Initial version of other XMPP domain and infrastructure

2021-09-12 14:51:22 +01:00 · 2021-09-12 14:51:22 +01:00 · 185891aeeb
parent bcd2fc01eb
commit 185891aeeb
9 changed files with 1464 additions and 2 deletions
--- a/docker-compose-otherdomain.yml
+++ b/docker-compose-otherdomain.yml
@ -0,0 +1,60 @@
+version: '3.7'
+
+services:
+
+  otherdb:
+    image: library/postgres:9.6.17-alpine
+    ports:
+      - "5433:5432"
+    environment:
+      - "POSTGRES_DB=openfire"
+      - "POSTGRES_USER=openfire"
+      - "POSTGRES_PASSWORD=hunter2"
+    volumes:
+      - ./sql/otherdomain:/docker-entrypoint-initdb.d
+    networks:
+      openfire-clustered-net:
+        ipv4_address: 172.60.0.111
+  
+  otherxmpp:
+    image: "openfire:${OPENFIRE_TAG}"
+    ports:
+      - "5229:5222"
+      - "5269:5269"
+      - "7079:7070"
+      - "7449:7443"
+      - "9099:9090"
+    depends_on:
+      - "otherdb"
+    volumes:
+      - ./_data/xmpp/otherdomain/conf:/var/lib/openfire/conf
+      #- ./_data/plugins:/opt/plugins
+      - ./wait-for-it.sh:/wait-for-it.sh
+    command: ["/wait-for-it.sh", "-s", "otherdb:5432", "--", "/sbin/entrypoint.sh"]
+    networks:
+      openfire-clustered-net:
+        ipv4_address: 172.60.0.110
+    extra_hosts:
+      - "xmpp.localhost.example:172.60.0.10"
+      - "xmpp.localhost.example:172.60.0.20"
+      - "xmpp.localhost.example:172.60.0.30"
+      - "conference.xmpp.localhost.example:172.60.0.10"
+      - "conference.xmpp.localhost.example:172.60.0.20"
+      - "conference.xmpp3.localhost.example:172.60.0.30"
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
+  
+  xmpp1:
+    extra_hosts: 
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
+
+  xmpp2:
+    extra_hosts: 
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
+  
+  xmpp3:
+    extra_hosts: 
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
--- a/sql/otherdomain/openfire.sql
+++ b/sql/otherdomain/openfire.sql
--- a/start.sh
+++ b/start.sh
@ -1,20 +1,25 @@
 #!/bin/bash

-usage() { echo "Usage: $0 [-c] [-n openfire-tag] [-h]
+usage() { echo "Usage: $0 [-c] [-o] [-n openfire-tag] [-h]

  -c               Launches a Cluster instead of a FMUC stack
+  -o               Launches another separate domain alongside the cluster
  -n openfire-tag  Launches all Openfire instances with the specified tag. This overrides the value in .env
  -h               Show this helpful information
 "; exit 0; }

 CLUSTER_MODE=false
+OTHER_DOMAIN=false
 COMPOSE_FILE_COMMAND=("docker-compose")

-while getopts cn:h o; do
+while getopts con:h o; do
  case "$o" in
    c)
        CLUSTER_MODE=true
        ;;
+    o)
+        OTHER_DOMAIN=true
+        ;;
    n)
        echo "Using Openfire tag: $1"
        export OPENFIRE_TAG=$1
@ -28,6 +33,15 @@ while getopts cn:h o; do
  esac
 done

+if [ $OTHER_DOMAIN == "true" ]; then 
+  if [ $CLUSTER_MODE == "false" ]; then
+    echo "Other domains are only supported alongside clusters"
+    exit 1
+  else
+    COMPOSE_FILE_COMMAND+=("-f" "docker-compose-otherdomain.yml")
+  fi
+fi
+
 case $CLUSTER_MODE in
  (true)   echo "Starting a clustered environment."
           COMPOSE_FILE_COMMAND+=("-f" "docker-compose-clustered.yml");;
--- a/xmpp/otherdomain/conf/openfire.xml
+++ b/xmpp/otherdomain/conf/openfire.xml
@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    This file stores bootstrap properties needed by Openfire.
+    Property names must be in the format: "prop.name.is.blah=value"
+    That will be stored as:
+        <prop>
+            <name>
+                <is>
+                    <blah>value</blah>
+                </is>
+            </name>
+        </prop>
+
+    Most properties are stored in the Openfire database. A
+    property viewer and editor is included in the admin console.
+-->
+<!-- root element, all properties must be under this element -->
+<jive>
+  <adminConsole>
+    <!-- Disable either port by setting the value to -1 -->  
+    <port>9090</port>
+    <securePort>9091</securePort>
+  </adminConsole>
+  <locale>en</locale>
+  <!-- Network settings. By default, Openfire will bind to all network interfaces.
+      Alternatively, you can specify a specific network interfaces that the server
+      will listen on. For example, 127.0.0.1. This setting is generally only useful
+       on multi-homed servers. -->  
+  <!--
+    <network>
+        <interface></interface>
+    </network>
+    -->  
+  <!--
+        One time token to gain temporary access to the admin console.
+    -->  
+  <!--
+    <oneTimeAccessToken>secretToken</oneTimeAccessToken>
+    -->  
+  <connectionProvider>
+    <className>org.jivesoftware.database.DefaultConnectionProvider</className>
+  </connectionProvider>
+  <database>
+    <defaultProvider>
+      <driver>org.postgresql.Driver</driver>
+      <serverURL>jdbc:postgresql://otherdb:5432/openfire</serverURL>
+      <username encrypted="true">10d847caed2654fbb1fe6cefac0f381893323ae6b5eea27d31503d5880091fca</username>
+      <password encrypted="true">30c1893796e0110fc4607c8b1bca0d0e54f10b270c4615d3</password>
+      <testSQL>select 1</testSQL>
+      <testBeforeUse>false</testBeforeUse>
+      <testAfterUse>false</testAfterUse>
+      <testTimeout>500</testTimeout>
+      <timeBetweenEvictionRuns>30000</timeBetweenEvictionRuns>
+      <minIdleTime>900000</minIdleTime>
+      <maxWaitTime>500</maxWaitTime>
+      <minConnections>5</minConnections>
+      <maxConnections>25</maxConnections>
+      <connectionTimeout>1.0</connectionTimeout>
+    </defaultProvider>
+  </database>
+  <setup>true</setup> 
+  <fqdn>otherxmpp.localhost.example</fqdn>
+</jive>
--- a/xmpp/otherdomain/conf/security.xml
+++ b/xmpp/otherdomain/conf/security.xml
@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  This file stores security-related properties needed by Openfire.
+  You may edit this file to manage encrypted properties and 
+  encryption configuration value. Note however that you should not
+  edit this file while Openfire is running, or it may be overwritten.
+  
+  It is important to note that Openfire will store encrypted property
+  values securely "at rest" (e.g. in the database or XML), but the 
+  values will be managed as clear text strings in memory at runtime for
+  interoperability and performance reasons. Encrypted property values
+  are not visible via the Openfire console, but they may be edited or 
+  deleted as needed.
+-->
+<security> 
+  <encrypt> 
+    <!-- This can be set to "AES" or "Blowfish" (default) at setup time -->  
+    <algorithm>Blowfish</algorithm>  
+    <key> 
+      <!-- 
+        If this is a new server setup, you may set a custom encryption key
+        by setting a value for the <new /> encryption key element only.
+      
+        To change the encryption key, provide values for both new and old
+        encryption keys here. The "old" key must match the unencrypted value 
+        of the "current" key. The server will update the existing property
+        values in the database, re-encrypting them using the new key. After
+        the encrypted properties have been updated, the new key will itself
+        be encrypted and re-written into this file as <current />. 
+        
+        Note that if the current encryption key becomes invalid, any property
+        values secured by the original key will be inaccessible as well.
+        
+        The key value can be any string, and it will be hashed, filled, and/or
+        truncated to produce a compatible key for the corresponding algorithm.
+        Note that leading and trailing spaces will be ignored. A strong key 
+        will contain sixteen characters or more.
+
+        <old></old>
+        <new></new>
+       -->  
+      <current></current> 
+    </key>  
+    <property> 
+      <!-- 
+        This list includes the names of properties that have been marked for
+        encryption. Any XML properties (from openfire.xml) that are listed here 
+        will be encrypted automatically upon first use. Other properties 
+        (already in the database) can be added to this list at runtime via the 
+        "System Properties" page in the Openfire console.
+      -->  
+      <name>database.defaultProvider.username</name>  
+      <name>database.defaultProvider.password</name> 
+    </property> 
+  </encrypt>  
+  <!-- 
+  Any other property defined in this file will be treated as an encrypted
+  property. The value (in clear text) will be encrypted and migrated into 
+  the Openfire database during the next startup. The property name will 
+  be added to the list of encrypted properties and the clear text value 
+  will be removed from this file.
+  
+  <foo><bar>Secr3t$tr1ng!</bar></foo>
+--> 
+</security>
--- a/xmpp/otherdomain/conf/security/archive/readme.txt
+++ b/xmpp/otherdomain/conf/security/archive/readme.txt
@ -0,0 +1 @@
+This directory is used as a default location in which Openfire stores backups of keystore files.
--- a/xmpp/otherdomain/conf/security/client.truststore
+++ b/xmpp/otherdomain/conf/security/client.truststore
--- a/xmpp/otherdomain/conf/security/keystore
+++ b/xmpp/otherdomain/conf/security/keystore
--- a/xmpp/otherdomain/conf/security/truststore
+++ b/xmpp/otherdomain/conf/security/truststore
				`@ -0,0 +1 @@`
				`This directory is used as a default location in which Openfire stores backups of keystore files.`