The guide walks the reader through installing Openfire on a fresh CentOS 8 system, starting with picking a lightweight JDK and managing SELinux so the admin console can listen on port 9090. It explains how to download the tarball, extract it into /opt/openfire, create a dedicated non‑root user, and open the required firewall ports for XMPP clients and administration. Next, the tutorial shows launching Openfire with its startup script, setting up a systemd service for automatic restarts, and completing the web wizard to configure databases and domain names. Finally, it covers troubleshooting by pointing out where logs live, how to tweak Java heap settings when an OutOfMemoryError occurs, and why each step helps avoid common pitfalls.

Install Openfire XMPP Server on CentOS 8 – A Straight‑Shot Guide

If you’re looking to turn a clean CentOS 8 box into an instant messaging hub, this is the recipe that keeps the kitchen from burning down. We’ll cover Java, dependencies, SELinux quirks, and the minimal firewall tweak that often trips people up.

1. Grab the Right Java JDK

Openfire runs on Java, so the first thing to do is install a supported JDK. CentOS 8 ships OpenJDK 11 in AppStream, which is fine for Openfire 4.x.

sudo dnf install java-11-openjdk-headless -y

Why this matters: The headless variant omits the GUI libraries your server doesn’t need and saves a few megabytes. I’ve seen users try to install the full JDK, only for Openfire’s log‑ins to stall because of the extra native code.

2. Download and Unpack the Server

Grab the latest tarball from the official site and unzip it into /opt.

cd /tmp
wget https://www.igniterealtime.org/downloads/latest/openfire-4.x.tar.gz
sudo mkdir -p /opt/openfire
sudo tar xf openfire-4.x.tar.gz --strip-components=1 -C /opt/openfire

Why this matters: Extracting directly into /opt/openfire keeps everything tidy and avoids permission headaches later. The --strip-components=1 flag removes the top‑level folder in the archive so you don’t end up with a double‑nested structure.

3. Create an Openfire User (Optional, but Recommended)

Running services as root is a bad idea. Spin up a dedicated account:

sudo useradd -r -M -d /opt/openfire -s /usr/sbin/nologin openfire
sudo chown -R openfire:openfire /opt/openfire

Why this matters: If Openfire crashes, your root shell stays intact. I’ve seen a server crash while updating a package, and because the process ran as root, the entire system fell into a messy state.

4. Configure SELinux for Port 9090

CentOS 8 defaults to enforcing SELinux. Openfire’s admin console listens on port 9090, which SELinux will block unless told otherwise:

sudo setsebool -P httpd_can_network_connect 1   # allow web apps to talk outwards
sudo semanage port -a -t http_port_t -p tcp 9090

If semanage isn’t present, install the policy coreutils first:

sudo dnf install policycoreutils-python-utils -y

Why this matters: A blank screen at < http://your-server:9090/> is a classic SELinux symptom. I’ve run into it dozens of times; you think it’s a firewall issue, but the log actually points to SELinux.

5. Open the Firewall for XMPP Traffic

Openfire uses TCP ports 5222 (client) and 9090 (admin). Add them:

sudo firewall-cmd --permanent --add-port=5222/tcp
sudo firewall-cmd --permanent --add-port=9090/tcp
sudo firewall-cmd --reload

Why this matters: Forgetting to open port 5222 is a surefire way to get a “Connection refused” error in every client. I once had a user complain that their Android app wouldn’t connect until they added the port; it was all about the firewall.

6. Launch Openfire via Its Built‑In Script

Switch to the openfire user and run:

sudo -u openfire /opt/openfire/bin/startup.sh

The script starts an embedded Tomcat instance on port 9090. Once you see “Openfire is running” in the log, head to < http://your-server:9090/> in a browser.

Why this matters: The script takes care of setting JAVA_HOME and the classpath for you. Running it as root would inherit your environment variables, which can break Java’s runtime detection on some systems.

7. Set Up Openfire to Start at Boot (Optional)

Create a systemd service file:

sudo tee /etc/systemd/system/openfire.service <<'EOF'
[Unit]
Description=Openfire XMPP Server
After=network.target

[Service]
Type=forking
User=openfire
ExecStart=/opt/openfire/bin/startup.sh
ExecStop=/opt/openfire/bin/shutdown.sh
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable --now openfire.service

Why this matters: I’ve seen people manually start Openfire after every reboot, which is a real pain if you’re not comfortable with cron jobs. A proper systemd unit keeps things tidy and logs to journalctl -u openfire.

8. Finish the Web Setup

Open your browser, go to < http://your-server:9090/>, and follow the wizard:

1. Pick a database (SQLite is fine for small setups; MySQL/PostgreSQL for production).

2. Set an admin username/password.

3. Configure your domain name (example.com) so clients can resolve it.

Why this matters: The wizard does the heavy lifting of schema creation. If you skip any step, later you’ll see confusing “table not found” errors in the logs. I’ve seen users attempt to use a pre‑existing MySQL database without migrating the tables first; the result was a broken server.

9. Check the Logs if Things Go South

Logs live in /opt/openfire/logs. The most common hiccup is a java.lang.OutOfMemoryError if you push too many connections with the default heap size. If that happens, edit /opt/openfire/bin/startup.sh, add:

export JAVA_OPTS="-Xms512m -Xmx1024m"

and restart.

Why this matters: You’ll know exactly what’s wrong before you start blaming your network. I’ve seen folks hit OOM on a 2‑core server after adding too many bots; adjusting the heap fixed it in seconds.

That’s all there is to it—CentOS 8, Java, a bit of SELinux tuning, and Openfire’s wizard. Now you can push messages around between your devices or even host a chat room for friends. If something doesn’t work as expected, drop me a line; I’ve been in the trenches with this stuff more times than I can count.