Attempted activating secure domain and lobby but can't start meeting

When I put my credentials in, it just returns to the ‘are you the host?’ message. Trying from the Android app just results in the loading circle thing just rotating infinitely. I also put muc_allowners in the conference section in the prosody file.

Anyone?

Welcome to the forum.

Can you share your cfg.lua file?

1 Like

Thanks!

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "mydomain.com";

turncredentials_secret = "<string>";

turncredentials = {
  { type = "stun", host = "mydomain.com", port = "3478" },
  { type = "turn", host = "mydomain.com", port = "3478", transport = "udp" },
  { type = "turns", host = "mydomain.com", port = "5349", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
  protocol = "tlsv1_2+";
  ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

VirtualHost "mydomain.com"
	-- enabled = false -- Remove this line to enable this host
	authentication = "internal_hashed"
	-- Properties below are modified by jitsi-meet-tokens package config
	-- and authentication above is switched to "token"
	--app_id="example_app_id"
	--app_secret="example_app_secret"
	-- Assign this host a certificate for TLS, otherwise it would use the one
	-- set in the global section (if any).
	-- Note that old-style SSL on port 5223 only supports one certificate, and will always
	-- use the global one.
	ssl = {
		key = "/etc/prosody/certs/mydomain.com.key";
		certificate = "/etc/prosody/certs/mydomain.com.crt";
	}
	speakerstats_component = "speakerstats.mydomain.com"
	conference_duration_component = "conferenceduration.mydomain.com"
	-- we need bosh
	modules_enabled = {
	    "bosh";
	    "pubsub";
	    "ping"; -- Enable mod_ping
	    "speakerstats";
	    "turncredentials";
	    "conference_duration";
	}
	c2s_require_encryption = false
	-- muc_lobby_whitelist = { "recorder.mydomain.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

VirtualHost "guest.mydomain.com"
    authentication = "anonymous"
    c2s_require_encryption = false
    modules_enabled = {
     "turncredentials";
     "muc_lobby_rooms";
    }
    lobby_muc = "lobby.mydomain.com"
    main_muc = "conference.mydomain.com"

Component "conference.mydomain.com" "muc"
    storage = "memory"
    modules_enabled = {
	"muc_meeting_id";
	"muc_domain_mapper";
	"muc_allowners";
	-- "token_verification";
    }
    admins = { "focus@auth.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.mydomain.com" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.mydomain.com", "jvb@auth.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.mydomain.com"
    ssl = {
	key = "/etc/prosody/certs/auth.mydomain.com.key";
	certificate = "/etc/prosody/certs/auth.mydomain.com.crt";
    }
    authentication = "internal_plain"

Component "focus.mydomain.com"
    component_secret = "<string>"

Component "speakerstats.mydomain.com" "speakerstats_component"
    muc_component = "conference.mydomain.com"

Component "conferenceduration.mydomain.com" "conference_duration_component"
    muc_component = "conference.mydomain.com"

Component "lobby.mydomain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

From that block, remove these lines:

1 Like

Thanks but same problem. Did sudo systemctl restart prosody, jicofo and videobridge2 too. The logs have stuff like org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target and SSL handshake errors. I have Jitsi installed on my main PC but I have a separate one now and the LetsEncrypt script worked fine so I’d guess it would’ve updated the cert or whatever it’s called to point to my new device.

What version of Java are you running? What linux distro?

Try this command:

update-ca-certificates -f

1 Like

Command was successful but still nothing, including service restarts. Debian 10. java -version says openjdk version "1.8.0_275" at the top.

There’s a standing issue with openjdk, esepcially in Debian.

Try adding this:

org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true

in /jicofo/sip-communicator.properties

1 Like

Thanks, that was it. Docs should be updated to reflect that. But the first suggestion you made regarding getting rid of two lines wasn’t mentioned in the docs or any troubleshooting page I’m aware of, either.