Installation Guide
Introduction
Openfire is a powerful instant messaging (IM) and chat server that implements the XMPP protocol. This document will guide you through installing Openfire. For a full list of features and more information, please visit the Openfire website: https://www.igniterealtime.org/projects/openfire/
Note: Openfire installers do not contain a bundled Java runtime (JRE). Therefore, you must have a
JDK or JRE installed on your system. Openfire 4.3 (also 4.2 and older versions) requires Java 8. Starting
with 4.4 version Openfire also supports Java 11. Openfire 4.8 and later require Java 11 and no longer run
with older versions of Java. Openfire 4.10 requires Java 17. You can check your java version by typing
java -version
at the command line.
To complete the installation of Openfire, you'll need to perform each of the following steps:
This document also includes information on:
Installation
Windows
Select Openfire installer that is better suiting you (x86 or x64). Run the installer. The application
will be installed to C:\Program Files\Openfire
by default.
Note: On Windows systems we suggest using a service to run Openfire (read the Windows Service
section below). When using Openfire Launcher on Windows Vista or newer with UAC protection enabled, it
has to be run with Run as administrator option, to be able to write changes to config and embedded
database (if used) stored in C:\Program files\Openfire\
folder. If Openfire is running via
the launcher without the 'Run as administrator' option from Program files, it can't get proper
permissions to write changes. It shows errors (in red) when running the launcher and during the setup
will require the current password for the administrator account (although this is a new installation.
Normally it doesn't ask for it). This is an effect of missing permissions and Openfire not being able to
initialize the database and other resources.
Since 4.1.5 Openfire installs and runs the service automatically (also opens the browser and loads the web setup page). The launcher (if one wants to use it) is also made to run in elevated mode, so one don't need to run it as administrator manually. But you shouldn't use the launcher, if the service is running. Because this will create a conflict.
Linux
Choose one of the provided installers (x86 or x64, rpm, deb or tar.gz).
If using rpm, run it using your package manager to install Openfire to /opt/openfire
:
rpm -ivh openfire_X_Y_Z.rpm
If using deb, run it to install Openfire to /usr/share/openfire
:
dpkg -i openfire_X_Y_Z.deb
If using the tar.gz, extract the archive to /opt
or /usr/bin
:
tar -xzvf openfire_X_Y_Z.tar.gz
mv openfire /opt
macOS
Install Openfire using dmg installer. This should install Openfire into /usr/local/openfire
.
Then you can run it via cmd or with the launcher.
Setup Overview
Files in the Distribution
The files in your distribution should be as follows (some subdirectories omitted for brevity):
- The
conf
directory is where Openfire stores configuration files. - The
bin
directory contains the server executables. Depending on which distribution you installed, different executables will be available. - The
jre
directory contains a Java runtime that is bundled with the Windows and RPM versions of Openfire. - The
lib
directory contains libraries necessary for running Openfire. - The
plugins
directory contains server plugins. By default, Openfire ships with a web-based admin console plugin and a search plugin. - The
resources/database
directory contains SQL schema files to create new Openfire databases, as well as upgrade scripts for existing installations. - The
resources/security
directory is where Openfire maintains keystores to support SSL connection security. - The
documentation
directory contains server documentation.
Setup the Database
Openfire can store its data in an embedded database or you can choose to use an external database such as MySQL or Oracle. If you would like to use an external database, you must prepare it before proceeding with installation. View the database setup documentation for more information.
Setup the Server
A web-based, "wizard" driven setup and configuration tool is built into Openfire. Simply launch Openfire (platform-specific instructions below) and use a web browser to connect to the admin console. The default port for the web-based admin console is 9090. If you are on the same machine as Openfire, the following URL will usually work: http://127.0.0.1:9090. Windows Server administrators might need to add the http://127.0.0.1 address to browser's Trusted Sites list, if Enhanced Security Configuration is enabled, to prevent getting a blank screen.
As a security measure, the Openfire administration console is by default, only accessible from the server
itself ("localhost"). Openfire can be reconfigured to also allow this to become accessible from a remote
computer using LAN IP address instead or hostname if it is resolvable by the remote computer. To do so,
modify the openfire.xml
configuration file, and remove the line that holds the
interface
definition (or adjust it to an appropriate interface definition).
After initial setup has been performed, access lists based on IP addresses and ranges can be configured for fine-grained control of access to the Admin Console. This configuration can be found on the page called "Admin Console Access" (under the "Server" / "Server Manager" tab).
Autosetup
As an alternative to the web-based "wizard" driven setup described above, Openfire can be configured by
provisioning it with a specially crafted openfire.xml
file.
If <setup>true<>/setup>
does not exist in openfire.xml
(i.e. setup is not
complete), and a block does exist called <autosetup>
with a <run>true</run>
property inside it, that looks like this:
Then setup will be run on first launch, and the <autosetup/>
section will be deleted from
openfire.xml
Note that autosetup provides fewer options to setup Openfire as compared to using the setup wizard.
Admin Console
After completing the above steps, Openfire will be configured through, and you can use the web-based admin console to administer the server. The URL should be the same as you used to setup the server unless you changed the port during the setup.
Running Openfire on Windows
Since 4.1.5 version Openfire automatically installs and runs the service (and opens the browser with the web
setup page). But you can also use the launcher, if you need to (service has to be stopped before running the
launcher). If you used the Openfire installer, a shortcut for starting the graphical launcher is provided in
your Start Menu. Otherwise, run openfire.exe in the bin/
directory of your Openfire
installation. A button on the launcher allows you to automatically open your web browser to the correct URL
to finish setting up the server: http://127.0.0.1:9090
Windows Service
As of 4.1.5 Openfire installs the service automatically. But if you are using older version or want to
reinstall the service, you can use the openfire-service.exe
executable in the
bin
directory of the installation to install or uninstall the service.
From a console window, you can run the following commands:
openfire-service /install
- installs the service.
openfire-service /uninstall
- uninstalls the service.
openfire-service /start
- starts the service
openfire-service /stop
- stops the service.
You can also use the Services tool in the Windows Control Panel to start and stop the service.
Note: the graphical launcher is not compatible with the Windows service. If you install the service, you should use service controls as described above to control the server rather than the graphical launcher.
Upgrading Note: you should stop Openfire service before running the installer to upgrade to the newer version. Starting with 4.1.5 version Openfire will automatically stop and reinstall the service when upgrading with the installer.
Custom Parameters
Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime
environment of Openfire. You can do this by creating a openfire.vmoptions
file in the
bin/
directory of your Openfire installation. For the Windows service, you'd create a new
text file called openfire-service.vmoptions
.
Each parameter to the VM should be on a new line of the file. For example, to set the minimum heap size to 512 MB and max VM heap size to 1024 MB, you'd use:
-Xms512m
-Xmx1024m
To create parameters for the normal launcher, create a file called openfired.vmoptions
(since the openfire.exe launcher invokes the openfired.exe executable to actually start the server).
Running Openfire in Linux/Unix
If you are running on a Red Hat or Red Hat like system (CentOS, Fedora, etc.), we recommend using the RPM
distributable, as it contains some custom handling of the standard Red Hat like environment. Assuming that
you have used the RPM, you can start and stop Openfire using the /etc/init.d/openfire
script.
# /etc/init.d/openfire
Usage /etc/init.d/openfire {start|stop|restart|status|condrestart|reload}
# /etc/init.d/openfire start
Starting openfire:
If you are running on a different Linux/Unix variant, and/or you have used the .tar.gz 'installer', you can
start and stop Openfire using the bin/openfire
script in your Openfire installation:
# ./openfire
Usage: ./openfire {start|stop}
# ./openfire start
Starting openfire
If you would like to install Openfire as a service, two scripts are provided in the bin/extra
directory:
redhat-postinstall.sh
-- automatically installs Openfire as a service on Red Hat. It does so by creating a "jive" user and then copying the openfired script to your init.d directory. This script must be run as root. Please see the comments in the script for additional information.openfired
-- script to run Openfire as a service. You must manually configure this script. See the comments in the script for additional details.
It is not recommended that you use either of these scripts if you installed via RPM. The RPM has already taken care of what these scripts take care of.
Custom Parameters
Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime
environment of Openfire. If you installed via RPM, you can customize this by editing
/etc/sysconfig/openfire
and looking at the OPENFIRE_OPTS option. If you installed via
.tar.gz, you will need to tweak your startup script to fit your needs.
Plugins
Plugins add additional features and protocol support to Openfire. After setting up your Openfire installation, you may want to download and install plugins to enhance your server. Plugins can be downloaded from the plugins page on igniterealtime.org or directly inside the administration console.
Installing Plugins
If you download a plugin from inside the Openfire administration console, it will automatically
be installed. If you manually download the plugin (packaged as a .jar file), you can deploy it
by copying the plugin file to the plugins/
directory of your Openfire installation. A
plugin monitor will automatically extract the plugin into a directory and install the plugin in Openfire.
You may also use the "upload plugin" feature in the admin console (under the Plugins tab) to load
a plugin from your local file system to the server.
Note: For nearly all plugins, a restart of the Openfire server software is not required. You should be able to install and remove plugins on-demand without impacting Openfire.
Managing Plugins
Plugins can be managed inside the Openfire admin console. You can also manually delete a plugin at any time by deleting its JAR file (Openfire will automatically remove the plugin from memory and delete its directory when you do so).
Firewall
Server's administrator should open TCP ports 5222
and 5223
for incoming
connections for XMPP clients to be able to connect to Openfire.
For secure BOSH / (HTTP-bind) and websocket-based client connections ensure that TCP port 7443
is reachable. The unencrypted port equivalent for this port (which uses HTTP instead of HTTPS, or WS instead
of WSS) is 7070
. We recommend only using encrypted connections on port 7443
.
For server to server connections one should also open ports TCP 5269
and 5270
.
As a general rule, the Openfire Admin Console should not be exposed to the general internet. However, an
administrator can choose to open TCP 9090
(for HTTP) and TCP 9091
(for HTTPS), if
there is a need to remotely administrate Openfire connecting to its Admin Console. We recommend only using
9091
port as it is an encrypted connection, and we strongly recommend limiting access to a
curated list of known, trusted network addresses, if any.
Port number can be different, if the default configuration has been changed by an administrator. Additional ports may also be in use by Openfire or by plugins to provide additional features. The full list of ports used by Openfire can be found on the first page of Admin Console in the Server Ports section.