Up to Discussions in Openfire Support

This Question is Possibly Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (5 pts)
1,780 Views 5 Replies Last post: Sep 14, 2009 7:35 AM by slicer321 RSS
ceoph Bronze
ceoph
7 posts since
Feb 27, 2009
Currently Being Moderated

Sep 11, 2009 2:30 AM

Opening port for Webchat

Hi all,

 

I would like using Webchat (with fastpath webchat plugin) on my internet site.

 

Which port I must open in my firewall to provide openfire server over internet ?

 

I would have a minus opening port, no security holes ...

 

What security risks I have by putting an openfire server over internet ?

 

I know I must block port 9090 to don't acces to admin interface by internet. But there are other ?

 

Thanks in advance for your help.

Tags: security, webchat
slicer321 Gold
slicer321
215 posts since
Apr 14, 2008
Currently Being Moderated
Sep 11, 2009 7:16 AM in response to: ceoph
Re: Opening port for Webchat

The webchat function is by default accessed from port 9090, via url http://your.openfire.server:9090/webchat/, however with Apache, this port can be proxied to port 80 (or 443/SSL if desired), see http://www.igniterealtime.org/community/docs/DOC-1876. You don't really need any other ports open to the outside, unless your Spark agents are trying to login from non-internal IPs. If that is the case, then 5222 would need to be opened.

ceoph Bronze
ceoph
7 posts since
Feb 27, 2009
Currently Being Moderated
Sep 13, 2009 11:30 PM in response to: slicer321
Re: Opening port for Webchat

Hi,

 

Thanks for your response.

 

How enable access to webchat without permit access to admin console ??

slicer321 Gold
slicer321
215 posts since
Apr 14, 2008
Currently Being Moderated
Sep 14, 2009 7:35 AM in response to: ceoph
Re: Opening port for Webchat

I had password protected the root, via mod_auth, but found Google's Chrome would trigger the auth pop-up because it was searching for favicon.ico in the root. I had considered using Apache RewriteRules as a resolution, but this did not work with SSL. My current thinking is to present the Admin console in a non-root URL, but I could not figure out how to do that. Anyone else know?

ceoph Bronze
ceoph
7 posts since
Feb 27, 2009
Currently Being Moderated
Sep 14, 2009 3:27 AM in response to: slicer321
Re: Opening port for Webchat

I'm exactly in same case of you.

 

My server name is server-interne.internaldomain.local and my xmpp.domain is webchat.externaldomain.com

 

I use a reverse proxy based on Apache, and put SetEnv directiv in Virtual Host Directive, but I don't have any logo about workgroup status (http://webchat.externaldomain.com/webchat).

 

I try to install your plugins but without help.

 

My openfire version is 3.6.3.

 

When I try to connect by this url, I'm in always in queue::

 


http://webchat.externaldomain.com/webchat/start.jsp?workgroup=mywork@workgroup.w ebchat.externaldomain.com&location=http://webchat.externaldomain.com/webchat///webchat.externaldomain.com/webchat/start.jsp?workgroup=mywork@workgroup.webcha t.externaldomain.com&location=http://webchat.externaldomain.com/webchat/

 

Do you have any idea ?

 

Thanks in advance

slicer321 Gold
slicer321
215 posts since
Apr 14, 2008
Currently Being Moderated
Sep 14, 2009 8:29 PM in response to: ceoph
Re: Opening port for Webchat

Are you using Spark client to service the queues? Openfire should be configured with Agents, and the Spark Fastpath tab should appear. Is this the case? If yes, can you connect without using the ProxyPass, e.g. going to http://webchat.externaldomain.com:9090/webchat/ and clicking the 'Online' link there? If so, there may be a proxypass caching issue.

More Like This

  • Retrieving data ...

Bookmarked By (0)