-1

I would like to setup an architecture which contains multiple openfire servers behind a compute engine load balancer. Also I would like to secure the communication between the server and clients using XMPP with TLS.

For the first part, I am guessing that if I change the IP of the domain name to point to load balancer IP and configure port forwarding accordingly then I can achieve this. Is this the right way to go about it ?

Now how do I secure communication in the above case using TLS ?

PS: I am using sleekXMPP in the client side.

sshntt
  • 191
  • 1
  • 13

1 Answers1

0

You have two main ways to secure XMPP communications.

1- Install SSL/TLS certificate for an CA, which should be installed on Openfire servers C2S and S2S in your case. The load balancer is not implicated in that.

2- End to End encryption, in this case you should add an encrypted algorithm to sleekXMPP. This method is used be generally for mobile secure chat apps.

For best security use both

Kassav'
  • 1,130
  • 9
  • 29