Tigase XMPP Server Board

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 08:34

Hi,

I have changed the

bosh-ports=5280,5281

to

bosh/connections/ports=5280,5281

then restarted the server, still I am getting the Connection refused error. Even on the Pidgin client instead of SSL Handshake error, now I am getting SSL Connection failed error.

So I am reverting back the properties as shown below No [i],[s] types mentioned at the error, can you please verify these parameters if any mistake is there?

--bosh-ports=5280,5281
--bosh/connections/5281/socket=ssl
--bosh/connections/5281/type=accept

Regards
Khaleel

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 08:24

Hi

I have the properties mentioned with preceding -- characters as shown below, no spaces exists

--bosh-ports=5280,5281
--bosh/connections/5281/socket=ssl
--bosh/connections/5281/type=accept

I have removed the -- at the beginning to the above three parameters and restarted the server.
Now the openssl is not opening any connection, I am getting below error

[ec2-user@ip-10-146-138-237 certs]$ openssl s_client -connect 54.255.71.55:5281
socket: Connection refused
connect:errno=111

Regards
Khaleel

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 08:10

Can you check that Tigase is in fact listening on 5281 port? Make sure there are no spaces in the configuration, that is:
bosh/connections/ports=5280,5281

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 08:03

Hi,

I have copied the 54.255.71.55.pem to default.pem and the stopped the server and restarted. Still I am getting SSL Handshak fail error.

When I do the openssl s_client -connect 54.255.71.55:5281 , I am getting below response.

CONNECTED
139994109458248:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Regards
Khaleel

Categories: Tigase Forums

Tigase server development: RE: xmpp-server cluster problem

Wed, 10/29/2014 - 07:48

There is no need to specify nodes at all - you simply enable cluster mode with:
--cluster-mode = true
and that's enough.

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 07:48

Hasn't certs/default.pem been generated after bosh connection? Please try to copy 54.255.71.55.pem to default.pem, restart the server and try again with openssl

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 07:29

Hi,
My observations are:
1. When the Tigase server is down then get error response to the command " openssl s_client -connect 54.255.71.55:5281" below
socket: Connection refused
connect:errno=111

2. When the Tigase server is up then I get the below response to the above command, so I guess the PORT is open and functioning well.

CONNECTED
140349342308168:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

3. I have deleted all the .pem files and restarted the server, then I try to connect from Pidgin client with a user over the normal socket connection on 5222 port, user connected successfully. and a certificate with my domain ip pem (54.255.71.55.pem) generated.

4. Now if I try to connect from Pidgin tool using the BOSH URL "https://54.255.71.55:5281/http-bind" then the response is SSL Handshake is failed error.

Log files are attached.

Could you please help what could be the issue.

Regards
Khaleel

Categories: Tigase Forums

Tigase server development: RE: xmpp-server cluster problem

Wed, 10/29/2014 - 06:51

I Use Version 5.2.1,Can you give me a cluster node configuration standardexamples?

thank you !

At 2014-10-29 21:03:24, wrote:

Categories: Tigase Forums

Tigase server development: RE: xmpp-server cluster problem

Wed, 10/29/2014 - 06:37

I Use Version 5.2.1,Can you give me a cluster node configuration standard examples?

thank you !

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 06:12

Khaleel Shaik wrote:

Why this certificate is not being used by BOSH and enabling the SSL connectivity?

Where have you copied the certificate? What is the filename? Are there any exceptions in the logs (logs/tigase-console.log) when loading the certificate?

How I can generate a new self signed certificate by Tigase server itself, so that I can replace the new certificate?

Tigase should generate self-signed certificate on it's own.

Categories: Tigase Forums

Tigase server development: RE: Tigase 5.2.1 cluster mode will recieve two same message

Wed, 10/29/2014 - 06:09

The issue has been fixed some time ago and nightly builds already contain it - http://build.tigase.org/nightlies/dists/

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 06:09

Hi,

Thanks for the reply.
I have configured below three parameters in init properties file

bosh/connections/ports=5280, 5281
bosh/connections/5281/socket=ssl
bosh/connections/5281/type=accept

but the response when I try to connect from the client is over the BOSH is handshake failure.
And even the openssl s_client command says no certificates found. I have copied the CA certificate in the certs folder.
Why this certificate is not being used by BOSH and enabling the SSL connectivity?
How I can generate a new self signed certificate by Tigase server itself, so that I can replace the new certificate?

Regards
Khaleel

Categories: Tigase Forums

Tigase server development: RE: xmpp-server cluster problem

Wed, 10/29/2014 - 06:03

wenming gao wrote:

Init.properties file as follows:

--cluster-mode = true
--cluster-connect-all = true
--cluster-nodes = bx_15_108:5222, zw_34_109:5222, zw_34_110:5222
--sm-cluster-strategy-class =
tigase.cluster.strategy.OnlineUsersCachingStrategy

Which Tigase version do you use? With version 5.2.x there is clustering auto-discovery hence you don't need to specify list of cluster nodes. Apart from that port that you specified in the configuration is wrong.

When you see the message duplication - are both users connected to the same node or to different nodes?

Categories: Tigase Forums

Tigase server administration: RE: Tigase BOSH Secure Connections

Wed, 10/29/2014 - 05:56

Khaleel Shaik wrote:

Hi When I do the below command, I can see the CA certificate properly. But the port is 443, Do I need to set my BOSH SSH port to 443 instead of 5281?

If you configured Tigase to listen for ssl bosh connections on 5281 then you have to connect to this port. If you tried 443 then you connected to something different

Categories: Tigase Forums

Tigase server development: RE: getComponentId() issue

Wed, 10/29/2014 - 00:43

I'm updating this threwad in case someone is having the same issue:

Artur Hefczyc said:

The start() method is called only to start/initialize components' own data and mechanisms. All components start/can start at the same time concurrently, so there can be no dependency on any other component or assumption that something else is already initialized.
If you need to do something when the whole server started up and all other components are initialized, you can use initializationCompleted() method, which is called when the server is basically ready to process user's data. There are 2 remarks for this however:

  1. The method initializationCompleted() really means that initialization is completed, even for your component. This really means that at this point the component must be ready to accept data for processing. Therefore, this method can be only used for some "post-initialization" actions or initialization of elements on which stanza processing does not depends.
  2. The getDefVHostItem() is actually different from everything else. Hostname information is taken from DNS system which may take long time. It is executed on a separate thread, so the time when the real hostname is available to the system depends how quickly DNS system can obtain this information.

(copied from the bug report and re-formatted)

Thanks for the useful info.

Categories: Tigase Forums

Tigase server development: RE: Packet changed once in addOutPacket()?

Wed, 10/29/2014 - 00:38

Thanks for the explanation, and thanks for the great work!

Categories: Tigase Forums

Tigase server development: RE: Tigase 5.2.1 cluster mode will recieve two same message

Tue, 10/28/2014 - 19:39

I would like to ask this question of repair?

Categories: Tigase Forums

Tigase server development: RE: 5.2.0 Message duplication in cluster mode

Tue, 10/28/2014 - 18:52

I Use 5.2.1 ,also have the same problem when 1-1 get duplicate messages ,but MUC is normal

Categories: Tigase Forums

Tigase server development: xmpp-server cluster problem

Tue, 10/28/2014 - 18:22

hi :

When using the XMPP cluster, the emergence of receiving repeated problems,
the specific phenomenon is I to send a message,
such as "Hello world", but received 2 times "Hello world" message

Init.properties file as follows:
--user-db = MySQL
--admins = admin@ottchat
--user-db-uri = jdbc:mysql://10.10.77.43:3306/tigase_test3?
User=umsManager&password=daYfs5F
Config-type = --gen-config-def
--virt-hosts = ottchat
#--debug = server
#--debug = net, server
--user-repo-pool-size=25
#--monitoring=http:9080
#--c2s-ports = 80
--stats-archiv=tigase.stats.CounterDataLogger:stats-logger:300
Stats/stats-archiv/stats-logger/db-url=jdbc:mysql://10.10.77.43:3306/tigase_test3?
User=umsManager&password=daYfs5F
Stats/stats-update-interval=120
--sm-plugins = +message-archive-xep-0136, +jabber:iq:auth,
+urn:ietf:params:xml:ns:xmpp-sasl, +urn:ietf:params:xml:ns:xmpp-bind,
+urn:ietf:params:xml:ns:xmpp-session, +jabber:iq:register, +jabber:iq:roster,
+presence, +jabber:iq:privacy, +jabber:, iq:version,
+http://jabber.org/protocol/stats, +starttls, +msgoffline, +vcard-temp,
+http://jabber.org/protocol/commands, +jabber:iq:private, +urn:xmpp:ping,
+basic-filter, +domain-filter, +pep, +zlib
#--comp-name-1 = muc
#--comp-class-1 = tigase.muc.MUCComponent
#--comp-name-2 = PubSub
#--comp-class-2 = tigase.pubsub.PubSubComponent
#--comp-name-3=srecv
#--comp-class-3=tigase.server.sreceiver.StanzaReceiver
--new-connections-throttling = 5222:20005223:5005269:10005280:5000
--data-repo-pool-size=60
--auth-repo-pool-size=60
--max-queue-size=2000
#--new-connections-throttling = 5222:2000
#--data-repo-pool-size = 60
#--auth-repo-pool-size = 60
#--max-queue-size = 2000 ###########################################################################
--cluster-mode = true
--cluster-connect-all = true
--cluster-nodes = bx_15_108:5222, zw_34_109:5222, zw_34_110:5222
--sm-cluster-strategy-class =
tigase.cluster.strategy.OnlineUsersCachingStrategy
--comp-name-1 = muc
--comp-name-2 = PubSub
--comp-class-1 = tigase.muc.cluster.MUCComponentClustered
--comp-class-2 = tigase.pubsub.cluster.PubSubComponentClustered

Categories: Tigase Forums

Tigase server development: RE: Packet changed once in addOutPacket()?

Tue, 10/28/2014 - 13:26

Yes, that sounds correct of IQ stanzas, agreed. However, PacketDefaultHandler doesn't differentiate between stanza types, although you can argue that you're taking the SHOULD part in the spec and decideing not to implement it.

This is because for message and presence stanzas we have plugins which handle these packets so default packet handler does not have to worry about them. The problem really is only with iq stanzas, because they have special meaning depending on the iq's namespace and even for the same namespace processing of iq stanzas depend on what is put in the to attribute/address.

Categories: Tigase Forums

Pages

Get in touch

We provide software products, consulting and custom development services

Tigase, Inc.
100 Pine Street, Suite 1250
San Francisco, CA 94111, USA
Phone: (415) 315 9771

Follow us on:

Twitter

  • Our public servers are tigase.im, sure.im, jabber.me. Create a new account in Tigase Messenger and select one of them http://t.co/PS6geOU8QD 4 days 9 hours ago
  • Using a public server at sure.im, tigase.im, jabber.me receive special optimizations for Tigase Messenger. http://t.co/jipOgWbX3g 1 week 2 hours ago
Back to Top