|
Jump to: Baraza: Pre-installation requirementsPlatformsBaraza currently runs on Linux (Kernel 2.6.x, glibc v2.1 and above). Future releases may support other platforms.Required Software PackagesBaraza uses the PosgreSQL RDBMS (v.8.2 and above) for data storage. You therefore need to install PostgreSQL. (Baraza will create its database automatically on first startup.)If you are re-installing Baraza, be sure to make a dump/backup of the existing database prior to re-installing Baraza, as the database structure may change from one release to the next. (Refer to the release notes contained within the package for details on whether this is required for a particular release.) Be sure to dump only the data (not schema) as INSERTs with explicit column names (using pg_dump: pg_dump -Da database_name). Since Baraza will create the database on startup, you will want to let Baraza create a new, empty database. You should then restore your backup data to the new database. PostgreSQL is generally easy to use and quote robust. Numerous PostgreSQL tutorials and resources exist online. Please refer to them for additional information, or visit the Online Forums for additional information. Configuring DNS Records for Server-to-Server CommunicationsIf you intend to exchange instant messages and presence with external users/servers, you must configure DNS SRV records for all the domains to be served by your installation. Both IMPS and Jabber/XMPP SRV records are required to enable full server-to-server message exchange. Without these records, external servers will not know how to contact your domain for message and presence information exchange.The IMPS server-to-server protocol protocol (a.k.a IMPS SSP) uses HTTP(S) over TCP/IP. In order to determine the host which handles messages for a particular domain (a.k.a Service Access Point or SAP), the server will look up the imps-server service (proto tcp only) for the domain. Therefore (assuming you are using bind/named), you want to provide DNS records for your domain of the following form: impsserverhostname. 86400 A impserver-ip-address _imps-server._tcp.mydomain. 86400 IN SRV 5 0 8181 impsserverhostname.This tells other Baraza/IMPS servers that your domain mydomain has as its IMPS server the host impsserverhostname listening on port 8181. Baraza will connect to that host/port and use HTTPS (or, failing that, HTTP) to exchange any messages using SSP v1.3. Jabber/XMPP server-to-server protocol uses (optionally secure) TCP/IP for message exchange. In order to determine the host which handles Jabber/XMPP messages for a particular domain, a server will look up the xmpp-server service (proto tcp) for the domain. Failing that, it will lookup the old-style jabber service. Therefore (assuming you are using bind/named), you want to provide DNS records for your domain of the following form: impsserverhostname. 86400 A impserver-ip-address _xmpp-server._tcp.mydomain. 86400 IN SRV 5 0 5269 impsserverhostname. _jabber._tcp.mydomain. 86400 IN SRV 5 0 5269 impsserverhostname.This tells other Jabber/XMPP servers that your domain mydomain supports XMPP messaging and has as its Jabber/XMPP server the host impsserverhostname listening on port 5269. The Jabber/XMPP RFC 3920 specifies that in the abscence of SRV records, port 5269 at the domain host will be tried for server-to-server communication. If you know what you are doing, you may ensure that your Baraza instance is listening for XMPP connections at that port — see server configurations for details &mdash and omit the Jabber/XMPP DNS configurations specified above. Configuring SSL/TLS for Server-to-Server CommunicationsIn order to enable seamless server-to-server communication using XMPP v1.0 or IMPS SSP, you should create a SSLv3/TLSv1 certificate/key pair. (XMPP v1.0 servers require use of the TLS protocol for secure server-to-server communication.) It is also desirable to secure client-to-server and server-to-server communcation when using IMPS protocols (CSP and SSP) over the public Internet. It is recommended that you create a signed certificate and key file. The certificate may be self-signed. To create a self-signed certificate, you can use the openssl command (Windows, Linux, Mac OSX). Here is an example key creation session:[root@im]# openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout pk.pem -out key.pem Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key .................++++++ ........++++++ writing new private key to 'pk.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: WS State or Province Name (full name) [NJ]: Wireless State Locality Name (eg, city) [Baraza Ville]: Baraza Village Organization Name (eg, company) [Company Ltd]: Widgets Corp. Organizational Unit Name (eg, section) []:IT Department Common Name (eg, your name or your server's hostname) []: org-baraza.com Email Address []: baraza@org-baraza.com [root@im]# openssl rsa -in pk.pem -out privkey.pem read RSA key Enter PEM pass phrase: writing RSA key [root@im]# cat privkey.pem >> key.pem [root@im]# rm privkey.pem pk.pemAdapt inputs to your needs. (You probably want to ensure the file is only readable by the Baraza server.) There are numerous online tutorials for creating CA-signed files, please refer to these if you do not wish to use a self-signed certificate.
|
copyright © 2008. Digital Solutions