502 Bad Gateway

I got 502 Bad Gateway error after install JWT token authentication Prosody plugin

/http-bind?room=b0d10544d

502 Bad Gateway

SEVERE: [11] [xmpp_connection=client] XmppProviderImpl.doConnect#219: Failed to connect/login: The following addresses failed: 'localhost:5222' failed because: localhost/127.0.0.1 exception: java.net.ConnectException: Connection refused (Connection refused)

systemctl status prosody

I reinstalled jitsi. now 502 Bad Gateway error gone.

but, Iā€™m facing following issues.
I could not switch on mic, camera
moderator role not assign
2 user not able to join same room

ā— prosody.service - Prosody XMPP Server

Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-05-06 10:20:44 UTC; 15min ago
Docs: Documentation ā€“ Prosody IM
Main PID: 11908 (lua5.2)
Tasks: 1 (limit: 4631)
CGroup: /system.slice/prosody.service
ā””ā”€11908 lua5.2 /usr/bin/prosody -F

This issue only with token based authentication.
no any issue when I use internal_plain

  • Did you get any error messages while installing jitsi-meet-tokens

  • output?

luarocks list
  • Can you share your prosody config

I did not get any error while installing token

luarocks list

Installed rocks:

basexx
   0.4.1-1 (installed) - /usr/local/lib/luarocks/rocks

lbase64
   20120820-1 (installed) - /usr/local/lib/luarocks/rocks

lua-cjson
   2.1.0-1 (installed) - /usr/local/lib/luarocks/rocks

luacrypto
   0.3.2-2 (installed) - /usr/local/lib/luarocks/rocks

luajwtjitsi
   2.0-0 (installed) - /usr/local/lib/luarocks/rocks

luaossl
   20200709-0 (installed) - /usr/local/lib/luarocks/rocks

luasec
   1.0.1-1 (installed) - /usr/local/lib/luarocks/rocks

luasocket
   3.0rc1-2 (installed) - /usr/local/lib/luarocks/rocks
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitsi.domain.com";

external_service_secret = "EiFdp83kLK8pbZ9h";
external_services = {
     { type = "stun", host = "jitsi.domain.com", port = 3478 },
     { type = "turn", host = "jitsi.domain.com, port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "jitsi.domain.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES12$
}

VirtualHost "jitsi.domain.com"
    -- enabled = false -- Remove this line to enable this host
    authentication = "token"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    app_id="9912dc76c9c2e0"
    app_secret="d44f31b9f77e449f74821"
    allow_empty_token = false;
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/aa.key";
        certificate = "/etc/prosody/certs/aa.crt";
    }
    speakerstats_component = "speakerstats.jitsi.domain.com"
    conference_duration_component = "conferenceduration.jitsi.domain.com"
    -- we need bosh
    modules_enabled = {
    "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
        "presence_identity";
        "token_moderation";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.jitsi.domain.com"
    main_muc = "conference.jitsi.domain.com"
    -- muc_lobby_whitelist = { "recorder.jitsi.domain.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.jitsi.domain.com" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
    }
    admins = { "focus@auth.jitsi.domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true
    
-- internal muc component
Component "internal.auth.jitsi.domain.com" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.jitsi.domain.com", "jvb@auth.jitsi.domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.jitsi.domain.com"
    ssl = {
        key = "/etc/prosody/certs/auth.jitsi.domain.com.key";
        certificate = "/etc/prosody/certs/auth.jitsi.domain.com.crt";
    }
    authentication = "internal_hashed"

-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.jitsi.domain.com" "client_proxy"
    target_address = "focus@auth.jitsi.domain.com"

Component "speakerstats.jitsi.domain.com" "speakerstats_component"
    muc_component = "conference.jitsi.domain.com"

Component "conferenceduration.jitsi.domain.com" "conference_duration_component"
    muc_component = "conference.jitsi.domain.com"

VirtualHost "guest.jitsi.domain.com"
    authentication = "token"
    app_id="9912dc273777e630f8b1ecc876c9c2e0"
    app_secret="d44f31d075b4a379b9f77e449f748212"
    c2s_require_encryption=false
    --allow_empty_token = false;
    modules_enabled = {
      "muc_size";
      "speakerstats";
      "conference_duration";
    }

Component "lobby.jitsi.domain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

Component "internal.auth.jitsi.domain.com" "muc"
    modules_enabled = {
      "ping";
    }
    storage = "none"
    muc_room_cache_size = 1000

Do you have valid token while connecting to the meeting room?

1 Like

yes. I used laravel php framework.

I have same setup on different server. it is working well.
Iā€™m doing another setup on aws. got stuck with this :frowning:

I used this guide

Can you try with token from jitok

aud and iss should be 9912dc76c9c2e0 according to our config

Is the token_moderation; line added manually or already there?

I added manually. plugin file also added.
I removed that and tested. no luck

Is this a paste error or is 'p' really missing?

that is copy paste error

I tried this. no luck.

Do you have any other guide to configure token authentication?

Thank you very much for your support @emrah

I have no guide but I have an installer

1 Like

Iā€™m re-installing on fresh instance. I got this error when I install token

What is your distro/version?

1 Like

Ubuntu 20.04 LTS

Is liblua5.2-dev installed?