-
Notifications
You must be signed in to change notification settings - Fork 126
Usage: externaljid
Thanks to its design, Archipel can use external JID to acces the GUI (ArchipelClient):
- You log in with your entreprise JID, your password, and you put the BOSH service URL from your external server (propbably http://external.jabber.im:5280/http-bind/)
Using an external xmpp server like ejabberd or Openfire is test (For Openfire, the ArchipelClient must have been build after the 25/02)
If you cannot log in,
- Verify that no firewall blocks access to port 4080 (or wathever port used in the BOSH URL) and your browser
- Verify that you can access the BOSH url from your web browser: going with a browser on the BOSH URL should give you some text, probably an
Jetty: HTTP ERROR 400, bad requestfor openfire, orejabberd mod_http_bindfor ejabberd server
All the security is based on the ejabberd server where your register all hypervisor and VM. the connection with an external jabber server is made through s2s
You should restrict the registration to known hosts (the hypervisors=, so only these computers can create account (of course, no users can access these servers :))
When using external jid, S2S is used between jabber servers. If you want to restrict the list of servers which can connect, change the access line for S2S to specify the servers: In ejabberd.conf
Replace
{s2s_default_policy, allow}
with
{s2s_default_policy, deny}
{{s2s_host, "your.allowed.server.im"}, allow}
TODO