This will build a vanilla installation of Openfire inside of a Docker container. Because Openfire wants persistent data, I've copied over the vanilla contents of the following directories to be mounted as persistent volumes.
/usr/share/openfire/conf
/usr/share/openfire/resources/security
/usr/share/openfire/embedded-db
/usr/share/openfire/plugins
If you prefer to build the container yourself, you'll need to do some prep work.
- Enter the
build
directory. - Review the Dockerfile for the version of Openfire that you wish to install. Change the environment variable
OF_VERSION
to match. - While you're there, review the version of
dumb-init
. If you need to change it, change theDI_VERSION
environment variable. - . Run
docker build
and optionally give it a tag that you like.
Copy the contents of the run
directory to a location on the filesystem from where you run containers.
I keep all container operations under /opt/docker/<container>
, so for the rest of this document I'll presume /opt/docker/openfire
, which I'll refer to as $rundir
.
- From
$rundir
, optionally editdocker-compose.yml
to change the tag for the container. - If you don't want to use the admin console over HTTP, remove 9090 from the ports config.
- Run
docker-compose up
to start the container in the foreground ordocker-compose up -d
to start it in the background.
- From
$rundir
, optionally edit therun.sh
file to change the tag for the container. - If you don't want to use the admin console over HTTP, remove 9090 from the ports config.
- Execute
run.sh
to kick off the container. This will mount the directories in their appropriate places, start Openfire, and tail the logfile.
You'll be able to connect by opening a browser and going to http://localhost:9090,
optionally replacing localhost
with the hostname or IP of your Docker host system.
If you're doing an upgrade and have configured TLS, you'll be able to connect to the admin console over HTTPS on port 9091.
As long as you start future iterations of the container from this directory, changes to the configuration, plugins, and the embedded database will be preserved.
For ease in installing SSL certificates, see this post.
Both KeyStoreImport.java
and KeyStoreImport.class
are contained in this repository, in the security
folder. The latter
is provided in case your origin container only provides the JRE.
-
Connect to the container and start a shell
$ docker run -it monachus/openfire /bin/ash
-
Follow along with the post, changing
/etc/openfire/security
to/usr/share/openfire/resources/security
In case that post disappears in the future, an abridged version of it is saved here.
When the time comes to upgrade the container, it's quite simple.
- Stop and remove the existing container with
docker kill
anddocker rm
. All of your data is persistent. - Make a backup of
$rundir
just in case something goes south. - Follow the build steps from above for the latest version of Openfire.
- Start your new container.
- If everything went well, remove the backups.
/etc/openfire
is now/usr/share/openfire/conf
- There is no more
lib
directory. Plugins are at the top level. /etc/openfire/security
is now/resources/security
- Openfire runs as
daemon
instead of its own user
- Backup
lib/embedded-db
,lib/plugins
, andetc
- Stop and remove the v3 container.
- Rename your current
$rundir
to$rundir.old
- From this source copy
run
to$rundir
(creating a new directory) - From your backups, copy the following:
- The contents of
etc/security
tosecurity
- The remaining contents of
etc
toconf
(excluding thesecurity
folder) - The contents of
lib/plugins
toplugins
except theadmin
folder - The contents of
lib/embedded-db
toembedded-db
- The contents of
- Restart the container via your chosen means