Networking Notes: Be Your Own IM Service Provider Pt. 2

By Michael Hall | Posted February 16, 2007

Last week we started the process of installing a Jabber server using Jive Software's open source Wildfire. We picked it because it's free, it's easy and it's really pretty good. We left off after getting the software installed, but without starting it up and without exposing it to the wider Internet.

Before we get going, one quick note: We've avoided taking the step of opening the network ports Wildfire needs to communicate with the rest of the 'net. That'll be covered once we go over all the security steps, or you can skip down to "Opening the Ports" at the bottom. Unless you have your server out on the DMZ, you won't be able to use it until you open those ports.

So to get started this week, open up a terminal, log in as root if that's how you run your system, and head back to the Wildfire install directory:

 cd /opt/wildfire/bin/extra

If you list all the files there, you should see the script you saved last week, which is called "redhat-postinstall.sh." We made a small modification to it so we could use it to properly configure a Debian system, which is what we use for Linux tutorials in this column.

At this point, if you're ready to dive in, go ahead and run that script:

# sh ./redhat-postinstall.sh

It's going to do a couple of things, including setting up a user named "jive" from which to run the server and providing you with a couple of init scripts that ensure your server will restart each time you reboot, and be restartable from a simple command.

If you ever need to remove Wildfire, the way to get it to quit starting automatically will be to look in /etc/init.d and remove the wildfired script you find there. If you change your mind again, just do the steps we listed above to restore the script.

So now you're all set to fire up Wildfire. You can do it with that init script we just installed by running the command /etc/init.d/wildfired start.

At this point, you've got a live IM server running on your Linux machine, and we need to configure it right away. All Wildfire administration is done from a simple Web interface that listens on port 9090. Point your Web browser to port 9090 on the server, something like this:

http://www.example.com:9090

You might get a connection error. That's probably because Wildfire's still starting up. If your server is on a different network from the computer you're browsing from, make sure you have the proper port forwarding rules set up. If you're on the same network, just give it a few more seconds and try again. On a reasonably speedy Athlon server with plenty of RAM, Wildfire takes me about 15 to 30 seconds to start.

Once you do connect, you'll get a setup wizard. Pick your language, then move on the next page and fill out the network information it needs. Note that for your server to be reachable from the Internet, the value in the "domain" field will need to be the fully qualified host name of your server, not its local network name.

On the third page, you're asked for database settings. Pick "embedded database," since as we noted last week, we're going for ease, not performance.

On the fourth page, you're asked for user and group profile settings. Go with "Default," unless you have an LDAP server and really know what you're doing.

On the fifth page, you can pick your administrative contact address and password. Choose wisely.

Once you complete that page, you're done with basic setup. At this point, if all you want is a Jabber server that can talk to other public, XMPP-compatible servers such as Google Talk, you're done. Skip down to "Security Considerations" for final configuration details.

We do, however, have a few more steps to cover, since we want to have not only a basic Jabber server, but we're after the capability to talk to other public IM networks such as AIM and Yahoo.

Setting Up Transports
To get a Jabber server to talk to other public IM networks, it uses something referred to as a "transport." The transport provides a gateway to the other networks. Traditionally, Jabber transports have been a little iffy both because they can be confusing for end users and because the IM services periodically change their protocols and break support for the transports.

Jive couldn't do a lot about the latter, but it did address some issues with the former by providing for easy, drop-in installation of the transport plugins. Just keep in mind that there are no guarantees the commercial networks will continue to allow access by Jabber servers. Their track record lately, though, has been pretty good.

One other caveat: Jabber clients are very uneven in their support of transports and other Jabber-specific services. I highly recommend, as mentioned last week, that unless you happen to know the client you want to use offers full Jabber support, you download and install Spark, which is a very clean, usable client with full support for Wildfire, especially its IM transports.

To get the transport plugin, visit http://www.igniterealtime.org/projects/wildfire/plugins-beta.jsp and download the file "gateway.jar." Once you have it, copy it to the directory /opt/wildfire/. Once you've copied it over, point your browser to the plugin page in Wildfire's admin console: http://example.com:9090/plugin-admin.jsp

You should see a list of available plugins, including "IM Gateway." If you see it, point your browser at http://example.com:9090/plugins/gateway/gateway-settings.jsp and check off which gateways you'd like to use. Clicking on the "Tests" option for each will run a test to make sure the server can communicate with the gateways. Clicking on "Options" will give you some choices you will not ordinarily want to change. Clicking on "Permissions" will allow you to choose who may use the gateways. I recommend "All users can register" unless you have a very specific reason to restrict access to the transports.

At this point, you will be able to use your Wildfire server to talk to other Jabber servers as well as users on public networks.

Security Considerations
There are a number of ways you can make your server more secure. From the front page of the Web interface, check out the following tabs and settings:

  • External Component Settings — These settings determine whether users from other Jabber servers are allowed to use services you provide without having accounts on your server. You might allow this sort of activity if your Google Talk-using friends want to connect to people on AIM or Yahoo using your transports. It's disabled by default, and should probably stay that way unless you have a specific purpose in mind for opening access.

  • Registration Settings — These determine how users may register. Jabber servers traditionally allow for new users to sign up through their clients instead of negotiating a Web form or signup. By default, Inband Account Reigstration is permitted. If you want to strictly limit who can use your server, this is an important one to set to "disabled."
    Also, take a look at "Restrict Login" on this page, which allows you to determine which IP ranges can connect to your server. If you're running it for a small business or organization and want to provide access only from within the company firewall, or if you're running your server strictly for use out of a home office, you should consider adjusting these settings.

  • Security Settings — Wildfire provides both plaintext and SSL-encrypted connections. The settings on this page determine which types your server will allow. If clients will be logging in to it from insecure networks (such as wireless connections at the local coffee shop, or from other public networks), you should strongly consider requiring secure connections. If you want to use Wildfire's own SSL certificates, everything will "just work." If you want to use your own, a tutorial on setting up SSL for Wildfire is available here

Setting Up Users
If you visit the "Users/Groups" tab from the Wildfire administrative Web page, you can create users and groups. We're going to leave groups alone. They're a nice feature to have, but a bit beyond what we're aiming for here. If you choose later to restrict access to public IM networks for only specific groups of users, setting up groups may come in handy.

You have another option for creating users, which is installing the plugin that allows Web-based sign-ins. This is a good choice if you want to invite others to use your server and don't want to key all their information in yourself.

To get this plugin, visit the available plugins page in the administrative Web page, which will be at http://example.com:9090/available-plugins.jsp

Look for the plugin labeled "Registration" and click on the green "plus" button on the far right. Unlike the transports plugin, which is a beta release, that's all you have to do to install this plugin, or any of the others you see on that page.

To take advantage of Web signups, visit the Users/Groups tab, then click on the "Registration Properties" link in the left sidebar. Click the checkbox that reads "Enable users to register via a Web page" and note the URL. That's where users can go to create accounts on your server.

Opening the Ports
If your server is behind a firewall or broadband router of some sort, forward the following ports to the server: 5222, 5223 and 5269. These ports are for Jabber traffic, SSL-encrypted Jabber traffic, and server-to-server communication respectively.

Setting Up IM Gateways on the Client Side
Now we have one more thing to do if you're interested in letting your server's users talk to other public IM networks like AIM or Yahoo: Configuring their clients.

For starters, they should be using Jive's Spark client, as we discussed earlier. The number of Jabber/XMPP clients that deal well with gateways and other Jabber services are few and far between. Using Spark will guarantee an optimal result. If others are using your server and are depending on you for help, make Spark the choice you'll support.

Once you've downloaded Spark and used it to connect to your Jabber server, you'll icons for the transports you enabled appear in its toolbar. Click on the icon for the service you want to use, then click on "Enter Login Information." Fill in your user name and password. At that point, you'll log in to the service through Spark and your Jabber server. Any contacts you have on that network will appear with its service icon next to right of their names. You can turn access to the service on or off by clicking the same icon you used to enter your login information and selecting "Sign Out."

Wrapping Up
And that's the basics of Wildfire. The main thing you need to know in case something ever goes wrong is that the init script we installed can control the server. If it appears to have crashed, you can enter this command as root:

/etc/init.d/wildfired restart

which will restart it.

If you need to shut it down, enter the command:

 /etc/init.d/wildfired/stop

At this point, you have all the pieces in place to start up your Jabber server. We're not going to do that this week because we don't have the time to make sure it's running securely and properly.

One more thing you can do, if you're itching for something to play with, is download the client that goes with Wildfire and supports a lot of its features better than many other Jabber clients: Spark. You can grab Spark from the download page at igniterealtime.org. It's available for Windows, Mac or Linux.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date