Skip to content
Klutch.sh Docs

Deploying Openfire

Introduction

Openfire is an open-source real-time collaboration server powered by the XMPP (Extensible Messaging and Presence Protocol) standard. Written in Java, Openfire provides enterprise-grade instant messaging with support for one-on-one chat, group messaging, presence information, and extensible features through plugins.

Originally known as Jive Messenger, Openfire has evolved into one of the most widely deployed XMPP servers, offering a balance of simplicity and power. The web-based admin console makes configuration straightforward, while the plugin system allows extending functionality for specific use cases.

Key highlights of Openfire:

  • XMPP Compliant: Full implementation of the XMPP protocol for interoperability
  • Web Admin Console: Browser-based administration interface
  • Plugin Architecture: Extend functionality with community and custom plugins
  • Multi-User Chat: Create chat rooms for team collaboration
  • Presence Information: Real-time online/offline status for all users
  • Federation: Connect with other XMPP servers for cross-organization messaging
  • LDAP Integration: Authenticate against existing directory services
  • Clustering: Scale horizontally for high-availability deployments
  • Security: TLS encryption, SASL authentication, and security policies
  • Extensible: REST API, webhooks, and plugin development support

This guide walks through deploying Openfire on Klutch.sh using Docker, configuring user authentication, and setting up the messaging server for production use.

Why Deploy Openfire on Klutch.sh

Deploying Openfire on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh automatically builds and deploys your messaging server. Push to GitHub, and your XMPP server deploys without manual intervention.

Persistent Storage: Attach persistent volumes for database, configuration, and plugins. Your messages and settings survive container restarts.

HTTPS by Default: Klutch.sh provides automatic SSL certificates for the web admin console and secure XMPP connections.

Always-On Messaging: Your messaging server runs 24/7, ensuring team members can communicate regardless of time zones.

GitHub Integration: Store configuration in Git for version-controlled infrastructure. Update by pushing changes.

Scalable Resources: Allocate CPU and memory based on user count and message volume.

Custom Domains: Use your organization’s domain for professional messaging addresses (user@company.com).

Prerequisites

Before deploying Openfire on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your Openfire configuration
  • Basic familiarity with Docker and containerization concepts
  • A domain name for your XMPP server
  • (Optional) LDAP server for directory integration

Understanding Openfire Architecture

Openfire consists of several components:

Core Server: Handles XMPP protocol processing, routing messages, and managing sessions.

Connection Managers: Handle client connections over various protocols (XMPP, BOSH, WebSocket).

Database: Stores user accounts, message history, roster data, and configuration. Supports embedded and external databases.

Plugin System: Loads optional functionality including MUC (multi-user chat), HTTP binding, and custom features.

Admin Console: Web-based interface for server configuration and monitoring.

Preparing Your Repository

Create a GitHub repository containing your Dockerfile and configuration.

Repository Structure

openfire-deploy/
├── Dockerfile
├── .dockerignore
└── README.md

Creating the Dockerfile

Create a Dockerfile for Openfire:

FROM igniterealtime/openfire:latest


# Create directories for persistent data
RUN mkdir -p /var/lib/openfire/embedded-db
RUN mkdir -p /var/lib/openfire/plugins
RUN mkdir -p /etc/openfire


# Environment configuration
ENV OPENFIRE_CONSOLE_SECURED=true


# Expose ports
# Admin console
EXPOSE 9090
EXPOSE 9091


# XMPP ports
EXPOSE 5222
EXPOSE 5223
EXPOSE 5269
EXPOSE 5270
EXPOSE 5275
EXPOSE 5276


# BOSH/WebSocket
EXPOSE 7070
EXPOSE 7443


# Use default entrypoint

Openfire Ports Reference

PortProtocolDescription
5222XMPP ClientStandard client connections
5223XMPP Client SSLLegacy SSL client connections
5269XMPP ServerServer-to-server federation
5270XMPP Server SSLServer-to-server SSL
5275XMPP ComponentExternal component connections
5276XMPP Component SSLExternal component SSL
7070HTTP BindingBOSH connections
7443HTTPS BindingSecure BOSH/WebSocket
9090Admin ConsoleHTTP admin interface
9091Admin Console SSLHTTPS admin interface

Deploying Openfire on Klutch.sh

Follow these steps to deploy your Openfire server:

    Configure DNS Records

    Set up DNS records for your XMPP domain:

    # A Record for server
    Type: A
    Host: xmpp
    Value: (Your Klutch.sh IP)
    

    # SRV Records for client discovery
    Type: SRV
    Host: _xmpp-client._tcp
    Value: 5 0 5222 xmpp.yourdomain.com
    

    # SRV Records for server-to-server
    Type: SRV
    Host: _xmpp-server._tcp
    Value: 5 0 5269 xmpp.yourdomain.com

    Push Your Repository to GitHub

    Initialize and push your repository:

    Terminal window
    git init
    git add Dockerfile .dockerignore README.md
    git commit -m "Initial Openfire configuration"
    git remote add origin https://github.com/yourusername/openfire-deploy.git
    git push -u origin main

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project named “openfire” or “messaging”.

    Create a New App

    Within your project, create a new app. Connect your GitHub account and select the repository containing your Openfire Dockerfile.

    Configure Network Traffic

    Configure ports for your deployment. Essential ports:

    • 9090/9091: Admin console (HTTP)
    • 5222: XMPP client connections
    • 7443: WebSocket/BOSH connections

    Set Environment Variables

    Configure basic settings:

    VariableValue
    OPENFIRE_CONSOLE_SECUREDtrue

    Attach Persistent Volumes

    Add persistent storage:

    Mount PathRecommended SizePurpose
    /var/lib/openfire20 GBDatabase and configuration
    /usr/share/openfire/plugins5 GBInstalled plugins

    Deploy Your Application

    Click Deploy to start the build process.

    Complete Initial Setup

    Access the admin console at https://your-app-name.klutch.sh:9090:

    1. Select your language
    2. Configure server domain name
    3. Choose database type (embedded or external)
    4. Set admin credentials
    5. Complete the setup wizard

    Configure TLS Certificates

    In the admin console:

    1. Navigate to Server > TLS/SSL Certificates
    2. Import or generate certificates
    3. Enable TLS for client and server connections

Admin Console Configuration

User Management

Create and manage users:

  1. Navigate to Users/Groups > Users
  2. Click “Create New User”
  3. Enter username, password, and details
  4. Assign groups if applicable

Group Management

Organize users into groups:

  1. Go to Users/Groups > Groups
  2. Create groups for teams or departments
  3. Add users to groups
  4. Groups can share rosters automatically

Chat Rooms

Create multi-user chat rooms:

  1. Navigate to Group Chat > Group Chat Rooms
  2. Create a new room
  3. Configure room settings (persistent, members-only, etc.)
  4. Assign moderators

Plugin Installation

Essential Plugins

Consider installing these plugins:

  • Monitoring Service: Message archiving and compliance
  • REST API: Programmatic server management
  • HTTP File Upload: File sharing in chat
  • Push Notification: Mobile push notifications
  • Bookmarks: Shared conference room bookmarks

Installing Plugins

Via admin console:

  1. Navigate to Plugins > Available Plugins
  2. Find the desired plugin
  3. Click the install button
  4. Restart if prompted

Plugin Configuration

Configure installed plugins:

  1. Go to Plugins > Plugins
  2. Click on the plugin name
  3. Access plugin-specific settings

Client Configuration

Desktop Clients

Compatible XMPP clients:

Mobile Clients

Web Clients

Client Connection Settings

Configure clients with:

  • Server: xmpp.yourdomain.com
  • Port: 5222 (or 5223 for legacy SSL)
  • Username: user or user@yourdomain.com
  • Connection security: STARTTLS or SSL

Directory Integration

LDAP Configuration

Connect to existing directory services:

  1. Navigate to Server > Server Settings > Profile Settings
  2. Select “LDAP” for user provider
  3. Configure LDAP connection:
    • Server hostname and port
    • Base DN for users
    • Admin DN and password
    • Search filter

Active Directory

For Active Directory integration:

Host: ad.company.com
Port: 389 (or 636 for LDAPS)
Base DN: DC=company,DC=com
Admin DN: CN=ldap_admin,OU=Service Accounts,DC=company,DC=com

Federation

Server-to-Server Communication

Enable federation with other XMPP servers:

  1. Navigate to Server > Server Settings > Server to Server
  2. Enable server-to-server connections
  3. Configure allowed/blocked domains
  4. Set up DNS SRV records

Security Policies

Control federation security:

  • Require TLS for all server connections
  • Use certificate verification
  • Whitelist trusted domains

Security Configuration

TLS/SSL Setup

Secure all connections:

  1. Generate or import certificates
  2. Enable STARTTLS for client connections
  3. Require encryption for sensitive deployments
  4. Configure certificate chains

Password Policies

Enforce strong passwords:

  1. Navigate to Server > Server Settings > Security Settings
  2. Set minimum password length
  3. Require password complexity
  4. Configure password expiration

Connection Policies

Control access:

  • Limit concurrent connections per user
  • Configure connection timeouts
  • Set maximum message sizes
  • Enable rate limiting

Troubleshooting Common Issues

Cannot Connect from Clients

Symptoms: XMPP clients fail to connect.

Solutions:

  • Verify port 5222 is accessible
  • Check TLS certificate configuration
  • Verify DNS SRV records
  • Review server logs for connection errors

Admin Console Inaccessible

Symptoms: Cannot access web admin.

Solutions:

  • Verify ports 9090/9091 are exposed
  • Check the deployment is running
  • Try both HTTP and HTTPS
  • Review container logs

LDAP Authentication Failing

Symptoms: Users cannot log in with LDAP credentials.

Solutions:

  • Verify LDAP server connectivity
  • Check bind DN and password
  • Verify search filter syntax
  • Test LDAP connection independently

Messages Not Delivered

Symptoms: Messages fail to reach recipients.

Solutions:

  • Verify both users are properly registered
  • Check server logs for routing errors
  • Ensure recipients are online or offline storage is enabled
  • Review message archive for delivery status

Additional Resources

Conclusion

Deploying Openfire on Klutch.sh provides a robust, standards-based messaging platform for your organization. With XMPP compliance, extensible plugins, and comprehensive administration, Openfire delivers enterprise-grade instant messaging.

The combination of persistent storage for messages and configuration, reliable uptime, and HTTPS security makes Klutch.sh an excellent platform for hosting Openfire. Whether enabling team collaboration or building chat into your applications, your self-hosted XMPP server provides the control and reliability that cloud messaging services cannot match.

Start with basic messaging, then expand with plugins, directory integration, and federation as your needs grow. With Openfire on Klutch.sh, you own your communication infrastructure.