CONFERENCE FAILED: conference.focusDisconnected focus.jitsi.doma.in

Whenever I try to join a room in my instance, even if it’s just me, I’m getting this:

Output from logs doesn’t help either:

Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: BOSH body open (sid: 3c5c1b26-ad85-46c3-a114-f8b0f646aa9a)
Aug 03 16:53:10 doma.in prosody[25370]: bosh3c5c1b26-ad85-46c3-a114-f8b0f646aa9a: rid: 276465202, sess: 276465201, diff: 1
Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: BOSH stanza received: <iq id='21c1d805-aefc-412b-a3a9-c8e5c8a6c784:sendIQ' to='focus.jitsi.doma.in' type='set'>
Aug 03 16:53:10 doma.in prosody[25370]: bosh3c5c1b26-ad85-46c3-a114-f8b0f646aa9a: Received[c2s]: <iq id='21c1d805-aefc-412b-a3a9-c8e5c8a6c784:sendIQ' to='focus.jitsi.doma.in' type='set'>
Aug 03 16:53:10 doma.in prosody[25370]: focus.jitsi.doma.in:client_proxy: received stanza from c2s session
Aug 03 16:53:10 doma.in prosody[25370]: focus.jitsi.doma.in:client_proxy: stanza to target: name = iq, type = set
Aug 03 16:53:10 doma.in prosody[25370]: focus.jitsi.doma.in:client_proxy: no sessions to send to!
Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: We have an open request, so sending on that
Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: Request destroyed: table: 0x55c144ed5670
Aug 03 16:53:10 doma.in prosody[25370]: socket: server.lua: closed client handler and removed socket from list
Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: Session 3c5c1b26-ad85-46c3-a114-f8b0f646aa9a has 1 out of 1 requests open
Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: and there are 0 things in the send_buffer:
Aug 03 16:53:10 doma.in prosody[25370]: mod_bosh: Have nothing to say, so leaving request unanswered for now

nothing from jicofo or jitsi videobridge?

I have literally no clue what’s happening. I fixed this a while ago (don’t remember how), changed ABSOLUTELY NOTHING since then, and now it’s not working. ???

jicofo config:

# Jitsi Conference Focus settings
# sets the host name of the XMPP server
JICOFO_HOST=jicofo.doma.in

# sets the XMPP domain (default: none)
JICOFO_HOSTNAME=jitsi.doma.in

# sets the XMPP domain name to use for XMPP user logins
JICOFO_AUTH_DOMAIN=auth.jitsi.doma.in

# sets the username to use for XMPP user logins
JICOFO_AUTH_USER=focus

# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=secret1

# extra options to pass to the jicofo daemon
JICOFO_OPTS="--secret='secret1' --user-password='secret3'"

# adds java system props that are passed to jicofo (default are for home and logging config file)
JAVA_SYS_PROPS="-Dconfig.file=/etc/jitsi/jicofo/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"

jicofo.conf:

ofo {
  // Authentication with external services
  authentication {
    enabled = false
    // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
    type = SHIBBOLETH

    // The pattern of authentication URL. See ShibbolethAuthAuthority for more information.
    # login-url =

    # logout-url =

    authentication-lifetime = 24 hours
    enable-auto-login = true
  }
  // Configuration related to jitsi-videobridge
  bridge {
    // The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum).
    max-bridge-participants = -1
    // The assumed maximum packet rate that a bridge can handle.
    max-bridge-packet-rate = 50000
    // The assumed average packet rate per participant.
    average-participant-packet-rate-pps = 500
    // The default assumed average stress per participant. This value is only used when a bridge does not report its
    // own value.
    average-participant-stress = 0.01
    // The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating
    // a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints
    // in the last [participant-rampup-time] multiplied by [average-participant-stress].
    participant-rampup-interval = 20 seconds
    // The stress level above which a bridge is considered overstressed.
    stress-threshold = 0.8
    // The amount of to wait before retrying using a failed bridge.
    failure-reset-threshold = 1 minute
    // The bridge selection strategy. The built-in strategies are:
    // SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo).
    // SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing).
    // RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use
    //    Octo for geo-location).
    // IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for
    //    load balancing).
    //
    // Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations.
    selection-strategy = SingleBridgeSelectionStrategy
    health-checks {
      // Whether jicofo should perform periodic health checks to the connected bridges.
      enabled = true
      // The interval at which to perform health checks.
      interval = 10 seconds
      // When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This
      // configures the delay between the original health check timing out and the second health check being sent.
      // It is a duration and defaults to half the [interval].
      # retry-delay = 5 seconds
    }

    // The JID of the MUC to be used as a brewery for bridge instances.
    # brewery-jid = jvbbrewery@example.com

    // The XMPP connection to use to communicate with Jitsi Videobridge instances.
    // Either `Client` or `Service` (case-sensitive). See the corresponding XMPP connection configuration under `xmpp`.
    // Note that if no separate Service connection has been configured, all services will automatically use the
    // Client connection.
    xmpp-connection-name = Service
  }
  // Configure the codecs and RTP extensions to be used in the offer sent to clients.
  codec {
    video {
      vp8 {
        enabled = true
        pt = 100
        // Payload type for the associated RTX stream. Set to -1 to disable RTX.
        rtx-pt = 96
        enable-remb = true
      }
      vp9 {
        enabled = true
        pt = 101
        // Payload type for the associated RTX stream. Set to -1 to disable RTX.
        rtx-pt = 97
        enable-remb = true
      }
      h264 {
        enabled = true
        pt = 107
        // Payload type for the associated RTX stream. Set to -1 to disable RTX.
        rtx-pt = 99
        enable-remb = true
      }
    }

    audio {
      isac-16000 {
        enabled = true
        pt = 103
      }
      isac-32000 {
        enabled = true
        pt = 104
      }
      opus {
        enabled = true
        pt = 111
        minptime = 10
        use-inband-fec = true
        red {
          enabled = false
          pt = 112
        }
      }
      telephone-event {
        enabled = true
        pt = 126
      }
    }

    // RTP header extensions
    rtp-extensions {
      audio-level {
        enabled = true
        id = 1
      }
      tof {
        // TOF is currently disabled, because we don't support it in the bridge
        // (and currently clients seem to not use it when abs-send-time is
        // available).
        enabled = false
        id = 2
      }
      abs-send-time {
        enabled = true
        id = 3
      }
      rid {
        enabled = false
        id = 4
      }
      tcc {
        enabled = true
        id = 5
      }
      video-content-type {
        enabled = false
        id = 7
      }
      framemarking {
        enabled = false
        id = 9
      }
    }
  }

  conference {
    // Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to
    // the next in line when the current owner leaves).
    enable-auto-owner = true

    // How long to wait for the initial participant in a conference.
    initial-timeout = 15 seconds

    // Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary
    // workaround for an issue with signaling endpoints for Octo.
    inject-ssrc-for-recv-only-endpoints = true

    max-ssrcs-per-user = 20

    // How long a participant's media session will be kept alive once it remains the only participant in the room.
    single-participant-timeout = 20 seconds

    // The minimum number of participants required for the conference to be started.
    min-participants = 2

    // Experimental.
    enable-lip-sync = false

    shared-document {
      // If `true` the shared document uses a random name. Otherwise, it uses the conference name.
      use-random-name = false
    }
  }

  // Configuration for the internal health checks performed by jicofo.
  health {
    // Whether to perform health checks.
    enabled = false

    // The interval between health checks. If set to 0, periodic health checks will not be performed.
    interval = 10 seconds

    # The timeout for a health check
    timeout = 30 seconds

    # If performing a health check takes longer than this, it is considered unsuccessful.
    max-check-duration = 20 seconds

    # The prefix to use when creating MUC rooms for the purpose of health checks.
    room-name-prefix = "__jicofo-health-check"
  }

  jibri {
    // The JID of the MUC to be used as a brewery for jibri instances for streaming.
    # brewery-jid = "jibribrewery@example.com"

    // How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries.
    num-retries = 5

    // How long to wait for Jibri to start recording from the time it accepts a START request.
    pending-timeout = 90 seconds

    // The XMPP connection to use to communicate with Jibri instances. Either `Client` or `Service` (case-sensitive).
    // See the corresponding XMPP connection configuration under `xmpp`.
    // Note that if no separate Service connection has been configured, all services will automatically use the
    // Client connection.
    xmpp-connection-name = Client
  }

  jibri-sip {
    // The JID of the MUC to be used as a brewery for jibri instances for SIP.
    # brewery-jid = "jibrisipbrewery@example.com"
  }

  jigasi {
    // The JID of the MUC to be used as a brewery for jigasi instances.
    # brewery-jid = "jigasibrewery@example.com"

    // The XMPP connection to use to communicate with Jigasi instances. Either `Client` or `Service` (case-sensitive).
    // See the corresponding XMPP connection configuration under `xmpp`.
    // Note that if no separate Service connection has been configured, all services will automatically use the
    // Client connection.
    xmpp-connection-name = Client
  }

  // The region in which the machine is running.
  #local-region="us-east-1"

  octo {
    // Whether or not to use Octo. Note that when enabled, its use will be determined by
    // $jicofo.bridge.selection-strategy. There's a corresponding flag in the JVB and these
    // two MUST be in sync (otherwise bridges will crash because they won't know how to
    // deal with octo channels).
    enabled = false

    // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
    // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
    #id = 1234
  }

  rest {
    port = 8889
    tls-port = 8843
  }

  sctp {
    // Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is
    // enabled in the per-conference configuration).
    enabled = true
  }

  xmpp {
    // The separate XMPP connection used for communication with clients (endpoints).
    client {
      enabled = true
      hostname = "localhost"
      port = 5222
      domain = "auth.jitsi.doma.in"
      username = "focus"
      password = "secret3"

      // How long to wait for a response to a stanza before giving up.
      reply-timeout = 15 seconds

      // The JID/domain of the MUC service used for conferencing.
      # conference-muc-jid = conference.example.com

      // A flag to suppress the TLS certificate verification.
      disable-certificate-verification = false

      // The JID of the mod_client_proxy component if used. It will be trusted to encode the JID of the original
      // sender in the resource part of the JID.
      client-proxy = focus.jitsi.doma.in

      // Use TLS between Jicofo and the XMPP server
      // Only disable this if your xmpp connection is on loopback!
      use-tls = true
    }
    // The separate XMPP connection used for internal services (currently only jitsi-videobridge).
    service {
      enabled = false
      hostname = "localhost"
      port = 6222
      #domain =
      #username =
      #password =

      // How long to wait for a response to a stanza before giving up.
      reply-timeout = 15 seconds

      // A flag to suppress the TLS certificate verification.
      disable-certificate-verification = false

      // Use TLS between Jicofo and the XMPP server
      // Only disable this if your xmpp connection is on loopback!
      use-tls = true
    }
  }
}

jicofo sip-communicator.properties:

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.doma.in
org.jitsi.jicofo.auth.URL=XMPP:jitsi.doma.in
org.jitsi.jicofo.PING_INTERVAL=1
org.jitsi.jicofo.PING_THRESHOLD=3
org.jitsi.jicofo.PING_TIMEOUT=1

jvb config:

# Jitsi Videobridge settings

# sets the XMPP domain (default: none)
JVB_HOSTNAME=jitsi.doma.in

# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
JVB_HOST=jitsi-videobridge.jitsi.doma.in

# sets the port of the XMPP server (default: 5275)
JVB_PORT=5347

# sets the shared secret used to authenticate to the XMPP server
JVB_SECRET=secret2

# extra options to pass to the JVB daemon
JVB_OPTS="--apis=xmpp,rest"


# adds java system props that are passed to jvb (default are for home and logging config file)
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties"

jvb sip-communicator.properties:

org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.jitsi.doma.in/.*
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=se.rv.er.ip
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=se.rv.er.ip
#org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
#org.jitsi.videobridge.ENABLE_STATISTICS=true
#org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.doma.in

prosody.cfg.lua:

--Important for systemd
-- daemonize is important for systemd. if you set this to false the systemd startup will freeze.
daemonize = true
pidfile = "/run/prosody/prosody.pid"

-- Prosody Example Configuration File
--
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running this command:
--     prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
-- blanks. Good luck, and happy Jabbering!


---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }

-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
--use_libevent = true

-- Prosody will always look in its source directory for modules, but
-- this option allows you to specify additional locations where Prosody
-- will look for modules first. For community modules, see https://modules.prosody.im/
plugin_paths = {"/usr/lib/prosody/modules-enabled"}

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery

	-- Not essential, but recommended
		"carbons"; -- Keep multiple clients in sync
		"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"blocklist"; -- Allow users to block communications with other users
		"vcard4"; -- User profiles (stored in PEP)
		"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
		"limits"; -- Enable bandwidth limiting for XMPP connections

	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		"register"; -- Allow users to register on this server using a client and change passwords
		--"mam"; -- Store messages in an archive and allow users to access it
		--"csi_simple"; -- Simple Mobile optimizations

	-- Admin interfaces
		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582

	-- HTTP modules
		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		--"websocket"; -- XMPP over WebSockets
		--"http_files"; -- Serve static files from a directory over HTTP

	-- Other specific functionality
		--"groups"; -- Shared roster support
		--"server_contact_info"; -- Publish contact information for this service
		--"announce"; -- Send announcement to all online users
		--"welcome"; -- Welcome users who register accounts
		--"watchregistrations"; -- Alert admins of registrations
		--"motd"; -- Send a message to users when they log in
		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
		"listusers";
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
	-- "offline"; -- Store offline messages
	-- "c2s"; -- Handle client connections
	-- "s2s"; -- Handle server-to-server connections
	-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = true

-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.

s2s_require_encryption = true

-- Force certificate authentication for server-to-server connections?

s2s_secure_auth = false

-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.

--s2s_insecure_domains = { "insecure.example" }

-- Even if you disable s2s_secure_auth, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Enable rate limits for incoming client and server connections

limits = {
  c2s = {
    rate = "10kb/s";
  };
  s2sin = {
    rate = "30kb/s";
  };
}

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.

authentication = "internal_hashed"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

https_ports = { };

--storage = "sql" -- Default is "internal"

-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }


-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.

archive_expires_after = "1w" -- Remove archived messages after 1 week

-- You can also configure messages to be stored in-memory only. For more
-- archiving options, see https://prosody.im/doc/modules/mod_mam

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
	debug = "*syslog"; -- Change 'info' to 'debug' for verbose logging
	error = "*syslog";
	info = "*syslog"; -- Uncomment this for logging to syslog
	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
}

-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
-- statistics = "internal"

-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates

-- Location of directory to find certificates in (relative to main config file):
certificates = "/var/lib/prosody"

-- HTTPS currently only supports a single certificate, specify it here:
--https_certificate = "/etc/prosody/certs/localhost.crt"

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

-- VirtualHost "localhost"

--VirtualHost "example.com"
--	certificate = "/path/to/example.crt"

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.example.com:
--Component "conference.example.com" "muc"
--- Store MUC messages in an archive and allow users to access it
--modules_enabled = { "muc_mam" }

---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
--	component_secret = "password"
--
include "/etc/prosody/conf.d/*"

jitsi conf.d file:

VirtualHost "jitsi.doma.in"
	authentication = "anonymous"
	ssl = {
		key = "/var/lib/prosody/jitsi.doma.in.key";
		certificate = "/var/lib/prosody/jitsi.doma.in.crt";
	}
	modules_enabled={
		"bosh";
		"pubsub";
		"ping";
	}
	c2s_require_encryption = false
	consider_bosh_secure = false
	admins = { "focus@auth.jitsi.doma.in" }

VirtualHost "auth.jitsi.doma.in"
	ssl = {
		key = "/var/lib/prosody/auth.jitsi.doma.in.key";
		certificate = "/var/lib/prosody/auth.jitsi.doma.in.crt";
	}
	authentication = "internal_hashed"
	admins = { "focus@auth.jitsi.doma.in" }

Component "conference.jitsi.doma.in" "muc"
Component "jitsi-videobridge.jitsi.doma.in" "client_proxy"
	component_secret = "secret2"
Component "focus.jitsi.doma.in" "client_proxy"
	target_address = "focus@auth.jitsi.doma.in"
	component_secret = "secret1"

your trace says ‘focus error’. ‘Focus’ is the name used by the Jitsi project to refer to Jicofo (to confuse naive users I think). So provide the Jicofo log instead of the Prosody one. Possibly Jicofo stopped so trying to restart it could help (if this is the case it’s necessary to understand why of course)