Cisco AJAX XMPP Library Deployment Guide


Web 2.0 library for XMPP-based Instant Messaging, Availability and Roster Management


Overview

The Cisco AJAX XMPP Library is a client-side JavaScript library that runs in a browser. The BOSH server supports the client requests using the BOSH interface. Essentially BOSH allows for bidirectional communication between the client and server by efficiently using multiple synchronous HTTP request/response pairs without requiring the use of frequent polling. The client and server exchange data using XMPP messages that are sent as HTTP POSTs to the BOSH service.

By default the BOSH service is available at the URL http://some-bosh-server:7335/httpbinding on the BOSH server. To test that the BOSH service is up and running, enter the BOSH URL into a browser. You should receive a HTTP 400 'Bad Request' error. This indicates that BOSH is running. Note that you should not receive a 404 error.

Deployment

Cisco distributes the Cisco AJAX XMPP Library as a zip file. The doc directory contains the documentation and samples and the themes directory contains the default stylesheet and images for the UI library. To deploy the Cisco AJAX XMPP Library you need to package the JavaScript files and the resources directory as part of your web application and deploy it to your web server.

Same origin policy

A restriction that arises with the deployment model is that browsers apply a same-origin security policy. This means that the browser can only make AJAX requests to the server from the location where the web content is originally loaded. Because web content loads from your web server, the Cisco AJAX XMPP Library cannot make direct AJAX requests to the BOSH server. A common deployment solution for this is to set up a HTTP proxy on your web server which proxies all of the BOSH requests from the Cisco AJAX XMPP Library to the BOSH server. The next section describes how to set up such a proxy for BOSH.

Cross origin policy

There is a standard that allows requests made by a web page from one origin (host + port) to make requests to other origins called Cross Origin Resource Sharing, or CORS. Support for this standard is implemented in most modern browsers (Firefox 3.5+, Safari 4+, Google Chrome 2+, and Internet Explorer 8+), however is not yet implemented in all XMPP servers.

If the BOSH server supports it and the users of the CAXL-based application are using modern browsers, there is no need to setup a server-based proxy. Instead, specify the absolute URL to the BOSH server in the "httpBindingURL" configuration properties (either globally or as passed to Client.connect):

var connectArgs = {
    httpBindingURL: "http://bosh.example.com:5280/httpbinding"
};
client.connect(userJid, password, connectArgs);

Proxy Setup

In a typical web deployment model for your application, your web client that is integrating the Cisco AJAX XMPP Library will not be able to access the BOSH server due to same-origin security restrictions in the browser. For example, if your web application is available from the URL http://example.com/support and the BOSH URL on your BOSH server is available via http://some-bosh-server.com:7335/httpbinding, browser security restrictions blocks any AJAX requests to http://some-bosh-server.com from a page that is served from http://example.com. A workaround to resolve this issue is to create a HTTP proxy on your web server to proxy all BOSH requests from the Cisco AJAX XMPP client to the BOSH server. The following instructions outline how to achieve this using Apache and nginx.

Configuring the Apache Web Server

In this configuration example, we use http://example.com/httpbinding as the proxy URL to create for your web server. Any requests to that URL are forwarded to http://some-bosh-server.com:7335/httpbinding, and any data received because of those requests are passed on to the web browser as if it's coming from http://example.com/httpbinding. This procedure describes how to configure the HTTP proxy:
  1. You need to create a reverse proxy URL on your web server to point to the BOSH URL on the BOSH server e.g.
    '/httpbinding' ==> 'http://some-bosh-server.com:7335/httpbinding'.

    To do so, add the following entry in the main Apache config file httpd.conf:

    ProxyPass /httpbinding http://some-bosh-server.com:7335/httpbinding keepalive=On disablereuse=Off
  2. Also in httpd.conf, enable the following modules.You can do this either by adding these lines or by removing the comment tags if they already exist but are commented out. 
    LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
  3. Restart the Apache server for the changes to take effect.

Enabling SSL between the Proxy and the BOSH Server

In the case where the BOSH interface is SSL enabled, your proxy must be able to encrypt requests to and from the CUP server. In addition to the steps highlighted in the above section, the following steps need to be completed.

  1. Modify the ProxyPass URL in the httpd.conf file should be modified to specify https as the protocol rather than http. 
    ProxyPass /httpbinding https://some-bosh-server.com:7335/httpbinding keepalive=On disablereuse=Off
  2. Enable the ssl module also in the httpd.conf file. 
    LoadModule proxy_module modules/mod_ssl.so
  3. The httpd.conf file should be modified to activate the SSLProxyEngine. 
    SSLProxyEngine on
Ensure you restart the Apache server for the changes to take effect.

nginx Web Server

nginx is a fast, lightweight web server, which is particularly easy to set up for proxying HTTP and serving simple static files. Its strengths match the needs of most Cisco AJAX XMPP Library deployments. To create a proxy URL, you need to add the following entry to the server configuration in the main nginx configuration file nginx.conf. 
server {
    .......

    location /httpbinding {
        access_log off;
        proxy_pass http://some-bosh-server:7335/httpbinding;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }     
}
Restart the nginx server for the changes to take effect.

Testing the proxy

To test your proxy setup, go to the URL http://example.com/httpbinding in your web browser. You should get a HTTP 400 Bad Request error which indicates that you have set up the proxy correctly. You should get the same error if you try to go to the URL http://some-bosh-server.com:7335/httpbinding directly. If you get a HTTP 404 Not Found error, this means your web server is not proxying the request correctly.
© 2012 Cisco Systems, Inc. All rights reserved.

CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)