can deploy it by copying the plugin file to the plugins/ directory of your Openfire installation. A plugin monitor will automatically extract the plugin into a directory and install the plugin in Openfire. You may also use the "upload plugin" feature in the admin console (under the Plugins tab) to load a plugin from your local file system to the server.
We install and deploy OpenFire on Ubuntu fairly regularly. Here is a PARTIAL quick cut/paste from our internal company Wiki. We also pre-install webmin and/or virtualmin on some servers just to make things easier later on:
I logged in successfully with an LDAP-authentication-based setup with MySQL server. I logged in as "admin" with the supposedly updated password, which is still "admin". I hope this helps someone else who's probably pulling their hair out just like me.
If its on Ubuntu 16.04, then try to use "openfire_3.9.3_all" debian package instead of latest "openfire_4.1.0_all". Latest package is buggy during your installation process of filling new password details. That problem is not solved. Better to use previous version. Its work fine.
Via ssh, means secure-shell, You need a ssh client like putty, so you put the ip of your asterisk server and the port 22 and connect. You need to insert user and password for the connection, generally user is root and the password that you establish. If you have access to the server you can do it directly.
Openfire is a real-time collaboration (RTC) server that is used as a chat platform for sending instant messages over the XMPP protocol (Extensible Messaging and Presence Protocol). It is designed as an internal IM server for enterprises, supporting more than 50,000 concurrent users and providing them with a secure and segmented channel for communication across different departments within an organization.
In May this year, a new vulnerability (CVE-2023-32315) was discovered in the Openfire console. This vulnerability, which was found in the console, is related to path traversal through the setup environment. This flaw allows an unauthorized user to exploit the unauthenticated Openfire Setup Environment within an established Openfire configuration. As a result, a threat actor gains access to the admin setup files that are typically restricted within the Openfire Admin Console. Next, the threat actor can choose between either adding an admin user to the console or uploading a plugin which will eventually allow full control over the server.
Once the new user is successfully created, it enables the threat actor to undergo a valid authentication process for the Openfire Administration Panel, thereby gaining complete access as an authenticated user. Furthermore, since the user is created as an admin, this grants the threat actor with elevated permissions within the system.
Next, the threat actor is uploading a malicious plugin that allows web shell commands on the server, as seen in Figure 3 below.
on your asterisk server, in manager*.conf, do you have configured the deny and permit to allow the remote connection from your openfire server ?
In a default installation, the permit only have 127.0.0.1 which is a local access, you have to add the ip of your openfire server.
There is a number of server solutions supporting XMPP (Extensible Messaging and Presence Protocol), but Openfire is very easy to handle in installation, setup, and administration. And it is Open Source!
Having set up the Openfire server, it should be configured via the web-based administration console. To do so, the Openfire server is required to be restarted first using the "Stop" and "Start" buttons. Then press the "Launch Admin" button to launch the administration console:
I have installed Openfire and Microsoft Sql Server Management Studio 2102 on my PC. I have made a database called openfire, conected to it, and have executed the script called openfire_sqlserver.sql from the Openfire Database directory. After these steps, I opened the Openfire Admin console in browser and selected Standard SQL from the database option, selected MS SQL Server option and entered jdbc:jtds:sqlserver://Home/openfire;appName=jive this.
By default the TCP Ports where the XMPP Server is listening for incoming connection are closed to the outside. Therefore it is necessary to enable the Firewall rules at least for the Openfire default secured port 5223 unless it has been changed by the user during the server setup.
"Path traversal protections were already in place to protect against exactly this kind of attack, but didn't defend against certain non-standard URL encoding for UTF-16 characters that were not supported by the embedded web server that was in use at the time," the maintainers said in a detailed advisory.
"A later upgrade of the embedded web server included support for non-standard URL encoding of UTF-16 characters. The path traversal protections in place in Openfire were not updated to include protection against this new encoding."
A Shodan scan conducted by the cybersecurity firm reveals that of more than 6,300 Openfire servers accessible over the internet, roughly 50% of them are running affected versions of the open-source XMPP solution.
35fe9a5643
I suspect it should be very similar to Windows based migration. Install on a new location, copy files from the old location. Although embedded database and config files might be in separate locations. Depends on Linux OS used. But i think most often it installs into /opt/openfire.
download openfire server
Download https://t.co/lqb1oERBYf
If external database is in use, it depends whether it is installed on the same server as Openfire and has to be moved also, or maybe it is on some other server. Moving external database can be complex. In short it will involve making a dump/snapshot of your current database. Installing database at a new location and then restoring that dump/snapshot to a new database location. Then you should also edit /openfire/conf/openfire.xml and point to a new location of a database in that file at the ConnectionProvider line.
If external database is not on the same server and is not moving, then it should just work after moving Openfire as the connection string should stay the same and work, no matter where Openfire is moving.
Hi, i have just installed a second openfire server (4.4.0) on our network in a different domain. I cannot get server to server communications to work.
I tried the server to server test tool and these are the results: can someone help me understand the output?
Openfire (previously known as Wildfire, and Jive Messenger) is an instant messaging (IM) and groupchat server for the Extensible Messaging and Presence Protocol (XMPP). It is written in Java and licensed under the Apache License 2.0.[1]
Most administration of the server is done through a web interface, which runs on the ports 9090 (HTTP) and 9091 (HTTPS) by default. Administrators can connect from anywhere and edit the server and configuration settings.
Openfire is a powerful instant messaging (IM) and chat server that implements the XMPP protocol. This document will guide you through installing Openfire. For a full list of features and more information, please visit the Openfire website:
After completing the above steps, Openfire will be configured through, and you can use the web-based admin console to administer the server. The URL should be the same as you used to setup the server unless you changed the port during the setup.
Since 4.1.5 version Openfire automatically installs and runs the service (and opens the browser with the web setup page). But you can also use the launcher, if you need to (service has to be stopped before running the launcher). If you used the Openfire installer, a shortcut for starting the graphical launcher is provided in your Start Menu. Otherwise, run openfire.exe in the bin/ directory of your Openfire installation. A button on the launcher allows you to automatically open your web browser to the correct URL to finish setting up the server: :9090
As of 4.1.5 Openfire installs the service automatically. But if you are using older version or want to reinstall the service, you can use the openfire-service.exe executable in the bin directory of the installation to install or uninstall the service.
Note: the graphical launcher is not compatible with the Windows service. If you install the service, you should use service controls as described above to control the server rather than the graphical launcher.
Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime environment of Openfire. You can do this by creating a openfire.vmoptions file in the bin/ directory of your Openfire installation. For the Windows service, you'd create a new text file called openfire-service.vmoptions.
If you are running on a Red Hat or Red Hat like system (CentOS, Fedora, etc.), we recommend using the RPM distributable, as it contains some custom handling of the standard Red Hat like environment. Assuming that you have used the RPM, you can start and stop Openfire using the /etc/init.d/openfire script.
Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime environment of Openfire. If you installed via RPM, you can customize this by editing /etc/sysconfig/openfire and looking at the OPENFIRE_OPTS option. If you installed via .tar.gz, you will need to tweak your startup script to fit your needs.
Plugins add additional features and protocol support to Openfire. After setting up your Openfire installation, you may want to download and install plugins to enhance your server. Plugins can be downloaded from the plugins page on igniterealtime.org or directly inside the administration console.
If you download a plugin from inside the Openfire administration console, it will automatically be installed. If you manually download the plugin (packaged as a .jar file), you can deploy it by copying the plugin file to the plugins/ directory of your Openfire installation. A plugin monitor will automatically extract the plugin into a directory and install the plugin in Openfire. You may also use the "upload plugin" feature in the admin console (under the Plugins tab) to load a plugin from your local file system to the server.
We install and deploy OpenFire on Ubuntu fairly regularly. Here is a PARTIAL quick cut/paste from our internal company Wiki. We also pre-install webmin and/or virtualmin on some servers just to make things easier later on:
I logged in successfully with an LDAP-authentication-based setup with MySQL server. I logged in as "admin" with the supposedly updated password, which is still "admin". I hope this helps someone else who's probably pulling their hair out just like me.
If its on Ubuntu 16.04, then try to use "openfire_3.9.3_all" debian package instead of latest "openfire_4.1.0_all". Latest package is buggy during your installation process of filling new password details. That problem is not solved. Better to use previous version. Its work fine.
Via ssh, means secure-shell, You need a ssh client like putty, so you put the ip of your asterisk server and the port 22 and connect. You need to insert user and password for the connection, generally user is root and the password that you establish. If you have access to the server you can do it directly.
Openfire is a real-time collaboration (RTC) server that is used as a chat platform for sending instant messages over the XMPP protocol (Extensible Messaging and Presence Protocol). It is designed as an internal IM server for enterprises, supporting more than 50,000 concurrent users and providing them with a secure and segmented channel for communication across different departments within an organization.
In May this year, a new vulnerability (CVE-2023-32315) was discovered in the Openfire console. This vulnerability, which was found in the console, is related to path traversal through the setup environment. This flaw allows an unauthorized user to exploit the unauthenticated Openfire Setup Environment within an established Openfire configuration. As a result, a threat actor gains access to the admin setup files that are typically restricted within the Openfire Admin Console. Next, the threat actor can choose between either adding an admin user to the console or uploading a plugin which will eventually allow full control over the server.
Once the new user is successfully created, it enables the threat actor to undergo a valid authentication process for the Openfire Administration Panel, thereby gaining complete access as an authenticated user. Furthermore, since the user is created as an admin, this grants the threat actor with elevated permissions within the system.
Next, the threat actor is uploading a malicious plugin that allows web shell commands on the server, as seen in Figure 3 below.
on your asterisk server, in manager*.conf, do you have configured the deny and permit to allow the remote connection from your openfire server ?
In a default installation, the permit only have 127.0.0.1 which is a local access, you have to add the ip of your openfire server.
There is a number of server solutions supporting XMPP (Extensible Messaging and Presence Protocol), but Openfire is very easy to handle in installation, setup, and administration. And it is Open Source!
Having set up the Openfire server, it should be configured via the web-based administration console. To do so, the Openfire server is required to be restarted first using the "Stop" and "Start" buttons. Then press the "Launch Admin" button to launch the administration console:
I have installed Openfire and Microsoft Sql Server Management Studio 2102 on my PC. I have made a database called openfire, conected to it, and have executed the script called openfire_sqlserver.sql from the Openfire Database directory. After these steps, I opened the Openfire Admin console in browser and selected Standard SQL from the database option, selected MS SQL Server option and entered jdbc:jtds:sqlserver://Home/openfire;appName=jive this.
By default the TCP Ports where the XMPP Server is listening for incoming connection are closed to the outside. Therefore it is necessary to enable the Firewall rules at least for the Openfire default secured port 5223 unless it has been changed by the user during the server setup.
"Path traversal protections were already in place to protect against exactly this kind of attack, but didn't defend against certain non-standard URL encoding for UTF-16 characters that were not supported by the embedded web server that was in use at the time," the maintainers said in a detailed advisory.
"A later upgrade of the embedded web server included support for non-standard URL encoding of UTF-16 characters. The path traversal protections in place in Openfire were not updated to include protection against this new encoding."
A Shodan scan conducted by the cybersecurity firm reveals that of more than 6,300 Openfire servers accessible over the internet, roughly 50% of them are running affected versions of the open-source XMPP solution.
35fe9a5643
0 new messages