Openfire
/
openfire-docker-compose
mirror of https://github.com/surevine/openfire-docker-compose.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add proxy configuration

pull/51/head
Dan Caseley 2022-08-04 23:23:28 +01:00
parent 83b84af000
commit dc3c01aa89
12 changed files with 1644 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
proxy/README.md 100644
View File

@ -0,0 +1,56 @@
# Proxy configuration
Running `./start.sh` will perform some cleanup then start the containers with an optional proxy.
When running, the system looks like this:
```
+--------------------------+
| |
| 172.60.0.99 |
| +--------+ |
(XMPP-C2S) 55222 -| | | |
(XMPP-S2S) 55269 -|------| Nginx + |
(HTTP-Admin) 59090 -| | | |
(BOSH) 57070 -| +----+---+ |
| | |
| | |
| 172.60.0.10 |
| +--------+ |
(XMPP-C2S) 5222 -| | | |
(XMPP-S2S) 5269 -|------| XMPP 1 + |
(HTTP-Admin) 9090 -| | | |
(BOSH) 7070 -| +----+---+ |
| | |
| | |
| +---+--+ |
| | | |
(Database) 5432 -|-------| DB + |
| | | |
| +------+ |
| 172.60.0.11 |
| |
+-----172.60.0.0/24--------+
```
Openfire is configured with the following XMPP domain:
* `xmpp.localhost.example`
Openfire is configured with the following FQDN:
* `xmpp1.localhost.example`
The following users are configured:
* `admin` `admin`
* `user1` `password`
* `user2` `password`
The following MUC rooms are configured:
* `muc1`
* `muc2`
## Network
The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24`.

69
proxy/docker-compose.yml 100644
View File

@ -0,0 +1,69 @@
version: '3.7'
services:
db:
image: library/postgres:9.6.24-alpine
ports:
- "5432:5432"
environment:
- "POSTGRES_DB=openfire"
- "POSTGRES_USER=openfire"
- "POSTGRES_PASSWORD=hunter2"
volumes:
- ./sql:/docker-entrypoint-initdb.d
networks:
openfire-net:
ipv4_address: 172.60.0.11
proxy:
image: nginx:stable
ports:
- "55222:55222"
- "55269:55269"
- "55270:55270"
- "57070:57070"
- "57443:57443"
- "59090:59090"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
networks:
openfire-net:
ipv4_address: 172.60.0.99
xmpp:
image: "openfire:${OPENFIRE_TAG}"
ports:
- "5222:5222"
- "5269:5269"
- "7070:7070"
- "7443:7443"
- "9090:9090"
depends_on:
- "db"
volumes:
- ./_data/xmpp/conf:/var/lib/openfire/conf
- ./_data/plugins:/opt/plugins
- ../_common/wait-for-it.sh:/wait-for-it.sh
command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"]
networks:
openfire-net:
ipv4_address: 172.60.0.10
extra_hosts:
- "xmpp1.localhost.example:172.60.0.10"
- "conference.xmpp1.localhost.example:172.60.0.10"
dozzle:
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 9999:8080
networks:
openfire-net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.60.0.0/24

73
proxy/nginx/nginx.conf 100644
View File

@ -0,0 +1,73 @@
# error_log stdout debug;
stream {
upstream xmpp {
server 172.60.0.10:5222;
}
server {
listen 55222;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 12h; # Set this lower to be more flappy
proxy_pass xmpp;
}
upstream bosh {
server 172.60.0.10:7070;
}
server {
listen 57070;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 12h; # Set this lower to be more flappy
proxy_pass bosh;
}
upstream boshs {
server 172.60.0.10:7443;
}
server {
listen 57443;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass boshs;
}
upstream s2s {
server 172.60.0.10:5269;
}
server {
listen 55269;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 1m;
proxy_pass s2s;
}
upstream s2slegacy {
server 172.60.0.10:5270;
}
server {
listen 55270;
tcp_nodelay on;
proxy_connect_timeout 10s;
proxy_timeout 1m;
proxy_pass s2slegacy;
}
}
http {
server {
listen 59090;
tcp_nodelay on;
proxy_connect_timeout 10s;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.60.0.10:9090;
}
}
}
events {}

BIN
proxy/plugins/jsxc.jar 100644
View File

Binary file not shown.

1256
proxy/sql/openfire.sql 100644
View File

File diff suppressed because it is too large Load Diff

56
proxy/start.sh 100755
View File

@ -0,0 +1,56 @@
#!/bin/bash
usage() { echo "Usage: $0 [-n openfire-tag] [-h]
-n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env
-h Show this helpful information
"; exit 0; }
PROJECT="openfire"
COMPOSE_FILE_COMMAND=("docker" "compose")
COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env")
COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT")
# Where is this script? It could be called from anywhere, so use this to get full paths.
SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )"
source "$SCRIPTPATH/../_common/functions.sh"
check_deps
while getopts n:h o; do
case "$o" in
n)
if [[ $OPTARG =~ " " ]]; then
echo "Docker tags cannot contain spaces"
exit 1
fi
echo "Using Openfire tag: $OPTARG"
export OPENFIRE_TAG="$OPTARG"
;;
h)
usage
;;
*)
usage
;;
esac
done
echo "Starting a simple environment."
COMPOSE_FILE_COMMAND+=("-f" "docker-compose.yml")
pushd "$SCRIPTPATH"
"$SCRIPTPATH"/../stop.sh
"${COMPOSE_FILE_COMMAND[@]}" pull --ignore-pull-failures
# Clean up temporary persistence data
if ! rm -rf _data; then
echo "ERROR: Failed to delete _data directory. Try with sudo, then re-run." && popd && exit 1
fi
mkdir _data
cp -r xmpp _data/
cp -r plugins _data/
"${COMPOSE_FILE_COMMAND[@]}" up -d || popd
popd

67
proxy/xmpp/conf/openfire.xml 100644
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9090</port>
<securePort>9091</securePort>
</adminConsole>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface></interface>
</network>
-->
<!--
One time token to gain temporary access to the admin console.
-->
<!--
<oneTimeAccessToken>secretToken</oneTimeAccessToken>
-->
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://db:5432/openfire</serverURL>
<username encrypted="true">10d847caed2654fbb1fe6cefac0f381893323ae6b5eea27d31503d5880091fca</username>
<password encrypted="true">30c1893796e0110fc4607c8b1bca0d0e54f10b270c4615d3</password>
<testSQL>select 1</testSQL>
<testBeforeUse>false</testBeforeUse>
<testAfterUse>false</testAfterUse>
<testTimeout>500</testTimeout>
<timeBetweenEvictionRuns>30000</timeBetweenEvictionRuns>
<minIdleTime>900000</minIdleTime>
<maxWaitTime>500</maxWaitTime>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>true</setup>
<fqdn>xmpp1.localhost.example</fqdn>
<clustering>
<enabled>true</enabled>
</clustering>
</jive>

66
proxy/xmpp/conf/security.xml 100644
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores security-related properties needed by Openfire.
You may edit this file to manage encrypted properties and
encryption configuration value. Note however that you should not
edit this file while Openfire is running, or it may be overwritten.
It is important to note that Openfire will store encrypted property
values securely "at rest" (e.g. in the database or XML), but the
values will be managed as clear text strings in memory at runtime for
interoperability and performance reasons. Encrypted property values
are not visible via the Openfire console, but they may be edited or
deleted as needed.
-->
<security>
<encrypt>
<!-- This can be set to "AES" or "Blowfish" (default) at setup time -->
<algorithm>Blowfish</algorithm>
<key>
<!--
If this is a new server setup, you may set a custom encryption key
by setting a value for the <new /> encryption key element only.
To change the encryption key, provide values for both new and old
encryption keys here. The "old" key must match the unencrypted value
of the "current" key. The server will update the existing property
values in the database, re-encrypting them using the new key. After
the encrypted properties have been updated, the new key will itself
be encrypted and re-written into this file as <current />.
Note that if the current encryption key becomes invalid, any property
values secured by the original key will be inaccessible as well.
The key value can be any string, and it will be hashed, filled, and/or
truncated to produce a compatible key for the corresponding algorithm.
Note that leading and trailing spaces will be ignored. A strong key
will contain sixteen characters or more.
<old></old>
<new></new>
-->
<current></current>
</key>
<property>
<!--
This list includes the names of properties that have been marked for
encryption. Any XML properties (from openfire.xml) that are listed here
will be encrypted automatically upon first use. Other properties
(already in the database) can be added to this list at runtime via the
"System Properties" page in the Openfire console.
-->
<name>database.defaultProvider.username</name>
<name>database.defaultProvider.password</name>
</property>
</encrypt>
<!--
Any other property defined in this file will be treated as an encrypted
property. The value (in clear text) will be encrypted and migrated into
the Openfire database during the next startup. The property name will
be added to the list of encrypted properties and the clear text value
will be removed from this file.
<foo><bar>Secr3t$tr1ng!</bar></foo>
-->
</security>

1
proxy/xmpp/conf/security/archive/readme.txt 100644
View File

@ -0,0 +1 @@
This directory is used as a default location in which Openfire stores backups of keystore files.

BIN
proxy/xmpp/conf/security/client.truststore 100644
View File

Binary file not shown.

BIN
proxy/xmpp/conf/security/keystore 100644
View File

Binary file not shown.

BIN
proxy/xmpp/conf/security/truststore 100644
View File

Binary file not shown.