diff --git a/build/debian/openfire.default b/build/debian/openfire.default index 378d14d212..6dc6485795 100644 --- a/build/debian/openfire.default +++ b/build/debian/openfire.default @@ -1,11 +1,3 @@ -# Defaults for openfire initscript -# sourced by /etc/init.d/openfire -# installed at /etc/default/openfire by the maintainer scripts - -# -# This is a POSIX shell fragment -# - # If you wish to override the auto-detected JAVA_HOME variable, uncomment # and change the following line. #JAVA_HOME=/usr/java/default diff --git a/build/debian/openfire.dirs b/build/debian/openfire.dirs index 41058b4a04..cbfc0b3f31 100644 --- a/build/debian/openfire.dirs +++ b/build/debian/openfire.dirs @@ -1,4 +1,5 @@ /etc/openfire +/usr/share/openfire/bin /usr/share/openfire/lib /usr/share/openfire/resources /var/log/openfire diff --git a/build/debian/openfire.init.d b/build/debian/openfire.init.d index 3fafa06165..97cf0a2cca 100644 --- a/build/debian/openfire.init.d +++ b/build/debian/openfire.init.d @@ -47,6 +47,7 @@ test -x $JAVA || exit 1 DAEMON_OPTS="$DAEMON_OPTS -server -DopenfireHome=${DAEMON_DIR} \ -Dlog4j.configurationFile=${DAEMON_LIB}/log4j2.xml \ -Dlog4j2.formatMsgNoLookups=true \ + -Djdk.tls.ephemeralDHKeySize=matched -Djsse.SSLEngine.acceptLargeFragments=true -Djava.net.preferIPv6Addresses=system \ -Dopenfire.lib.dir=${DAEMON_LIB} -classpath ${DAEMON_LIB}/startup.jar\ -jar ${DAEMON_LIB}/startup.jar" diff --git a/build/debian/openfire.install b/build/debian/openfire.install index 03648eb6cc..18d9faa7c0 100644 --- a/build/debian/openfire.install +++ b/build/debian/openfire.install @@ -1,3 +1,4 @@ +bin/openfire.sh /usr/share/openfire/bin lib/*.jar usr/share/openfire/lib lib/log4j2.xml etc/openfire resources/database usr/share/openfire/resources @@ -5,3 +6,4 @@ conf/openfire.xml etc/openfire conf/security.xml etc/openfire resources/security etc/openfire plugins var/lib/openfire +dist/* / diff --git a/build/debian/openfire.postinst b/build/debian/openfire.postinst index d54e3f710c..b97add29e7 100644 --- a/build/debian/openfire.postinst +++ b/build/debian/openfire.postinst @@ -1,23 +1,7 @@ #! /bin/sh set -e -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package -# -# quoting from the policy: -# Any necessary prompting should almost always be confined to the -# post-installation script, and should be protected with a conditional -# so that unnecessary prompting doesn't happen if a package's -# installation fails and the `postinst' is called with `abort-upgrade', -# `abort-remove' or `abort-deconfigure'. +# See https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html case "$1" in configure) diff --git a/build/debian/openfire.postrm b/build/debian/openfire.postrm index 8a2d21ec67..20966ea786 100644 --- a/build/debian/openfire.postrm +++ b/build/debian/openfire.postrm @@ -5,18 +5,7 @@ set -e -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' overwrit>r> -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - +# See https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html case "$1" in purge) diff --git a/distribution/src/assembly/basic-distribution.xml b/distribution/src/assembly/basic-distribution.xml index 7f1e1cfdd1..f36c43d451 100644 --- a/distribution/src/assembly/basic-distribution.xml +++ b/distribution/src/assembly/basic-distribution.xml @@ -119,6 +119,11 @@ true + + + ${project.basedir}/src/dist + dist + diff --git a/distribution/src/bin/openfire.sh b/distribution/src/bin/openfire.sh index 4d365b5a3d..659624f9dd 100644 --- a/distribution/src/bin/openfire.sh +++ b/distribution/src/bin/openfire.sh @@ -1,82 +1,95 @@ #!/bin/sh - -# -# - # tries to determine arguments to launch openfire -# OS specific support. $var _must_ be set to either true or false. -cygwin=false; -darwin=false; -linux=false; -case "`uname`" in - CYGWIN*) cygwin=true ;; - Darwin*) darwin=true - if [ -z "$JAVA_HOME" ] ; then - JAVA_HOME=/usr/libexec/java_home - fi - ;; - Linux*) linux=true - if [ -z "$JAVA_HOME" ]; then - shopt -s nullglob - jdks=`ls -r1d /usr/java/j* /usr/lib/jvm/* 2>/dev/null` - for jdk in $jdks; do - if [ -f "$jdk/bin/java" ]; then - JAVA_HOME="$jdk" - break - fi - done - fi - ;; +# shellcheck disable=SC2166 + +# OS specific support +cygwin=false +darwin=false +linux=false +case "$(uname)" in + CYGWIN*) + cygwin=true + ;; + Darwin*) + darwin=true + ;; + Linux*) + linux=true + ;; esac +if [ -z "$JAVA_HOME" ] ; then + echo "JAVA_HOME is empty, trying to find it" + if $darwin ; then + JAVA_HOME=/usr/libexec/java_home + fi + if $linux; then + JAVA_HOME=$(LC_ALL=C update-alternatives --display java \ + | grep best \ + | grep -oe "\/.*\/bin\/java" \ + | sed 's/\/bin\/java//g') + if [ -z "$JAVA_HOME" ] ; then + echo "Unable to get preferred JAVA_HOME from java alternative" + # shellcheck disable=SC2039 + shopt -s nullglob + jdks=$(ls -r1d /usr/java/j* /usr/lib/jvm/* 2>/dev/null) + for jdk in $jdks; do + if [ -f "$jdk/bin/java" ]; then + JAVA_HOME="$jdk" + break + fi + done + fi + fi + echo "JAVA_HOME is set to $JAVA_HOME" +fi + #if openfire home is not set or is not a directory if [ -z "$OPENFIRE_HOME" -o ! -d "$OPENFIRE_HOME" ]; then - - if [ -d /opt/openfire ] ; then - OPENFIRE_HOME="/opt/openfire" - fi - - if [ -d /usr/local/openfire ] ; then - OPENFIRE_HOME="/usr/local/openfire" - fi - - if [ -d ${HOME}/opt/openfire ] ; then - OPENFIRE_HOME="${HOME}/opt/openfire" - fi - - #resolve links - $0 may be a link in openfire's home - PRG="$0" - progname=`basename "$0$"` - - # need this for relative symlinks - - # need this for relative symlinks - while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi - done - - #assumes we are in the bin directory - OPENFIRE_HOME=`dirname "$PRG"`/.. - - #make it fully qualified - OPENFIRE_HOME=`cd "$OPENFIRE_HOME" && pwd` + echo "OPENFIRE_HOME is empty, trying to find it" + if [ -d /opt/openfire ] ; then + OPENFIRE_HOME="/opt/openfire" + fi + + if [ -d /usr/local/openfire ] ; then + OPENFIRE_HOME="/usr/local/openfire" + fi + + if [ -d "${HOME}/opt/openfire" ] ; then + OPENFIRE_HOME="${HOME}/opt/openfire" + fi + + #resolve links - $0 may be a link in openfire's home + PRG="$0" + + # need this for relative symlinks + while [ -h "$PRG" ] ; do + ls=$(ls -ld "$PRG") + link=$(expr "$ls" : '.*-> \(.*\)$') + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=$(dirname "$PRG")"/$link" + fi + done + + #assumes we are in the bin directory + OPENFIRE_HOME=$(dirname "$PRG")/.. + + #make it fully qualified + OPENFIRE_HOME=$(cd "$OPENFIRE_HOME" && pwd) + echo "OPENFIRE_HOME is set to $OPENFIRE_HOME" fi OPENFIRE_OPTS="${OPENFIRE_OPTS} -DopenfireHome=\"${OPENFIRE_HOME}\"" # For Cygwin, ensure paths are in UNIX format before anything is touched if $cygwin ; then - [ -n "$OPENFIRE_HOME" ] && - OPENFIRE_HOME=`cygpath --unix "$OPENFIRE_HOME"` - [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$OPENFIRE_HOME" ] && + OPENFIRE_HOME=$(cygpath --unix "$OPENFIRE_HOME") + [ -n "$JAVA_HOME" ] && + JAVA_HOME=$(cygpath --unix "$JAVA_HOME") fi #set the OPENFIRE_LIB location @@ -85,87 +98,86 @@ OPENFIRE_OPTS="${OPENFIRE_OPTS} -Dopenfire.lib.dir=\"${OPENFIRE_LIB}\"" # Override with bundled jre if it exists. if [ -f "$OPENFIRE_HOME/jre/bin/java" ]; then - JAVA_HOME="$OPENFIRE_HOME/jre" - JAVACMD="$OPENFIRE_HOME/jre/bin/java" + JAVA_HOME="$OPENFIRE_HOME/jre" + JAVACMD="$OPENFIRE_HOME/jre/bin/java" fi if [ -z "$JAVACMD" ] ; then - if [ -n "$JAVA_HOME" ] ; then - if [ -x "$JAVA_HOME/jre/sh/java" ] ; then - # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" - else - JAVACMD="$JAVA_HOME/bin/java" - fi - else - JAVACMD=`which java 2> /dev/null ` - if [ -z "$JAVACMD" ] ; then - JAVACMD=java - fi - fi + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD=$(which java 2> /dev/null ) + if [ -z "$JAVACMD" ] ; then + JAVACMD=java + fi + fi fi if [ ! -x "$JAVACMD" ] ; then - echo "Error: JAVA_HOME is not defined correctly." - echo " We cannot execute $JAVACMD" - exit 1 + echo "Error: JAVA_HOME is not defined correctly." + echo " We cannot execute $JAVACMD" + exit 1 fi # Note: you can combine options, eg: -devboot -debug for arguments in "$@" do -case $arguments in + echo "Option: $arguments" + case $arguments in -debug) - echo "Starting debug mode" - JAVACMD="$JAVACMD -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" - ;; + echo "Starting debug mode" + JAVACMD="$JAVACMD -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + ;; -remotedebug) - echo "Starting remote debug mode" - JAVACMD="$JAVACMD -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=\*:5005" - ;; + echo "Starting remote debug mode" + JAVACMD="$JAVACMD -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=\*:5005" + ;; -demoboot) - echo "Starting demoboot" - cp $OPENFIRE_HOME/conf/openfire-demoboot.xml $OPENFIRE_HOME/conf/openfire.xml - ;; + echo "Starting demoboot" + cp "$OPENFIRE_HOME/conf/openfire-demoboot.xml" "$OPENFIRE_HOME/conf/openfire.xml" + ;; -devboot) - HOSTNAME=$(hostname) - sed "s/example.org/$HOSTNAME/g" $OPENFIRE_HOME/conf/openfire-demoboot.xml > $OPENFIRE_HOME/conf/openfire.xml - ;; + HOSTNAME=$(hostname) + sed "s/example.org/$HOSTNAME/g" "$OPENFIRE_HOME/conf/openfire-demoboot.xml" > "$OPENFIRE_HOME/conf/openfire.xml" + ;; *) - # unknown option, pass through the Java command - JAVACMD="$JAVACMD $arguments" - ;; -esac + # unknown option, pass through the Java command + JAVACMD="$JAVACMD $arguments" + ;; + esac done JAVACMD="${JAVACMD} -Dlog4j.configurationFile=${OPENFIRE_LIB}/log4j2.xml -Dlog4j2.formatMsgNoLookups=true -Djdk.tls.ephemeralDHKeySize=matched -Djsse.SSLEngine.acceptLargeFragments=true -Djava.net.preferIPv6Addresses=system" if [ -z "$LOCALCLASSPATH" ] ; then - LOCALCLASSPATH=$OPENFIRE_LIB/startup.jar + LOCALCLASSPATH=$OPENFIRE_LIB/startup.jar else - LOCALCLASSPATH=$OPENFIRE_LIB/startup.jar:$LOCALCLASSPATH + LOCALCLASSPATH=$OPENFIRE_LIB/startup.jar:$LOCALCLASSPATH fi # For Cygwin, switch paths to appropriate format before running java if $cygwin; then - if [ "$OS" = "Windows_NT" ] && cygpath -m .>/dev/null 2>/dev/null ; then - format=mixed - else - format=windows - fi - OPENFIRE_HOME=`cygpath --$format "$OPENFIRE_HOME"` - OPENFIRE_LIB=`cygpath --$format "$OPENFIRE_LIB"` - JAVA_HOME=`cygpath --$format "$JAVA_HOME"` - LOCALCLASSPATH=`cygpath --path --$format "$LOCALCLASSPATH"` - if [ -n "$CLASSPATH" ] ; then - CLASSPATH=`cygpath --path --$format "$CLASSPATH"` - fi - CYGHOME=`cygpath --$format "$HOME"` -fi - -# add a second backslash to variables terminated by a backslash under cygwin -if $cygwin; then + if [ "$OS" = "Windows_NT" ] && cygpath -m .>/dev/null 2>/dev/null ; then + format=mixed + else + format=windows + fi + OPENFIRE_HOME=$(cygpath --$format "$OPENFIRE_HOME") + OPENFIRE_LIB=$(cygpath --$format "$OPENFIRE_LIB") + JAVA_HOME=$(cygpath --$format "$JAVA_HOME") + LOCALCLASSPATH=$(cygpath --path --$format "$LOCALCLASSPATH") + if [ -n "$CLASSPATH" ] ; then + CLASSPATH=$(cygpath --path --$format "$CLASSPATH") + fi + CYGHOME=$(cygpath --$format "$HOME") + + # add a second backslash to variables terminated by a backslash under cygwin case "$OPENFIRE_HOME" in *\\ ) OPENFIRE_HOME="$OPENFIRE_HOME\\" @@ -189,4 +201,5 @@ if $cygwin; then fi openfire_exec_command="exec $JAVACMD -server $OPENFIRE_OPTS -classpath \"$LOCALCLASSPATH\" -jar \"$OPENFIRE_LIB/startup.jar\"" +# shellcheck disable=SC2086 eval $openfire_exec_command diff --git a/distribution/src/dist/etc/ufw/applications.d/openfire b/distribution/src/dist/etc/ufw/applications.d/openfire new file mode 100644 index 0000000000..0617f5c65f --- /dev/null +++ b/distribution/src/dist/etc/ufw/applications.d/openfire @@ -0,0 +1,39 @@ +[Openfire C2S] +title=Openfire XMPP Server - Client to Server (C2S) connections +description=Allow for XMPP clients to connect to the server and also use File Transfers +ports=5222|5223|8010|7777 + +[Openfire Web] +title=Openfire XMPP Server - Web Binding for WebSocket and BOSH +description=Allow for XMPP web clients to connect to the server +ports=7070|7443 + +[Openfire S2S] +title=Openfire XMPP Server - Server to Server (S2S) connections +description=This allows users from your server to talk with users from other servers in internet (federation). If your server used for internal company communication you should disable this. +ports=5269|5270 + +[Openfire External Components] +title=Openfire XMPP Server - External Components +description=This allows to connect for XEP-0114 Jabber Component Protocol +ports=5275|5276 + +[Openfire Proxy] +title=Openfire XMPP Server - TURN Proxy and STUN server +description=This allows users to use calls and file transfer between each others when they are behind NAT. +ports=3478|5349 + +[Openfire Connection Manager] +title=Openfire XMPP Server - Connection Manager +description=Openfire Connection Manager improves the scalability of server by handling a portion of the client connections +ports=5262|5263 + +[Openfire Admin Console] +title=Openfire XMPP Server - Admin Console +description=You can manage the XMPP server from a web admin console +ports=9090|9091 + +[Openfire Full] +title=Openfire XMPP Server - All components (C2S + S2S + External Components + Proxy + Connection Manager + Admin Console) +description=Open all ports that are exposed by the Openfire +ports=5222|5223|8010|7777|7070|7443|5269|5270|5275|5276|3478|5349|5262|5263|9090|9091 diff --git a/distribution/src/dist/usr/lib/systemd/system/openfire.service b/distribution/src/dist/usr/lib/systemd/system/openfire.service new file mode 100644 index 0000000000..8a7fb98be5 --- /dev/null +++ b/distribution/src/dist/usr/lib/systemd/system/openfire.service @@ -0,0 +1,26 @@ +[Unit] +Description=Openfire XMPP Server +After=network.target + +[Service] +User=openfire +Group=openfire +EnvironmentFile=-/etc/default/openfire +Type=simple +WorkingDirectory=/usr/share/openfire/ +ExecStart=/bin/bash -c '/usr/share/openfire/bin/openfire.sh ${DAEMON_OPTS}' +Restart=on-failure +RuntimeDirectory=openfire + +# Specify resource limits in the slice +Slice=openfire.slice +# We expect a lot of connections from many clients so increase limit of file descriptiors +LimitNOFILE=50000 +# The Openfire is less important for CPU than system vital services +Nice=5 +# If not enough RAM then kill the Openfire first to preserve system vital services +OOMScoreAdjust=-100 + +[Install] +WantedBy=multi-user.target +Alias=xmpp.service diff --git a/distribution/src/dist/usr/lib/systemd/system/openfire.slice b/distribution/src/dist/usr/lib/systemd/system/openfire.slice new file mode 100644 index 0000000000..eef22a5749 --- /dev/null +++ b/distribution/src/dist/usr/lib/systemd/system/openfire.slice @@ -0,0 +1,5 @@ +[Slice] +#MemoryAccounting=yes +#MemoryMax=95% +#CPUQuota=95% +#CPUAccounting=yes diff --git a/xmppserver/src/main/webapp/setup/index.jsp b/xmppserver/src/main/webapp/setup/index.jsp index 95a084dfb7..bfb92006dc 100644 --- a/xmppserver/src/main/webapp/setup/index.jsp +++ b/xmppserver/src/main/webapp/setup/index.jsp @@ -43,12 +43,9 @@ boolean openfireHomeExists = false; Path openfireHome = null; - // Check for JRE 1.8 - try { - String version = System.getProperty("java.version"); - jreVersionCompatible = Integer.parseInt(version.split("\\.")[0]) >= 11; - } - catch (Throwable t) {} + // Check for min JRE requirement + Runtime.Version MIN_JAVA_VERSION = Runtime.Version.parse("11"); + jreVersionCompatible = MIN_JAVA_VERSION.compareTo(Runtime.version()) <= 0; // Check for Servlet 2.3: try { Class c = ClassUtils.forName("javax.servlet.http.HttpSession");