Openfire
/
openfire-docker-compose
mirror of https://github.com/surevine/openfire-docker-compose.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add openfire cluster with postgres cluster

postgres_cluster
Dan Caseley 2022-11-16 21:10:55 +00:00
parent 905c512e7b
commit 38faf44e50
28 changed files with 2198 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
cluster_with_clustered_db/README.md 100644
View File

@ -0,0 +1,83 @@
# Clustered configuration
Running `./start.sh -c` will perform some cleanup then start the containers in a clustered configuration.
When running, the system looks like this:
```
+--------------------------------------------------+
| 172.60.0.99 |
| +----------------+ |
| | |+--------------+ |
(XMPP-C2S) 55222 -|-------| Load Balancer |+-------+ | |
(BOSH) 57070 -| | | | | |
(BOSHS) 57443 -| +----------------+ | | |
| | | 172.60.0.30 |
| | | +--------+ |
| | +=============+ | |- 5223 (XMPP-C2S)
| | | | | XMPP 3 |----|- 5263 (XMPP-S2S)
| | | | | | |- 9093 (HTTP-Admin)
| | | | +------+-+ |- 7073 (BOSH)
| | | | | |
| 172.60.0.10 | 172.60.0.20 | |
| +--------+ | +--------+ | |
(XMPP-C2S) 5221 -| | +======+ | |=====+ |- 5222 (XMPP-C2S)
(XMPP-S2S) 5261 -|------| XMPP 1 +============+ XMPP 2 | |- 5262 (XMPP-S2S)
(HTTP-Admin) 9091 -| | | | |------------|- 9092 (HTTP-Admin)
(BOSH) 7071 -| +----+---+ +----+---+ |- 7072 (BOSH)
| | | |
| | | |
| +---+--+ | |
| | | | |
(Database) 5432 -|-------| DB +------------------+ |
| | | |
| +------+ |
| 172.60.0.11 |
| |
+----------------172.60.0.0/24---------------------+
```
Note that the load balancer is configured to be less flappy, with the flappiness controlled by the nginx config, simulating simple round-robin DNS load balancing. Ports from individual servers are exposed and can be hit directly.
Openfire is configured with the following XMPP domain:
* `xmpp.localhost.example`
Openfire is configured with the following hostnames:
* `xmpp1.localhost.example`
* `xmpp2.localhost.example`
* `xmpp3.localhost.example`
The following users are configured:
* `user1` `password`
* `user2` `password`
The following MUC rooms are configured:
* `muc1`
* `muc2`
## Network
The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24` for the clustered configuration.
### Removing a node from the network
To remove a node from the network run the following command:
`docker network disconnect NETWORK-NAME CONTAINER-NAME`
For example:
`docker network disconnect openfire-testing_openfire-federated-net openfire-testing_xmpp1_1`
### Adding a node to the network
To add a node to the network fun the following command:
`docker network connect NETWORK-NAME CONTAINER-NAME`
For example:
`docker network connect openfire-testing_openfire-federated-net openfire-testing_xmpp1_1`

150
cluster_with_clustered_db/docker-compose-clustered.yml 100644
View File

@ -0,0 +1,150 @@
version: '3.7'
services:
db-1:
image: bitnami/postgresql-repmgr:14.6.0
ports:
- 5432
environment:
- POSTGRESQL_POSTGRES_PASSWORD=adminpassword
- POSTGRESQL_USERNAME=openfire
- POSTGRESQL_PASSWORD=hunter2
- POSTGRESQL_DATABASE=openfire
- REPMGR_PASSWORD=repmgrpassword
- REPMGR_PRIMARY_HOST=db-1
- REPMGR_PRIMARY_PORT=5432
- REPMGR_PARTNER_NODES=db-1,db-2:5432
- REPMGR_NODE_NAME=db-1
- REPMGR_NODE_NETWORK_NAME=db-1
- REPMGR_PORT_NUMBER=5432
volumes:
- ./sql:/docker-entrypoint-initdb.d
networks:
openfire-clustered-net:
ipv4_address: 172.60.0.11
db-2:
image: bitnami/postgresql-repmgr:14.6.0
ports:
- 5432
environment:
- POSTGRESQL_POSTGRES_PASSWORD=adminpassword
- POSTGRESQL_USERNAME=openfire
- POSTGRESQL_PASSWORD=hunter2
- POSTGRESQL_DATABASE=openfire
- REPMGR_PASSWORD=repmgrpassword
- REPMGR_PRIMARY_HOST=db-1
- REPMGR_PRIMARY_PORT=5432
- REPMGR_PARTNER_NODES=db-1,db-2:5432
- REPMGR_NODE_NAME=db-2
- REPMGR_NODE_NETWORK_NAME=db-2
- REPMGR_PORT_NUMBER=5432
networks:
openfire-clustered-net:
ipv4_address: 172.60.0.12
lb:
image: nginx:stable
ports:
- "55222:55222"
- "57070:57070"
- "57443:57443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
networks:
openfire-clustered-net:
ipv4_address: 172.60.0.99
xmpp1:
image: "openfire:${OPENFIRE_TAG}"
ports:
- "5221:5222"
- "5261:5269"
- "7071:7070"
- "7441:7443"
- "9091:9090"
depends_on:
- "db"
volumes:
- ./_data/xmpp/1/conf:/var/lib/openfire/conf
- ./_data/plugins:/opt/plugins
- ../_common/wait-for-it.sh:/wait-for-it.sh
command: ["/wait-for-it.sh", "-s", "db-1:5432", "--", "/sbin/entrypoint.sh"]
networks:
openfire-clustered-net:
ipv4_address: 172.60.0.10
extra_hosts:
- "xmpp1.localhost.example:172.60.0.10"
- "conference.xmpp1.localhost.example:172.60.0.10"
- "xmpp2.localhost.example:172.60.0.20"
- "conference.xmpp2.localhost.example:172.60.0.20"
- "xmpp3.localhost.example:172.60.0.30"
- "conference.xmpp3.localhost.example:172.60.0.30"
xmpp2:
image: "openfire:${OPENFIRE_TAG}"
ports:
- "5222:5222"
- "5262:5269"
- "7072:7070"
- "7442:7443"
- "9092:9090"
depends_on:
- "db"
volumes:
- ./_data/xmpp/2/conf:/var/lib/openfire/conf
- ./_data/plugins:/opt/plugins
- ../_common/wait-for-it.sh:/wait-for-it.sh
command: ["/wait-for-it.sh", "-s", "db-1:5432", "--", "/sbin/entrypoint.sh"]
networks:
openfire-clustered-net:
ipv4_address: 172.60.0.20
extra_hosts:
- "xmpp1.localhost.example:172.60.0.10"
- "conference.xmpp1.localhost.example:172.60.0.10"
- "xmpp2.localhost.example:172.60.0.20"
- "conference.xmpp2.localhost.example:172.60.0.20"
- "xmpp3.localhost.example:172.60.0.30"
- "conference.xmpp3.localhost.example:172.60.0.30"
xmpp3:
image: "openfire:${OPENFIRE_TAG}"
ports:
- "5223:5222"
- "5263:5269"
- "7073:7070"
- "7443:7443"
- "9093:9090"
depends_on:
- "db"
volumes:
- ./_data/xmpp/3/conf:/var/lib/openfire/conf
- ./_data/plugins:/opt/plugins
- ../_common/wait-for-it.sh:/wait-for-it.sh
command: ["/wait-for-it.sh", "-s", "db-1:5432", "--", "/sbin/entrypoint.sh"]
networks:
openfire-clustered-net:
ipv4_address: 172.60.0.30
extra_hosts:
- "xmpp1.localhost.example:172.60.0.10"
- "conference.xmpp1.localhost.example:172.60.0.10"
- "xmpp2.localhost.example:172.60.0.20"
- "conference.xmpp2.localhost.example:172.60.0.20"
- "xmpp3.localhost.example:172.60.0.30"
- "conference.xmpp3.localhost.example:172.60.0.30"
dozzle:
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 9999:8080
networks:
openfire-clustered-net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.60.0.0/24

70
cluster_with_clustered_db/nginx/nginx.conf 100644
View File

@ -0,0 +1,70 @@
# error_log stdout debug;
stream {
upstream xmpp {
server 172.60.0.10:5222;
server 172.60.0.20:5222;
server 172.60.0.30:5222;
}
server {
listen 55222;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 12h; # Set this lower to be more flappy
proxy_pass xmpp;
}
upstream bosh {
server 172.60.0.10:7070;
server 172.60.0.20:7070;
server 172.60.0.30:7070;
}
server {
listen 57070;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 12h; # Set this lower to be more flappy
proxy_pass bosh;
}
upstream boshs {
server 172.60.0.10:7443;
server 172.60.0.20:7443;
server 172.60.0.30:7443;
}
server {
listen 57443;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass boshs;
}
upstream s2s {
server 172.60.0.10:5269;
server 172.60.0.20:5269;
server 172.60.0.30:5269;
}
server {
listen 5269;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 1m;
proxy_pass s2s;
}
upstream s2slegacy {
server 172.60.0.10:5270;
server 172.60.0.20:5270;
server 172.60.0.30:5270;
}
server {
listen 5270;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 1m;
proxy_pass s2slegacy;
}
}
events {}

BIN
cluster_with_clustered_db/plugins/hazelcast.jar 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/plugins/heapdump.jar 100644
View File

Binary file not shown.

1257
cluster_with_clustered_db/sql/openfire.sql 100644
View File

File diff suppressed because it is too large Load Diff

56
cluster_with_clustered_db/start.sh 100755
View File

@ -0,0 +1,56 @@
#!/bin/bash
usage() { echo "Usage: $0 [-n openfire-tag] [-h]
-n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env
-h Show this helpful information
"; exit 0; }
PROJECT="openfire"
COMPOSE_FILE_COMMAND=("docker" "compose")
COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env")
COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT")
# Where is this script? It could be called from anywhere, so use this to get full paths.
SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )"
source "$SCRIPTPATH/../_common/functions.sh"
check_deps
while getopts n:h o; do
case "$o" in
n)
if [[ $OPTARG =~ " " ]]; then
echo "Docker tags cannot contain spaces"
exit 1
fi
echo "Using Openfire tag: $OPTARG"
export OPENFIRE_TAG="$OPTARG"
;;
h)
usage
;;
*)
usage
;;
esac
done
echo "Starting a clustered environment."
COMPOSE_FILE_COMMAND+=("-f" "docker-compose-clustered.yml")
pushd "$SCRIPTPATH"
"$SCRIPTPATH"/../stop.sh
"${COMPOSE_FILE_COMMAND[@]}" pull --ignore-pull-failures
# Clean up temporary persistence data
if ! rm -rf _data; then
echo "ERROR: Failed to delete _data directory. Try with sudo, then re-run." && popd && exit 1
fi
mkdir _data
cp -r xmpp _data/
cp -r plugins _data/
"${COMPOSE_FILE_COMMAND[@]}" up -d || popd
popd

60
cluster_with_clustered_db/xmpp/1/conf/hazelcast-local-config.xml 100644
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<hazelcast xmlns="http://www.hazelcast.com/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.hazelcast.com/schema/config
http://www.hazelcast.com/schema/config/hazelcast-config-3.12.xsd">
<group>
<name>openfire</name>
<password>openfire</password>
</group>
<network>
<port auto-increment="true" port-count="100">5701</port>
<outbound-ports>
<ports>0</ports>
</outbound-ports>
<!-- The following enables multicast discovery of cluster members
See http://docs.hazelcast.org/docs/3.12/manual/html-single/index.html#discovering-members-by-multicast
-->
<join>
<multicast enabled="true">
<multicast-group>224.2.2.3</multicast-group>
<multicast-port>54327</multicast-port>
</multicast>
<tcp-ip enabled="false"/>
</join>
<!-- The following enables TCP/IP based discovery of cluster members
See http://docs.hazelcast.org/docs/3.12/manual/html-single/index.html#discovering-members-by-tcp
-->
<!--
<join>
<multicast enabled="false"/>
<tcp-ip enabled="true">
<member>10.10.1.1:5701</member>
<member>10.10.1.2:5701</member>
</tcp-ip>
</join>
-->
<interfaces enabled="false">
<interface>10.10.1.*</interface>
</interfaces>
<ssl enabled="false"/>
<socket-interceptor enabled="false"/>
<symmetric-encryption enabled="false">
<!--
encryption algorithm such as
DES/ECB/PKCS5Padding,
PBEWithMD5AndDES,
AES/CBC/PKCS5Padding,
Blowfish,
DESede
-->
<algorithm>PBEWithMD5AndDES</algorithm>
<!-- salt value to use when generating the secret key -->
<salt>thesalt</salt>
<!-- pass phrase to use when generating the secret key -->
<password>thepass</password>
<!-- iteration count to use when generating the secret key -->
<iteration-count>19</iteration-count>
</symmetric-encryption>
</network>
</hazelcast>

67
cluster_with_clustered_db/xmpp/1/conf/openfire.xml 100644
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9090</port>
<securePort>9091</securePort>
</adminConsole>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface></interface>
</network>
-->
<!--
One time token to gain temporary access to the admin console.
-->
<!--
<oneTimeAccessToken>secretToken</oneTimeAccessToken>
-->
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://db-1,db-2/openfire?targetServerType=primary</serverURL>
<username encrypted="true">10d847caed2654fbb1fe6cefac0f381893323ae6b5eea27d31503d5880091fca</username>
<password encrypted="true">30c1893796e0110fc4607c8b1bca0d0e54f10b270c4615d3</password>
<testSQL>select 1</testSQL>
<testBeforeUse>false</testBeforeUse>
<testAfterUse>false</testAfterUse>
<testTimeout>500</testTimeout>
<timeBetweenEvictionRuns>30000</timeBetweenEvictionRuns>
<minIdleTime>900000</minIdleTime>
<maxWaitTime>500</maxWaitTime>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>true</setup>
<fqdn>xmpp1.localhost.example</fqdn>
<clustering>
<enabled>true</enabled>
</clustering>
</jive>

66
cluster_with_clustered_db/xmpp/1/conf/security.xml 100644
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores security-related properties needed by Openfire.
You may edit this file to manage encrypted properties and
encryption configuration value. Note however that you should not
edit this file while Openfire is running, or it may be overwritten.
It is important to note that Openfire will store encrypted property
values securely "at rest" (e.g. in the database or XML), but the
values will be managed as clear text strings in memory at runtime for
interoperability and performance reasons. Encrypted property values
are not visible via the Openfire console, but they may be edited or
deleted as needed.
-->
<security>
<encrypt>
<!-- This can be set to "AES" or "Blowfish" (default) at setup time -->
<algorithm>Blowfish</algorithm>
<key>
<!--
If this is a new server setup, you may set a custom encryption key
by setting a value for the <new /> encryption key element only.
To change the encryption key, provide values for both new and old
encryption keys here. The "old" key must match the unencrypted value
of the "current" key. The server will update the existing property
values in the database, re-encrypting them using the new key. After
the encrypted properties have been updated, the new key will itself
be encrypted and re-written into this file as <current />.
Note that if the current encryption key becomes invalid, any property
values secured by the original key will be inaccessible as well.
The key value can be any string, and it will be hashed, filled, and/or
truncated to produce a compatible key for the corresponding algorithm.
Note that leading and trailing spaces will be ignored. A strong key
will contain sixteen characters or more.
<old></old>
<new></new>
-->
<current></current>
</key>
<property>
<!--
This list includes the names of properties that have been marked for
encryption. Any XML properties (from openfire.xml) that are listed here
will be encrypted automatically upon first use. Other properties
(already in the database) can be added to this list at runtime via the
"System Properties" page in the Openfire console.
-->
<name>database.defaultProvider.username</name>
<name>database.defaultProvider.password</name>
</property>
</encrypt>
<!--
Any other property defined in this file will be treated as an encrypted
property. The value (in clear text) will be encrypted and migrated into
the Openfire database during the next startup. The property name will
be added to the list of encrypted properties and the clear text value
will be removed from this file.
<foo><bar>Secr3t$tr1ng!</bar></foo>
-->
</security>

1
cluster_with_clustered_db/xmpp/1/conf/security/archive/readme.txt 100644
View File

@ -0,0 +1 @@
This directory is used as a default location in which Openfire stores backups of keystore files.

BIN
cluster_with_clustered_db/xmpp/1/conf/security/client.truststore 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/xmpp/1/conf/security/keystore 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/xmpp/1/conf/security/truststore 100644
View File

Binary file not shown.

60
cluster_with_clustered_db/xmpp/2/conf/hazelcast-local-config.xml 100644
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<hazelcast xmlns="http://www.hazelcast.com/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.hazelcast.com/schema/config
http://www.hazelcast.com/schema/config/hazelcast-config-3.12.xsd">
<group>
<name>openfire</name>
<password>openfire</password>
</group>
<network>
<port auto-increment="true" port-count="100">5701</port>
<outbound-ports>
<ports>0</ports>
</outbound-ports>
<!-- The following enables multicast discovery of cluster members
See http://docs.hazelcast.org/docs/3.12/manual/html-single/index.html#discovering-members-by-multicast
-->
<join>
<multicast enabled="true">
<multicast-group>224.2.2.3</multicast-group>
<multicast-port>54327</multicast-port>
</multicast>
<tcp-ip enabled="false"/>
</join>
<!-- The following enables TCP/IP based discovery of cluster members
See http://docs.hazelcast.org/docs/3.12/manual/html-single/index.html#discovering-members-by-tcp
-->
<!--
<join>
<multicast enabled="false"/>
<tcp-ip enabled="true">
<member>10.10.1.1:5701</member>
<member>10.10.1.2:5701</member>
</tcp-ip>
</join>
-->
<interfaces enabled="false">
<interface>10.10.1.*</interface>
</interfaces>
<ssl enabled="false"/>
<socket-interceptor enabled="false"/>
<symmetric-encryption enabled="false">
<!--
encryption algorithm such as
DES/ECB/PKCS5Padding,
PBEWithMD5AndDES,
AES/CBC/PKCS5Padding,
Blowfish,
DESede
-->
<algorithm>PBEWithMD5AndDES</algorithm>
<!-- salt value to use when generating the secret key -->
<salt>thesalt</salt>
<!-- pass phrase to use when generating the secret key -->
<password>thepass</password>
<!-- iteration count to use when generating the secret key -->
<iteration-count>19</iteration-count>
</symmetric-encryption>
</network>
</hazelcast>

67
cluster_with_clustered_db/xmpp/2/conf/openfire.xml 100644
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9090</port>
<securePort>9091</securePort>
</adminConsole>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface></interface>
</network>
-->
<!--
One time token to gain temporary access to the admin console.
-->
<!--
<oneTimeAccessToken>secretToken</oneTimeAccessToken>
-->
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://db-1,db-2/openfire?targetServerType=primary</serverURL>
<username encrypted="true">10d847caed2654fbb1fe6cefac0f381893323ae6b5eea27d31503d5880091fca</username>
<password encrypted="true">30c1893796e0110fc4607c8b1bca0d0e54f10b270c4615d3</password>
<testSQL>select 1</testSQL>
<testBeforeUse>false</testBeforeUse>
<testAfterUse>false</testAfterUse>
<testTimeout>500</testTimeout>
<timeBetweenEvictionRuns>30000</timeBetweenEvictionRuns>
<minIdleTime>900000</minIdleTime>
<maxWaitTime>500</maxWaitTime>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>true</setup>
<fqdn>xmpp2.localhost.example</fqdn>
<clustering>
<enabled>true</enabled>
</clustering>
</jive>

66
cluster_with_clustered_db/xmpp/2/conf/security.xml 100644
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores security-related properties needed by Openfire.
You may edit this file to manage encrypted properties and
encryption configuration value. Note however that you should not
edit this file while Openfire is running, or it may be overwritten.
It is important to note that Openfire will store encrypted property
values securely "at rest" (e.g. in the database or XML), but the
values will be managed as clear text strings in memory at runtime for
interoperability and performance reasons. Encrypted property values
are not visible via the Openfire console, but they may be edited or
deleted as needed.
-->
<security>
<encrypt>
<!-- This can be set to "AES" or "Blowfish" (default) at setup time -->
<algorithm>Blowfish</algorithm>
<key>
<!--
If this is a new server setup, you may set a custom encryption key
by setting a value for the <new /> encryption key element only.
To change the encryption key, provide values for both new and old
encryption keys here. The "old" key must match the unencrypted value
of the "current" key. The server will update the existing property
values in the database, re-encrypting them using the new key. After
the encrypted properties have been updated, the new key will itself
be encrypted and re-written into this file as <current />.
Note that if the current encryption key becomes invalid, any property
values secured by the original key will be inaccessible as well.
The key value can be any string, and it will be hashed, filled, and/or
truncated to produce a compatible key for the corresponding algorithm.
Note that leading and trailing spaces will be ignored. A strong key
will contain sixteen characters or more.
<old></old>
<new></new>
-->
<current></current>
</key>
<property>
<!--
This list includes the names of properties that have been marked for
encryption. Any XML properties (from openfire.xml) that are listed here
will be encrypted automatically upon first use. Other properties
(already in the database) can be added to this list at runtime via the
"System Properties" page in the Openfire console.
-->
<name>database.defaultProvider.username</name>
<name>database.defaultProvider.password</name>
</property>
</encrypt>
<!--
Any other property defined in this file will be treated as an encrypted
property. The value (in clear text) will be encrypted and migrated into
the Openfire database during the next startup. The property name will
be added to the list of encrypted properties and the clear text value
will be removed from this file.
<foo><bar>Secr3t$tr1ng!</bar></foo>
-->
</security>

1
cluster_with_clustered_db/xmpp/2/conf/security/archive/readme.txt 100644
View File

@ -0,0 +1 @@
This directory is used as a default location in which Openfire stores backups of keystore files.

BIN
cluster_with_clustered_db/xmpp/2/conf/security/client.truststore 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/xmpp/2/conf/security/keystore 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/xmpp/2/conf/security/truststore 100644
View File

Binary file not shown.

60
cluster_with_clustered_db/xmpp/3/conf/hazelcast-local-config.xml 100644
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<hazelcast xmlns="http://www.hazelcast.com/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.hazelcast.com/schema/config
http://www.hazelcast.com/schema/config/hazelcast-config-3.12.xsd">
<group>
<name>openfire</name>
<password>openfire</password>
</group>
<network>
<port auto-increment="true" port-count="100">5701</port>
<outbound-ports>
<ports>0</ports>
</outbound-ports>
<!-- The following enables multicast discovery of cluster members
See http://docs.hazelcast.org/docs/3.12/manual/html-single/index.html#discovering-members-by-multicast
-->
<join>
<multicast enabled="true">
<multicast-group>224.2.2.3</multicast-group>
<multicast-port>54327</multicast-port>
</multicast>
<tcp-ip enabled="false"/>
</join>
<!-- The following enables TCP/IP based discovery of cluster members
See http://docs.hazelcast.org/docs/3.12/manual/html-single/index.html#discovering-members-by-tcp
-->
<!--
<join>
<multicast enabled="false"/>
<tcp-ip enabled="true">
<member>10.10.1.1:5701</member>
<member>10.10.1.2:5701</member>
</tcp-ip>
</join>
-->
<interfaces enabled="false">
<interface>10.10.1.*</interface>
</interfaces>
<ssl enabled="false"/>
<socket-interceptor enabled="false"/>
<symmetric-encryption enabled="false">
<!--
encryption algorithm such as
DES/ECB/PKCS5Padding,
PBEWithMD5AndDES,
AES/CBC/PKCS5Padding,
Blowfish,
DESede
-->
<algorithm>PBEWithMD5AndDES</algorithm>
<!-- salt value to use when generating the secret key -->
<salt>thesalt</salt>
<!-- pass phrase to use when generating the secret key -->
<password>thepass</password>
<!-- iteration count to use when generating the secret key -->
<iteration-count>19</iteration-count>
</symmetric-encryption>
</network>
</hazelcast>

67
cluster_with_clustered_db/xmpp/3/conf/openfire.xml 100644
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9090</port>
<securePort>9091</securePort>
</adminConsole>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface></interface>
</network>
-->
<!--
One time token to gain temporary access to the admin console.
-->
<!--
<oneTimeAccessToken>secretToken</oneTimeAccessToken>
-->
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://db-1,db-2/openfire?targetServerType=primary</serverURL>
<username encrypted="true">10d847caed2654fbb1fe6cefac0f381893323ae6b5eea27d31503d5880091fca</username>
<password encrypted="true">30c1893796e0110fc4607c8b1bca0d0e54f10b270c4615d3</password>
<testSQL>select 1</testSQL>
<testBeforeUse>false</testBeforeUse>
<testAfterUse>false</testAfterUse>
<testTimeout>500</testTimeout>
<timeBetweenEvictionRuns>30000</timeBetweenEvictionRuns>
<minIdleTime>900000</minIdleTime>
<maxWaitTime>500</maxWaitTime>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>true</setup>
<fqdn>xmpp3.localhost.example</fqdn>
<clustering>
<enabled>true</enabled>
</clustering>
</jive>

66
cluster_with_clustered_db/xmpp/3/conf/security.xml 100644
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores security-related properties needed by Openfire.
You may edit this file to manage encrypted properties and
encryption configuration value. Note however that you should not
edit this file while Openfire is running, or it may be overwritten.
It is important to note that Openfire will store encrypted property
values securely "at rest" (e.g. in the database or XML), but the
values will be managed as clear text strings in memory at runtime for
interoperability and performance reasons. Encrypted property values
are not visible via the Openfire console, but they may be edited or
deleted as needed.
-->
<security>
<encrypt>
<!-- This can be set to "AES" or "Blowfish" (default) at setup time -->
<algorithm>Blowfish</algorithm>
<key>
<!--
If this is a new server setup, you may set a custom encryption key
by setting a value for the <new /> encryption key element only.
To change the encryption key, provide values for both new and old
encryption keys here. The "old" key must match the unencrypted value
of the "current" key. The server will update the existing property
values in the database, re-encrypting them using the new key. After
the encrypted properties have been updated, the new key will itself
be encrypted and re-written into this file as <current />.
Note that if the current encryption key becomes invalid, any property
values secured by the original key will be inaccessible as well.
The key value can be any string, and it will be hashed, filled, and/or
truncated to produce a compatible key for the corresponding algorithm.
Note that leading and trailing spaces will be ignored. A strong key
will contain sixteen characters or more.
<old></old>
<new></new>
-->
<current></current>
</key>
<property>
<!--
This list includes the names of properties that have been marked for
encryption. Any XML properties (from openfire.xml) that are listed here
will be encrypted automatically upon first use. Other properties
(already in the database) can be added to this list at runtime via the
"System Properties" page in the Openfire console.
-->
<name>database.defaultProvider.username</name>
<name>database.defaultProvider.password</name>
</property>
</encrypt>
<!--
Any other property defined in this file will be treated as an encrypted
property. The value (in clear text) will be encrypted and migrated into
the Openfire database during the next startup. The property name will
be added to the list of encrypted properties and the clear text value
will be removed from this file.
<foo><bar>Secr3t$tr1ng!</bar></foo>
-->
</security>

1
cluster_with_clustered_db/xmpp/3/conf/security/archive/readme.txt 100644
View File

@ -0,0 +1 @@
This directory is used as a default location in which Openfire stores backups of keystore files.

BIN
cluster_with_clustered_db/xmpp/3/conf/security/client.truststore 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/xmpp/3/conf/security/keystore 100644
View File

Binary file not shown.

BIN
cluster_with_clustered_db/xmpp/3/conf/security/truststore 100644
View File

Binary file not shown.