MUC and Derby don't match...
I am sorry to say this. We have found a bug in the MUC component which breaks it for the Derby database. So at the moment MUC component won't work on installations using Derby database. A fix is already ready and will be released later today. I am sorry for all the inconvenience.
35, kobit//tigase.org, 2008-11-13 12:19
The first bug report for the new release...
Just received the first bug report:
#99. If anybody else experienced problems like this please send me the report immediately. Ideally with as much information as possible. Have a look at the comments to this ticket for details what information are useful to me. And also please send me your contact info so I could respond directly.
34, kobit//tigase.org, 2008-11-13 10:31
300 page views in an hour!
New version of the Tigase server has been released. Article published and within an hour the article read counter turned 300 views...
33, kobit//tigase.org, 2008-11-12 22:16
XMPP/Jabber service restarts
We are planing the XMPP server upgare works in coming days to the most recent version. Therefore please be adviced there might be service disruptions in coming days.
32, kobit//tigase.org, 2008-10-03 13:57
Minis from XMPP are back
Due to a significant code rework and changes in many places of the Tigase server short-news were temporarly not working.
This was mainly related to clustering implementation in the Tigase server and need for major code cleanup. The implementation has been finished and slowly all parts of the system are back....
31, kobit//tigase.org, 2008-07-02 10:27
Ah, I am sorry. I have switched off access to the port 5223 (the SSL port). This is because we have a few virtual domains on the server and it doesn't work very well with SSL. I mean the server never knows for which domain you are making SSL connection so it doesn't know which SSL certificate to use.
It does work fine however with TLS thus at the moment you can easily connect to the port 5222 and use TLS.
I am sorry but I have forgotten to change Java applet configuration after the server update and it is still trying to connect to SSL port.
You can also use Gaim to connect to the server, but again you need to connect to port 5222 and use TLS.
Anyway, my e-mail address and Jabber address is my nickname at tigase.org.
Your server at tigase.org seems to be offline, at least I can't login with java-pluggin or Gaim
Sure, send it over to me. If you put also hostnames there I should be able to prepare initial configuration for you.
You can use a contact form to send me your e-mail address and I then send you my e-mail and Jabber/XMPP address. This way you could send me some information which you would not like to reveal to the public.
Alternatively you can use Jabber client which is available on www.tigase.org front page. If you run it, it automatically logins as a guest and my contact is in the roster so we can talk on-line.
I have test almos all jabbers server from http://www.jabber.org/software/servers.shtml first I was tested ejabberd because Erlang "distributed data-base" sounds good, but it was so disappointing, when I was find Tigase I chose it because the routing-concept sounds very like as my idea about routing / relaying. May I send you by mail some diagram about my topology and where I think session-managers will be placed ?
Actually this case is quite typical to be honest. Most of network configurations consist of DMZ part and internal company network. DMZ can not access machines in the internal LAN but machines from internal LAN can access DMZ.
You can install XMPP server in DMZ and everything works fine but then you can not properly integrate the server with the internal company system and all users need to have a separate account for Jabber and a separate account for the internal system. This is not very convenient.
On the other hand if you install the server in the internal LAN you can integrate it with the rest of your system but s2s connections are not possible so your service is limited.
The ideal solution would be to split the installation of the XMPP server into two parts. One part in the DMZ is responsible for all the Internet connectivity and the second part in the internal LAN is responsible for handling user accounts and authentication. There is even a guide how to setup Tigase in such an environment. Look for
--gen-config-smand--gen-config-csconfiguration generators.To be honest I think this is what you really need. I think you have 2 restricted networks and one kind of a DMZ zone. So in fact you could put all the connection managers in this DMZ (c2s and s2s) and on both restricted networks you can install session managers only. And this way users from both restricted networks could communicate without any problems.
On the other hand, you are asking how many levels are possible. I don't see any restriction on the number of levels. With this routing mechanism you could create installation with as many levels as you want or even it doesn't need to be flat configuration. It could look like a graph, like real Internet architecture. The problem is that you would need set all routings manually and maintenance would be a nightmare.
Tigase was designed and implemented with this particular case in mind. But it also supports more complex configurations. You can read a little bit more about this in my presentation I gave last year during FOSDEM. The presentation is available for download from this location. This is an OpenOffice presentation.
I designed and implemented Tigase with a high security in mind. Many parts of the server were designed to be secure even if you loaded insecure code. Plugins - elements which handle user requests can not access directly database and they can only access own user data. So in case if a cracker invents an XMPP packet to access other users private data it gets nothing because the code itself doesn't have access to other users private data.
Your answer are so clever.Many many many thanks, "endless" sounds very good. Im working in a Military project where access rules are so enforced and conectivity is only possible between adjacents levels (level1 can reach level2, level2 can reach level3 but level1 can't reach level3 directly etc etc) Just another question: What is the limit of levels in this topology. I wonder if it is possible to have, perhaps 4-5 levels ? (level1 <-> level2 <-> level3 <-> level4 <-> level5) ...
Let me explain you a bit more how it all works and then it should be more clear why it is not working as you expect and what to do to make it working like you want.
Generally speaking XMPP wasn't designed for what you want to achieve. The XMPP server isn't the router in the same sense as the Internet router is.
There are 2 communication protocols defined in XMPP:
There only 2 use cases possible with XMPP:
User1 <--c2s--> Srv1 <--s2s--> Srv2 <--c2s--> User2
Normally communication between above User1 and User2 can not go through the third XMPP server.
Tigase server, however has a feature that you can assign as many addresses to each component as you like. If you assign address to a component it then the server understands that this component can handle packets for this address.
s2s component usually has assigned "*" address which means it can handle all requests. But inside the Tigase server component with "*" address is considered as the last one to handle a packet.
Therefore in Tigase you can route packet different way than it would normally go using standard protocol. You can connect any 2 Tigase servers using XEP-0114 component and you can assign any address (one or more) for this component. So some packets can go different way than others.
Well using this feature you have endless number of possible combination for your setup. You could for example use only the server which is in the middle (node2) for commication with the rest of the world and put s2s and c2s components only on node2. Node1 and node3 could just use it as a gateway.
Give me a day or 2 and I will prepare for you an example configuration with the setup with 3 nodes where node1 forwards packets to node3 through the node2. It might be not so easy to create such a configuration if you are doing it for the first time.
Sorry, when I writed "node1 try to connect to node2" really it must be "node1 try to connect to node3". My apologies
I was tried almost all the configurations read here: http://www.tigase.org/node/1358 during the last 3 days but I don't know why I can't route packets through session-managers. Users from node2 can see users from node1 and node3 but users from node1 can't see users from node3. I suspect really node2 are using s2s to connect and obviously when node1 try to connect to node2 using s2s it can't connect because there are no routes (routes in TCP/IP level) between this hosts.
Dear Artur, yes your are right, I want to pass conections from node1 to node3 through node2 as "internet routers do" ( I think the term "router" in jabber protocol is a bit obscured ). I have readed about XEP-0114 and I have thinked in code some component to do this but Im so newbe in jabber and the penalty in time to do this must be significant. Anyway cs2 routes / s2s routes or similar must do the trick I mean. Could you explain me how to configure Tigase to do this, please ? Thanks
Hello,
I am not sure if I understand what you want to achieve. It might be unusual configuration indeed.
I mean if each node works and serves for a different domain then why you don't install 3 separate Tigase servers on each node for each domain?
Do you want to install Tigase in cluster mode or you have just installed 3 separate Tigase servers and node1 can't communicate with a node3? If this is a case then I still think it is possible to connect them all but you should probably use XEP-0114 protocol to create kind of a bridge between node1 and node2 and then node3. There is a component in Tigase for this but the configuration might not be very straightforward.
If this is what you want please tell me a bit more about your needs and I am sure I can help you.