The HTTP File Upload plugin adds functionality to Openfire that allows compliant clients to exchange files. The protocol implemented by this plugin is defined in XEP-0363: HTTP File Upload.
Note: This plugin requires the HTTP bind option in Openfire to be enabled:
Server -> Server Settings -> HTTP Binding
Copy httpfileupload.jar into the plugins directory of your Openfire installation. The plugin will then be automatically deployed. To upgrade to a new version, copy the new httpfileupload.jar file over the existing file.
After installation, the functionality provided by the plugin is automatically available to clients. While exchanging files, the plugin by default stores the files that are being transferred in a temporary directory that is removed when Openfire is shut down. The content of this directory is purged when its total size is larger than the remaining disc space.
Most configuration options can be controlled by two different properties. Apart from using regular Openfire properties, controlled in the Openfire admin console, XML properties can be used. XML properties are properties stored in the openfire.xml file.
Regular properties are stored in the database. This will ensure that a property value is equal on all servers in a cluster of Openfire servers. When it is desirable to have a property values that are different on each server, an XML property can be used (as the content of the openfire.xml file can be different on each server).
When both a regular and an XML property is defined, then the XML property value will take precedence.
XML property | plugin.httpfileupload.serverspecific.fileRepo |
---|---|
System Property | plugin.httpfileupload.fileRepo |
By default, the plugin will store all uploaded files in a temporary directory that is provided by the Operating System. This directory is configured to be deleted, after Openfire quits. Some Operating Systems are known to periodically purge these temporary directories, which is another potential source of data loss. This plugin can be configured to use any other directory for data storage, by providing the path for that directory in either property listed above. Note that the directory is expected to exist (this plugin will not attempt to create it if it is missing). Be sure that the process owner of the Openfire process has enough permissions to read and write in that directory.
XML property | plugin.httpfileupload.serverspecific.maxFileSize |
---|---|
System Property | plugin.httpfileupload.maxFileSize |
To configure the maximum allowable file size to be uploaded by clients, the property defined above can be set to a value in bytes. If not set, a default value is used. To disable the file size limitation, set a property to a value of -1.
The plugin will send URLs to the client that are to be used to upload or download data. To following properties can be used to control the composition of the URLs that are generated.
To change the HTTP server protocol from the default value of "https" to "http" for example, use these properties:
XML property | plugin.httpfileupload.serverspecific.announcedWebProtocol |
---|---|
System Property | plugin.httpfileupload.announcedWebProtocol |
To change the HTTP server hostname from the default value used by Openfire, use these properties:
XML property | plugin.httpfileupload.serverspecific.announcedWebHost |
---|---|
System Property | plugin.httpfileupload.announcedWebHost |
To change the HTTP server port from the default value (7443) used by Openfire, use these properties
XML property | plugin.httpfileupload.serverspecific.announcedWebPort |
---|---|
System Property | plugin.httpfileupload.announcedWebPort |
To change the web context root as announced to clients from the default value (/httpfileupload) used by use these properties:
XML property | plugin.httpfileupload.serverspecific.announcedWebContextRoot |
---|---|
System Property | plugin.httpfileupload.announcedWebContextRoot |
The plugin can be integrated with an external malware scanner (read more below). These properties are used for that.
To enable or disable the integration, use this property. When the ClamAV daemon cannot be reached while the feature is enabled, all file uploads will be rejected.
System Property | plugin.httpfileupload.clamavEnabled |
---|
Controls the host that is used to integrate with an external (third-party) ClamAV malware scanner daemon.
System Property | plugin.httpfileupload.clamavHost |
---|
Controls the port that is used to integrate with an external (third-party) ClamAV malware scanner daemon.
System Property | plugin.httpfileupload.clamavPort |
---|
Defines the duration (in milliseconds) after which Openfire giving up trying to establish a TCP connection to the ClamAV scanner daemon.
System Property | plugin.httpfileupload.clamavConnectionTimeout |
---|
To facilitate virus scanning, you can configure the application to use ClamAV. ClamAV is a third-party, open source (GPLv2) anti-virus toolkit, available at www.clamav.net
To configure this application to use ClamAV, install, configure and run clamav-daemon, the scanner daemon of ClamAV. Configure the daemon in such a way that Openfire can access it via TCP.
Note: ClamAV is configured with a maximum file size. Ensure that this is at least as big as the maxFileSize that is provided as an argument to the HTTP File Upload Plugin.
Then, start the HTTP File Upload Plugin application with the clamavHost and clamavPort arguments. When these are provided, the application will supply each file that is being uploaded to the ClamAV daemon for scanning. A file upload will fail when the ClamAV daemon could not be reached, or, obviously, when it detects malware.
While malware scanning can offer some protection against distributing unwanted content, it has limitations. Particularly when the uploaded data is encrypted, the scanner is unlikely able to detect any malware in it.
Special consideration needs to be given to the deployment of this plugin in a cluster of Openfire instances. This section outlines the main concerns.
Unlike most other XMPP-related functionality, this 'HTTP File Upload' functionality uses an additional data path: not only is the XMPP connection itself used; HTTP requests are also made. The HTTP protocol is used to upload and download data. The URLs for these interactions are sent over the XMPP data channel.
In a typical scenario, a client that wants to send a file requests an 'upload slot' through XMPP. When assigned a slot, its URL (as well as other metadata) is returned to the client by the server. Using this information, the client will then upload the data using an HTTP PUT request. After the upload has succeeded, the client will send, over XMPP, send the URL to the intended recipients of the data. Their clients will receive that URL (over XMPP) and subsequently perform an HTTP GET request to download the data from the web server.
When each of the Openfire cluster node servers is connected directly to the internet, accessible to clients through their fully qualified domain name, then no configuration might be needed to make HTTP File Upload functionality available on all cluster nodes, for all clients.
pros & cons: This solution requires no configuration, provides adequate scalability, but does not offer much data redundancy or flexibility in network architecture.
Since version 1.2.0 of this plugin, the definition of a Slot is shared across all XMPP cluster nodes. This slot defines the endpoint addresses to be used by the uploader, as well as the recipients of the data.
In the scenario described by this configuration option, each Openfire cluster node will issue slots that contain endpoint URLs that are specific to the server that issued the slot. This means that the upload, as well as all downloads, will be directed to URL on that same server.
In certain environments it is undesirable or unpractical to expose more than one endpoint URL to chat clients. This is frequently the case when the network architecture includes a load balancer. For this or other reasons, it might have been necessary to reconfigure the 'announced' endpoints (using the configuration options defined in the Configuration paragraph of this document) to use the same endpoint address for all requests.
pros & cons: This solution is typically easy to configure, but provides poor redundancy and scalability.
In this scenario, the singular endpoint address could be mapped to exactly one Openfire cluster node. This can be achieved by directly mapping the 'announced' endpoint details to the address of one of the Openfire nodes, (as described in the Configuration paragraph of this document) or by configuring the load balancer to 'balance' the traffic to just one of the nodes.
pros & cons: More complex to configure, but provides better redundancy and scalability.
When a singular endpoint address is used, then this option typically involves a load balancer that distributes the HTTP requests over all cluster nodes. This comes with some complexities:
When using this configuration option, it should be assured that every XMPP cluster node can fulfill HTTP upload and download requests for all slots.
Since version 1.2.0 of this plugin, the definition of a Slot is shared across all XMPP cluster nodes. To ensure that all data is accessible, all cluster nodes should use the same shared network folder for file storage. This network folder should be available on the filesystem of each of your Openfire servers, using the same path name. This plugin should be configured to use this directory for data storage, by using the plugin.httpfileupload.fileRepo property, as described in the Configuration paragraph of this document.
Realisation of a shared network folder is likely highly specific to the operating system used for your Openfire servers, and is out of scope for this document.
Icons made by Smashicons from
www.flaticon.com is licensed by
CC 3.0 BY.
Diagrams created on diagrams.net/draw.io.