Tigase Administration Guide

Tigase Team

Revision History
Revision 8.1.0-SNAPSHOT2019-09-15/02:03:16TT

Table of Contents

I. Tigase Administration Guide
1. Tigase XMPP Server 8.0.0 announcement
Major Changes
Kernel and beans configuration
New Configuration File Format
Cluster Node Shutdown Changes
Significant cleanup of code and repositories
BouncyCastle being used for StartTLS
default-virtual-host property changes
All artifacts are signed
Scaled Down Installation Methods
Emojis now supported on Tigase XMPP Servers
XEP-0215 External Service Discovery now supported
XEP-0313 Message Archive Management now supported
XEP-0363 HTTP File Upload now supported
Startup now uses bootstrapping
CAPTCHA system now available for in-band registration
Schema changes
Shrinkable Statistics History
Statistics now available for all modules
Spam Protection
Changes in password storage
Dynamic TLS Buffer
XEP-305 Quickstart now supported
Database Timestamps
Config-type properties have changed
Database Watchdog implemented
Packet statistics expanded
XEP-0016 Behavior changes
Access Control List has new ACL modifiers
Option to ignore schema-version check added
Protection against brute-force attacks
New Minor Features & Behavior Changes
Fixes
Component Changes
AMP
PubSub
http-api
message-archive
MUC
socks5 Proxy
stats
STUN Server
WebSocket
2. Tigase User Guide
Jabber/XMPP introduction
Jabber/XMPP is Instant Messaging Technology
How to Use Tigase Service
This Article Describes How to use tigase.im Service for Instant Communications
Configuration instructions for Psi
Psi - Initial configuration
Short Instructions How to Add Your First Contact
3. About Tigase XMPP Server
Robust and reliable
Security
Flexibility
Extensibility
Ease of Use
XMPP Supported Extensions
Core Compliance Suite
Web Compliance Suite
IM Compliance Suite
Mobile Compliance Suite
Non-Compliance Suite Extensions
Full, ordered list of supported RFCs and XEPs:
4. Licensing and Open Source
5. Tigase Server Binary Updates
6. Quick Start Guide
Minimum Requirements
Contents
Installation Using Web Installer
Download and Extract
Start the Server
Verify Tigase is ready to start installation
Connect to the Web Installer
Step Through the Installation Process
Restart the Server
Verify Tigase is Running
Windows Instructions for using Web Installer
Manual Installation in Console Mode
Get the Binary Package
Unpack the Package
Prepare Configuration
Install Database
Start the Server
Check if it is Working
Windows Installation
Step 1: Initial Setup
Step 2: Starting Server
MySQL Database Installation
Tigase Server Network Instructions
A Records
SRV Records
Hosting via Tigase.me
Checking setup
Ports description
Tigase Script Selection
Configuration: For Linux Distributions using systemd
Configuration: For All Linux Distributions
Running Tigase as a system service
Shutting Down Tigase
Shutdown statistics
Shutdown StackTrace Dump
Shutting Down Cluster Nodes
Upgrading to v8.0.0 from v7.1.0
Backup your data
Setup Tigase XMPP Server 8.0.0
Upgrade configuration file
Connect new database
Upgrade Database schema
Help?
Upgrade/Restore with a script [experimental!]
7. Configuration
DSL file format
Why new format?
What is DSL?
Why DSL?
Example configuration file in DSL
Default configuration
Startup File for tigase.sh - tigase.conf
Linux Settings for High Load Systems
fs.file-max
net.ipv4.ip_local_port_range
TCP_keepalive
/etc/sysctl.conf
nofile
su and init script
JVM settings and recommendations
Heap Sizing
GC settings
What to use with Machine x, y, z?
Additional resources
Session Manager
Mobile Optimizations
threads-pool
Thread Pool factor
Strategy
Virtual Hosts in Tigase Server
Default VHost configuration
Specification for ad-hoc Commands Used to Manage Virtual Domains
Virtual Components for the Cluster Mode
Settings for Custom Logging in Tigase
Tigase Advanced Options
Using CAPTCHA for in-band registration
Enabling Empty Nicknames
Enable Silent Ignore on Packets Delivered to Unavailable Resources
Mechanism to count errors within Tigase
8. Security
XEP-0191: Blocking Command
Account Registration Limits
Brute-force attack prevention
Configuration
Server Certificates
Creating and Loading the Server Certificate in pem Files
Installing LetsEncrypt Certificates in Your Linux System
Custom Authentication Connectors
Tigase Auth Connector (DEPRECATED)
Tigase Custom Auth Connector
Drupal Authentication
LDAP Authentication Connector
Configuration of SASL EXTERNAL
SASL Mechanisms
Enabling and disabling SASL mechanisms (credentials encoder/decoder)
Packet Filtering
Domain Based Packet Filtering
Access Control Lists in Tigase
9. Database Management
Recommended database versions
Database Watchdog
Using modified database schema
Schema files maintenance
Assumptions
Checks
Schema files layout
Handling of changes in the schema
Making a change in old-stable (and stable)
Making a change in master
Implementation details
Database Preparation
Schema Utility
Prepare the MySQL Database for the Tigase Server
Prepare the Derby Database for the Tigase Server
Prepare the MS SQL Server Database for the Tigase Server
Prepare the PostgreSQL Database for the Tigase Server
Preparing Tigase for MongoDB
Hashed User Passwords in Database
Shortcut
Full Route
Tigase Server and Multiple Databases
Importing User Data
Importing Existing Data
Connecting the Tigase Server to MySQL Database
Integrating Tigase Server with Drupal
PostgreSQL Database Use
Schema Updates
Changes to Schema in v8.0.0
Tigase Server Schema v7.2 Updates
10. Components
Advanced Message Processing - AMP XEP-0079
First of all: plugins
Secondly: component
Optional parameters
Server Monitoring
Setting Up Remote Monitoring in the Server
Retrieving statistics from the server
Monitor Component
Configuration of statistics loggers
Server to Server Protocol Settings
Number of Concurrent Connections
Connection Throughput
Maximum Packet Waiting Time and Connection Inactivity Time
Custom Plugin: Selecting s2s Connection
skip-tls-hostnames
ejabberd-bug-workaround
Tigase Load Balancing
Available Implementations
Configuration Options
Auxiliary setup options
External Component Configuration
External Component Configuration
Tigase as an External Component
Load Balancing External Components in Cluster Mode
Load Balancing External Component
External Component and Cluster
Client to Server Communication
Configuration
Connections
Resumption timeout
Packet Redelivery
Tigase External Service Discovery
Setup & Configuration
11. Using Tigase
Offline Messages
Offline Message Limits
Storing offline messages without body content
Disabling Offline Messages
Last Activity
What updates last activity
Persist everything to repository
Tigase Log Guide
install.log
derby.log
etc/config-dump.properties
logs/tigase.log.#
logs/statistics.log.#
logs/tigase.pid
logs/tigase-console.log
Log File Location
Debuging Tigase
Configuration
Basic System Checks
Add and Manage Domains (VHosts)
Using Admin UI
Using ad-hoc commands
SSL Certificate Management
Presence Forwarding
Watchdog
Setup
Watchdog Configuration
Logic
Testing
Tips and Tricks
Tigase Tip: Checking the Runtime Environment
Licensing
Registering for a License
What happens if I do not use a license file or it is expired?
Demo mode
Unauthorized use
Manual mode
Tigase Clustering
Configuration
Old configuration method
Checking Cluster Connections
Anonymous Users & Authentication
Anonymous Authentication
Anonymous User Features
Scripting support in Tigase
Scripting Introduction - Hello World!
Tigase Scripting Version 4.4.x Update for Administrators
Tigase and Python
12. Appendix I - Statistics description
Data source statistics
User repository statistics of {repo}
Auth repository statistics of {repo}
Statistics common to custom {compname} component repositories
Statistics common to components
Component statistics
AMP
bosh
c2s
cl-comp
eventbus
message-archive
message-router
monitor
muc
proxy
pubsub
repo-factory
rest
s2s
sess-man
vhost-man
ws2s
13. Appendix II - Properties Guide
General
admins
Certificate Container
Component
config-type
debug-packages
debug
monitoring
plugins
priority-queue-implementation
roster-implementation
s2s-secret
scripts-dir
ssl-container-class
stats
stream-error-counter
stringprep-processor
test
tls-jdk-nss-bug-workaround-active
trusted
Repository
authRepository
authRepository
Cluster
cl-comp
cluster-mode
cluster-nodes
User connectivity
bosh-close-connection
bosh-extra-headers-file
client-access-policy-file
client-port-delay-listening
cross-domain-policy-file
domain-filter-policy
see-other-host
watchdog_timeout
watchdog_delay
watchdog_ping_type
ws-allow-unmasked-frames
External
bind-ext-hostnames
default-virtual-host
ext
Performance
cm-ht-traffic-throttling
cm-traffic-throttling
elements-number-limit
hardened-mode
max-queue-size
net-buff-high-throughput
net-buff-standard
nonpriority-queue
VHost / domain
vhost-anonymous-enabled
vhost-disable-dns-check
vhost-max-users
vhost-message-forward-jid
vhost-presence-forward-jid
vhost-register-enabled
vhost-tls-required
14. Tigase Server Extras - mDNS support
Overview
Enabling mDNS
Using different domain name
Forcing single server for domain
15. Tigase Advanced Clustering Strategy (ACS)
Design and implementation
ACS
Design
Tigase ACS SM Installation
Tigase ACS SM Configuration
Supported components
Tigase Advanced Clustering Strategy for Multi User Chat (ACS-MUC)
Tigase Advanced Clustering Strategy for WorkGroup (ACS-WG)
16. HTTP API component
Available modules
Admin UI module
Index module
REST module
Server status module
Setup module
Web UI module
DNS Web Service module
User Status Endpoint module
Common module configuration
Enabling/disabling module
Context path
List of virtual hosts
Complex example
Module specific configuration
Rest Module
DNS Web Service module
Enabling password reset mechanism
Admin UI Guide
A Note about REST
General overview of the UI
Configuration
Example Scripts
Notifications
Other
Scripts
Statistics
Users
Tigase Web Client
Chat
Discovery
Management
17. HTTP File Upload component
Enabling HTTP File Upload Component
Metadata repository
DummyFileUploadRepository
JDBCFileUploadRepository
Storage
DirectoryStore
Logic
URI template format
File upload expiration
Examples
Complex configuration example
Example configuration for clustering with HA
18. HTTP server
Dependencies
Configuration Properties
Additional properties of embedded HTTP server
Examples
HTTPS on port 8443 with SSL certificate for example.com
Changing port from 8080 to 8081
Usage of Jetty HTTP server as HTTP server
19. Tigase Message Archiving Component
Tigase Message Archiving Component
Announcement
Major changes
New features
Additional features
Querying in all messages
Querying by part of message body
Querying by tags
Automatic archiving of MUC messages
Database
Preparation of database
Upgrade of database schema
Schema description
Configuration
Custom Database
XEP-0136 Support
Support for MAM
Setting default value of archiving level for message on a server
Setting required value of archiving level for messages on a server
Enabling support for tags
Configuration of automatic archiving of MUC messages
Purging Information from Message Archive
Using separate store for archived messages
Setting Pool Sizes
Message Tagging Support
Usage
XEP-0136 Field Values
Manual Activation
Limitations
20. Tigase PubSub Component
PubSub Component
Announcement
Configuration
Database
Features
AdHoc Commands
REST API
Limitations
Addressing
21. Tigase Socks5 Proxy
Overview
Installation
Database Preparation
Configuration
Enabling proxy
Using a separate database
Performance
22. Tigase Push Component
Tigase Push Component
Workflow
Configuration
Enabling component
Usage
Sending notifications
Registering device
Unregistering device
Providers
Tigase Push Component - FCM provider
Overview
Configuration
Tigase Push Component - APNs provider
Overview
Configuration
23. Tigase STUN Component
Tigase STUN Component
What is STUN?
Requirements
Configuration
Setting descriptions
Logback configuration
24. Tigase SPAM Filter
Overview
Configuration
Changing active SPAM filters
Sending error when packet is dropped
Enabling logging of dropped messages
Filters
Same long message body
Error message and missing <error/> child
Groupchat messages sent to bare JID
Known spammers
Presence subscription filter

List of Tables

3.1. Core Compliance Suite
3.2. Web Compliance Suite
3.3. Web Compliance Suite
3.4. Web Compliance Suite
3.5. Core Compliance Suite
6.1. init.d chart
9.1. tig_users
9.2. tig_nodes
9.3. msg_history collection
21.1. tig_socks5_users