Once your server is setup, you may need to open at least two ports. By default XMPP communication happens on ports 5222/5269, to which point SRV records. Other ports used by the server are:
3478
(TURN or STUN, plain socket, TCP and UDP)5349
(TURN or STUN, over TLS, TCP and UDP)5222
(default XMPP socket port)5223
(legacy XMPP socket port)5269
(default s2s port, i.e.: federation support)5277
(component protocol port, e.g.: for external components)5280
(default BOSH port)5290
(default WebSocket port)8080
(HTTP API component port)9050
(JMX Monitoring)
If for any reason you can’t use default ports and have to change them it’s possible to point SRV records those ports. Please
keep in mind, that you have to open those ports for incoming connections in your firewall. In case you are using iptables
you can use following command to include those ports in your rules:
iptables -A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 5223 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 5269 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 5277 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 5280 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 5290 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 9050 -j ACCEPT
Both ports should be setup to use TCP only. If for any reason you want to make service available for different ports you can:
- change ports in Tigase configuration and update DNS SRV records;
-
forward those ports to default Tigase ports (this is especially useful under *nix operating system if you want to utilize ports lower than
1024
while running, as recommended, Tigase service from user account - there is a limitation and user accounts can bind to ports lower than1024
), for example usingiptables
rules (in following example we are making available Tigase SSL websocket port available under port443
, which is usually opened in corporate firewalls):iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 5291