Openfire Archives - iZero

[Nginx] Création d’un vhost pour Openfire

4 avril 201719 novembre 2017 BEF Laisser un commentaire

Création d’un vhost pour Openfire Os version: Centos 6.8 Une fois Nginx installé, créer le vhost.

$ sudo vim /etc/nginx/sites-available/<span style="color: #ff0000;">nomdemachine.domaine.tld.conf</span>

1	$ sudo vim /etc/nginx/sites-available/<span style="color: #ff0000;">nomdemachine.domaine.tld.conf</span>

Voici le contenu.

server {
    listen       80;
    server_name <span style="color: #ff0000;">nom.domaine.tld nom</span>;
   if ($scheme = http) {
        return 301 https://$server_name$request_uri;
   }
}
server {
    listen       443 ssl;

    server_name  <span style="color: #ff0000;">nom.domaine.tld nom</span>;
ssl_certificate /etc/nginx/ssl/<span style="color: #ff0000;">nom.domaine.tld</span>.crt; (<span style="color: #ff0000;">.pem si letsencrypt</span>)
ssl_certificate_key     /etc/nginx/ssl/<span style="color: #ff0000;">nom.domaine.tld</span>.key; (<span style="color: #ff0000;">.pem si letsencrypt</span>)

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-G
CM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA25
6:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-
AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RS
A-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-
RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES1
28-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-
SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!
RC4";



    location / {
        proxy_pass https://<span style="color: #ff0000;">nom.domaine.tld</span>:7443/ofmeet;
    }
}

server {

listen 80;

server_name nom.domaine.tld nom;

if ($scheme = http) {

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl;

server_name nom.domaine.tld nom;

ssl_certificate /etc/nginx/ssl/nom.domaine.tld.crt; (.pem si letsencrypt)

ssl_certificate_key /etc/nginx/ssl/nom.domaine.tld.key; (.pem si letsencrypt)

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:10m;

ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-G

CM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA25

6:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-

AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RS

A-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-

RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES1

28-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-

SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!

RC4";

location / {

proxy_pass https://nom.domaine.tld:7443/ofmeet;

}

[OpenFire] Installation de Certificat SSL

1 avril 201720 janvier 2019 BEF Laisser un commentaire

Installation de Certificat SSL pour un serveur Openfire A travers la console d’administration, tout est résumé en 8 captures d’écran ci dessous (clic pour agrandir).

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire1.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2177" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire1.jpg" alt="Mini-openfire1" width="295" height="139" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire1.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2177" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire1.jpg" alt="Mini-openfire1" width="295" height="139" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire2.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2178" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire2.jpg" alt="Mini-openfire2" width="295" height="135" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire2.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2178" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire2.jpg" alt="Mini-openfire2" width="295" height="135" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire3.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2179" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire3.jpg" alt="Mini-openfire3" width="295" height="160" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire3.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2179" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire3.jpg" alt="Mini-openfire3" width="295" height="160" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire4.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2180" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire4.jpg" alt="Mini-openfire4" width="295" height="160" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire4.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2180" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire4.jpg" alt="Mini-openfire4" width="295" height="160" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire5.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2181" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire5.jpg" alt="Mini-openfire5" width="295" height="206" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire5.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2181" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire5.jpg" alt="Mini-openfire5" width="295" height="206" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire6.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2182" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire6.jpg" alt="Mini-openfire6" width="295" height="144" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire6.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2182" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire6.jpg" alt="Mini-openfire6" width="295" height="144" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire7.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2183" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire7.jpg" alt="Mini-openfire7" width="295" height="176" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire7.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2183" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire7.jpg" alt="Mini-openfire7" width="295" height="176" /></a>

<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire8.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2184" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire8.jpg" alt="Mini-openfire8" width="295" height="127" /></a>

1	<a href="https://it.izero.fr/wp-content/uploads/2016/04/openfire8.png" target="_blank" rel="noopener"><img class="alignnone wp-image-2184" src="https://it.izero.fr/wp-content/uploads/2016/04/Mini-openfire8.jpg" alt="Mini-openfire8" width="295" height="127" /></a>

[Openfire] Installation Visioconférence – Ofmeet

31 mars 201730 octobre 2017 BEF Laisser un commentaire

Installation Visioconférence – Ofmeet Il y a de nombreux plugins sur Openfire, en voici un extrait ci dessous Télécharger Openfire Meeting (Ofmeet), il permet de faire la vidéoconférence, implémenter dans beaucoup d’autres chat comme Rocket chat, Hip chat … Une fois installé, un nouveau menu “Meeting” apparaît dans […]

[Linux] Iptables pour Openfire

30 mars 201715 novembre 2017 BEF Laisser un commentaire

Mis en place d’Iptables sur mon serveur Openfire OS: Centos 6.8

$ sudo vim /etc/sysconfig/iptables

1	$ sudo vim /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Tue Mar 22 12:07:57 2016
# Interdire toutes connexions entrantes et sortantes
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT DROP

# Ne pas casser les connexions établies
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Autoriser loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# Autoriser ping
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT

# Autoriser HTTP/HTTPS
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp --dport 443 -j ACCEPT

# Autoriser DNS
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT

# Autoriser SSH ip ou réseau local et autre ip public
-A INPUT -p tcp -s 192.168.1.0/24 --dport 1209 -j ACCEPT
-A INPUT -p tcp -s ippublic/32 --dport 1209 -j ACCEPT

# Autoriser LDAP
-A INPUT -p tcp --dport 389 -j ACCEPT
-A INPUT -p udp --dport 389 -j ACCEPT
-A OUTPUT -p tcp --dport 389 -j ACCEPT
-A OUTPUT -p udp --dport 389 -j ACCEPT

# Autoriser Port administration, XMPP/XMPPS et transfert de fichiers
-A INPUT -p tcp -s 192.168.1.0/24 --dport 9090 -j ACCEPT
-A INPUT -p tcp -s 192.168.1.0/24 --dport 9091 -j ACCEPT
-A INPUT -p tcp --dport 7777 -j ACCEPT
-A OUTPUT -p tcp --dport 7777 -j ACCEPT
-A INPUT -p tcp --dport 5222 -j ACCEPT
-A OUTPUT -p tcp --dport 5222 -j ACCEPT
-A INPUT -p tcp --dport 5223 -j ACCEPT
-A OUTPUT -p tcp --dport 5223 -j ACCEPT

# Autoriser Ofmeet-Jitsi
-A INPUT -p tcp --dport 7443 -j ACCEPT
-A OUTPUT -p tcp --dport 7443 -j ACCEPT
-A INPUT -p udp --sport 5000:6000 -j ACCEPT
-A INPUT -p udp --sport 50000:60000 -j ACCEPT
-A OUTPUT -p udp --sport 5000:6000 -j ACCEPT
-A OUTPUT -p udp --sport 50000:60000 -j ACCEPT

# Autoriser Postgresql
-A INPUT -p tcp --dport 5432 -j ACCEPT
-A OUTPUT -p tcp --dport 5432 -j ACCEPT
COMMIT

# Generated by iptables-save v1.4.7 on Tue Mar 22 12:07:57 2016

# Interdire toutes connexions entrantes et sortantes

*filter

:INPUT DROP

:FORWARD DROP

:OUTPUT DROP

# Ne pas casser les connexions établies

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Autoriser loopback

-A INPUT -i lo -j ACCEPT

-A OUTPUT -o lo -j ACCEPT

# Autoriser ping

-A INPUT -p icmp -j ACCEPT

-A OUTPUT -p icmp -j ACCEPT

# Autoriser HTTP/HTTPS

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT

-A OUTPUT -p tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp --dport 443 -j ACCEPT

# Autoriser DNS

-A INPUT -p tcp --dport 53 -j ACCEPT

-A INPUT -p udp --dport 53 -j ACCEPT

-A OUTPUT -p tcp --dport 53 -j ACCEPT

-A OUTPUT -p udp --dport 53 -j ACCEPT

# Autoriser SSH ip ou réseau local et autre ip public

-A INPUT -p tcp -s 192.168.1.0/24 --dport 1209 -j ACCEPT

-A INPUT -p tcp -s ippublic/32 --dport 1209 -j ACCEPT

# Autoriser LDAP

-A INPUT -p tcp --dport 389 -j ACCEPT

-A INPUT -p udp --dport 389 -j ACCEPT

-A OUTPUT -p tcp --dport 389 -j ACCEPT

-A OUTPUT -p udp --dport 389 -j ACCEPT

# Autoriser Port administration, XMPP/XMPPS et transfert de fichiers

-A INPUT -p tcp -s 192.168.1.0/24 --dport 9090 -j ACCEPT

-A INPUT -p tcp -s 192.168.1.0/24 --dport 9091 -j ACCEPT

-A INPUT -p tcp --dport 7777 -j ACCEPT

-A OUTPUT -p tcp --dport 7777 -j ACCEPT

-A INPUT -p tcp --dport 5222 -j ACCEPT

-A OUTPUT -p tcp --dport 5222 -j ACCEPT

-A INPUT -p tcp --dport 5223 -j ACCEPT

-A OUTPUT -p tcp --dport 5223 -j ACCEPT

# Autoriser Ofmeet-Jitsi

-A INPUT -p tcp --dport 7443 -j ACCEPT

-A OUTPUT -p tcp --dport 7443 -j ACCEPT

-A INPUT -p udp --sport 5000:6000 -j ACCEPT

-A INPUT -p udp --sport 50000:60000 -j ACCEPT

-A OUTPUT -p udp --sport 5000:6000 -j ACCEPT

-A OUTPUT -p udp --sport 50000:60000 -j ACCEPT

# Autoriser Postgresql

-A INPUT -p tcp --dport 5432 -j ACCEPT

-A OUTPUT -p tcp --dport 5432 -j ACCEPT

COMMIT

Après toute modification

$ sudo iptables-save

1	$ sudo iptables-save

Redémarrer le service

$ sudo /etc/init.d/iptables restart

1	$ sudo /etc/init.d/iptables restart

[Openfire] Reset du mot de passe admin

30 mars 201719 novembre 2017 BEF Laisser un commentaire

Éditer le fichier openfire.xml et ajouter les lignes suivantes sous la balise <?xml …

$ sudo vim /opt/openfire/conf/openfire.xml

1	$ sudo vim /opt/openfire/conf/openfire.xml

<?xml version=”1.0″ encoding=”UTF-8″?> <jive> …

<strong><admin></strong>
<strong> <authorizedJIDs>admin@example.com, new@example.com</authorizedJIDs></strong>
<strong></admin></strong>

<admin>

<authorizedJIDs>admin@example.com, new@example.com</authorizedJIDs>

</admin>

… Redémarrer le service Openfire.

[Linux] Installer un serveur Openfire

30 mars 201719 novembre 2017 BEF Laisser un commentaire

Installation d’Openfire Version de l’OS: Centos 6.8 Version d’Openfire: 4.0.3 Pré-requis Voir l’article Préparation d’une machine Centos 6.x 1.Une fois le serveur prêt, télécharger la source d’Openfire.

$ wget https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.0.3-1.i386.rpm

1	$ wget https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.0.3-1.i386.rpm

Installation du package

$ sudo rpm -Uvh openfire-4.0.3-1.i386.rpm

1	$ sudo rpm -Uvh openfire-4.0.3-1.i386.rpm

Démarrer le service et en automatique

$ sudo service openfire start
$ sudo chkconfig openfire on

1 2	$ sudo service openfire start $ sudo chkconfig openfire on

$ sudo service openfire status
openfire is running

1 2	$ sudo service openfire status openfire is running

/!\ Il y a un conflit entre le java d’Openfire […]