Browser "connection refused"

Thank you in advance for your help. This post got flagged once as spam, so if there is something wrong with how I’ve written it, please let me know. It’s my first one!

Issue:

https://example.com:8443 ( or 8000) always results in connection refused. Other docker containers are accessible from browser, but not jitsi containers. No error logs.

I have forwarded the recommended ports on my router to the host machine and opened them on host (443, 80, 8443, 8000, 10000, 4443)

Things I’ve tried:

  • Turning off the docker_host_address variable in .env (don’t understand this one, is the docker host address the internal address for docker, or the host that is running docker’s address?)
  • Double check firewall settings and router settings

Things I haven’t tried because I couldn’t find how:

  • Change config dir permissions within docker images
  • ?

This shouldn’t be a hard fix, so I know I’m missing something. Thank you in advance for helping me along to my next error. Also, if there’s anything else you can think of that I need to do to integrate rocketchat users with the jitsi service you’re aware of, please let me know!

More details:

I’m running those servers and a local file server from a desktop PC running Ubuntu Server 18.04 LTS. It connects to a router then to our modem. Our DNS record is maintained by Wix, so I’ve created two A records for the two services and pointed them to the static IP that goes to the router. Router passes 80, 8000, 443, 8443, 22, 3000, 10000 to the machine on LAN that I access thru remote ssh.

I did try installing Jitsi directly to machine and I was able to get to the Jitsi service through my browser. But, I’m new to network architecture and security, and I really want to containerize everything I can, since that seems more flexible re: deployment and isolation (makes me feel better about having sensitive files on the same machine that is open to the internet, although I’m sure someone here can educate me on that’s probably still not a good idea)

My .env file:

#
# Basic configuration options
#

# Directory where all configuration will be stored.
CONFIG=/opt/jitsi-meet-cfg

# Exposed HTTP port.
HTTP_PORT=8000

# Exposed HTTPS port.
HTTPS_PORT=8443

# System time zone.
TZ=America/Chicago

# Public URL for the web service.
PUBLIC_URL="https://telehealth.kcatx.org"

# IP address of the Docker host. See the "Running on a LAN environment" section
# in the README.
# DOCKER_HOST_ADDRESS=172.17.0.1


#
# Let's Encrypt configuration
#

# Enable Let's Encrypt certificate generation.
ENABLE_LETSENCRYPT=1

# Domain for which to generate the certificate.
LETSENCRYPT_DOMAIN=telehealth.kcatx.org

# E-Mail for receiving important account notifications (mandatory).
LETSENCRYPT_EMAIL=info@kcatx.org


#
# Etherpad integration (for document sharing)
#

# Set etherpad-lite URL (uncomment to enable).
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001


#
# Basic Jigasi configuration options (needed for SIP gateway support)
#

# SIP URI for incoming / outgoing calls.
#JIGASI_SIP_URI=test@sip2sip.info

# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd

# SIP server (use the SIP account domain if in doubt).
#JIGASI_SIP_SERVER=sip2sip.info

# SIP server port
#JIGASI_SIP_PORT=5060

# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP

#
# Authentication configuration (see README for details)
#

# Enable authentication.
#ENABLE_AUTH=1

# Enable guest access.
#ENABLE_GUESTS=1

# Select authentication type: internal, jwt or ldap
#AUTH_TYPE=internal

# JWT auuthentication
#

# Application identifier.
#JWT_APP_ID=my_jitsi_app_id

# Application secret known only to your token.
#JWT_APP_SECRET=my_jitsi_app_secret

# (Optional) Set asap_accepted_issuers as a comma separated list.
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client

# (Optional) Set asap_accepted_audiences as a comma separated list.
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2

my docker compose:

version: '3'

services:
    # Frontend
    web:
        image: jitsi/web
        ports:
            - '${HTTP_PORT}:80'
            - '${HTTPS_PORT}:443'
        volumes:
            - ${CONFIG}/web:/config
            - ${CONFIG}/web/letsencrypt:/etc/letsencrypt
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
        networks:
            meet.jitsi:

    # XMPP server
    prosody:
        image: jitsi/prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            meet.jitsi:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: jitsi/jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - TZ
        depends_on:
            - prosody
        networks:
            meet.jitsi:
    # Video bridge
    jvb:
    image: jitsi/jvb
    ports:
        - '${JVB_PORT}:${JVB_PORT}/udp'
        - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - JICOFO_AUTH_USER
            - TZ
        depends_on:
            - prosody
        networks:
            meet.jitsi:
# Custom network so all services can communicate using a FQDN
networks:
    meet.jitsi:

Have you waited long enough? On the first start the DH params are generated, which may take up to minutes. Check the web container log output.

Good call, thanks for the help. So, the answer is yes, I’ve waited 24 hours +. I’ve also since reloaded my firewall rules, which I was hoping was the issue, but it looks not.

Hum. Can you check the logs in the “web” container? Also, did you make any changes to your .env file after starting your cocntainers for the first time?

Hmm, it does look like something is wrong… here are the last 50 logs:

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/telehealth.kcatx.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

I don’t know how an SSL error blocks me from accessing http://example.com:8000 though…

I used letsencrypt to generate certificates for rocket.chat and then for jitsi. I have a .pem, .crt and .key generated by letsencrypt that I created through acme-nginx and then copied into /etc/nginx when I was messing around trying to fix this too.

And I have modified my .env file, but I also deleted the directory and ran docker-compose afterwards. I just did it again to be safe.

Maybe nginx didn’t fully start because of that error. Work on fixing it (Let’s Encrypt support is built-in, in case you want to use it) and try again.

Alternatively test using the default self-signed certificate, and take it from there.

Thanks, yes I was having issues with the nginx service, but I got it running (and it’s serving rocket.chat successfully.) I’ll google around for a bit, but I have no clue how to do the second thing.

For rocket.chat, they had me modify the /etc/nginx/sites-enabled/default file and specify a ssl server with all its variables defined (like which key to use.) I don’t know how to do that in this case though.

Another thing, somehow when i deleted /opt/jitsi-meet-cfg and ran docker-compose up -d, it wasn’t regenerated. That was my best guess based on the docker-compose.yml volumes entry for the web container. Lol, am I making things worse??

Thanks for all your help. No expectation for you to help me track this down to the end, but let me know if you have any more ideas. If we get this fixed I’m buying you a christmas present off your amazon wishlist.

Another thought, would it be any use to just kill and delete the images, pull the git and start from scratch? Would that be enough to clear everything and start troubleshooting from the top? Also, I don’t fully understand how Let’s Encrypt operates, but if I’ve already generated certificates for my domain with them, does that prevent jitsi’s Let’s Encrypt support from working?

Wait, you mean you modified the nginx config inside the Jitsi docker container? I don’t recommend that, since things are configured specifically for the Jitsi use-case.

Yes, the whole thing should have been regenerated. Do you need any errors in any of the containers?

You can renew it no problem. I think there is a limit on how many times per day / week it can be done though…

Wait, you mean you modified the nginx config inside the Jitsi docker container? I don’t recommend that, since things are configured specifically for the Jitsi use-case.

No fortunately. The only nginx file I modified existed before I started with jitsi. It’s located at /etc/nginx/sites-enabled/ and I thought was the default server configuration file for all nginx servers (I’m sure you could add other files that describe different servers and direct nginx to use the right one in the right situation)

This leads me to another question: would it be better if I used the docker image of nginx? Could that smooth things out and reduce some confusion around using two different dockerized systems both relying on nginx?

Yes, the whole thing should have been regenerated. Do you need any errors in any of the containers?

Here’s what docker ps gets me:

office@kca:~/docker-jitsi-meet$ docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS              PORTS                                              NAMES
e7d20443e6a0        rocketchat/hubot-rocketchat:latest   "/bin/sh -c 'node -e…"   40 hours ago        Up 9 seconds        0.0.0.0:3001->8080/tcp                             rocketchat_hubot_1
f621cda4f3f6        rocket.chat:latest                   "bash -c 'for i in `…"   40 hours ago        Up 25 hours         0.0.0.0:3000->3000/tcp                             rocketchat_rocketchat_1
3054c268b020        jitsi/jvb                            "/init"                  2 days ago          Up 21 hours         0.0.0.0:4443->4443/tcp, 0.0.0.0:10000->10000/udp   docker-jitsi-meet_jvb_1
15f9edb06861        jitsi/jicofo                         "/init"                  5 days ago          Up 21 hours                                                            docker-jitsi-meet_jicofo_1
658781f16a09        jitsi/web                            "/init"                  5 days ago          Up 21 hours         0.0.0.0:8000->80/tcp, 0.0.0.0:8443->443/tcp        docker-jitsi-meet_web_1
4bb92164d82a        jitsi/prosody                        "/init"                  5 days ago          Up 21 hours         5222/tcp, 5269/tcp, 5280/tcp, 5347/tcp             docker-jitsi-meet_prosody_1
40573359d4d3        mongo                                "docker-entrypoint.s…"   2 months ago        Up 25 hours         27017/tcp                                          rocketchat_mongo_1

I ran docker-compose again just before, so it looks like the containers are running… I can’t read the logs we looked at earlier because the cfg folder didn’t regenerate, lol.

You can renew it no problem. I think there is a limit on how many times per day / week it can be done though…

In that case, I can just keep trying it and see if the letsencrypt thing sorts itself out. Would that explain why the /etc/letsencrypt/.../fullchain.pem file is missing? I haven’t figured out how to use self-signed certs here yet.

I still am a little unclear, though: my understanding is that an error with letsencrypt would prevent me form accessing https://example.com:8443, but not http://example.com:8000. The fact that the connection is refused at http://example.com:8000 is the biggest mystery to me right now.

Also, this seems relevant, although I’m not sure what exactly to do with it: