Disconnection error since adding token config


#1

Hi, I have installed jitsi-meet on a Ubuntu 18.04 server. I used the quick install, then followed thesecure domain setup, then configured token authentication.

When I connect to a room using a valid token I get a message saying ‘you have been disconnected’. I could connect fine prior to setting up token authentication:

Here’s the console output:

> Logger.js:125 [JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>:  UnhandledError: null Script: null Line: null Column: null StackTrace:  Error: Strophe: Server did not offer a supported authentication mechanism
>     at Object.i.Strophe.log (strophe.util.js:89)
>     at Object.error (strophe.js:2083)
>     at s.Connection._no_auth_received (strophe.js:3851)
>     at s.Connection._connect_cb (strophe.js:3940)
>     at e.Bosh._onRequestStateChange (strophe.js:5559)
> Logger.js:125 [modules/xmpp/strophe.util.js] <Object.i.Strophe.log>:  Strophe: Server did not offer a supported authentication mechanism
> Logger.js:125 [connection.js] <n.l>:  CONNECTION FAILED: connection.otherError
> Logger.js:125 [react/features/base/connection/actions.web.js] <>:  connection.otherError

(detailed output here: https://pastebin.com/RNvDhHKN)

prosody log:

Sep 25 05:13:58 meet.example.org:bosh   info    New BOSH session, assigned it sid '9b076da9-fb72-4f87-bda1-de152206a760'
Sep 25 05:13:58 bosh9b076da9-fb72-4f87-bda1-de152206a760        warn    No available SASL mechanisms, verify that the configured authentication module is working

My prosody config file:

-- Prosody XMPP Server Configuration
--
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running this command:
--     prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- Good luck, and happy Jabbering!


---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }

-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
--use_libevent = true

-- Prosody will always look in its source directory for modules, but
-- this option allows you to specify additional locations where Prosody
-- will look for modules first. For community modules, see https://modules.prosody.im/
--plugin_paths = {}

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

        -- Generally required
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery

        -- Not essential, but recommended
                "carbons"; -- Keep multiple clients in sync
                "pep"; -- Enables users to publish their mood, activity, playing music and more
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "blocklist"; -- Allow users to block communications with other users
                "vcard"; -- Allow users to set vCards

        -- Nice to have
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "register"; -- Allow users to register on this server using a client and change passwords
                --"mam"; -- Store messages in an archive and allow users to access it

        -- Admin interfaces
                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
                --"admin_telnet"; -- Opens telnet console interface on localhost port 5582

        -- HTTP modules
                --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
                --"websocket"; -- XMPP over WebSockets
                --"http_files"; -- Serve static files from a directory over HTTP

        -- Other specific functionality
                --"limits"; -- Enable bandwidth limiting for XMPP connections
                --"groups"; -- Shared roster support
                --"server_contact_info"; -- Publish contact information for this service
                --"announce"; -- Send announcement to all online users
                --"welcome"; -- Welcome users who register accounts
                --"watchregistrations"; -- Alert admins of registrations
                --"motd"; -- Send a message to users when they log in
                --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
                --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
        -- "offline"; -- Store offline messages
        -- "c2s"; -- Handle client connections
        -- "s2s"; -- Handle server-to-server connections
        -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = true

-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.
-- Note that this is different from authentication

s2s_require_encryption = true


-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see https://prosody.im/doc/s2s#security

s2s_secure_auth = false

-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.

--s2s_insecure_domains = { "insecure.example" }

-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.

authentication = "internal_hashed"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

--storage = "sql" -- Default is "internal"

-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }


-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.

archive_expires_after = "1w" -- Remove archived messages after 1 week

-- You can also configure messages to be stored in-memory only. For more
-- archiving options, see https://prosody.im/doc/modules/mod_mam

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
        info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
        error = "/var/log/prosody/prosody.err";
        -- "*syslog"; -- Uncomment this for logging to syslog
        -- "*console"; -- Log to the console, useful for debugging with daemonize=false
}

-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
-- statistics = "internal"

-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates

-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

VirtualHost "localhost"

--VirtualHost "example.com"
--      certificate = "/path/to/example.crt"

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.example.com:
--Component "conference.example.com" "muc"

---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
--      component_secret = "password"

Include "conf.d/*.cfg.lua"
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

My /etc/prosody/conf.avail/meet.example.org.cfg.lua file:
– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

VirtualHost "meet.example.org"
        -- enabled = false -- Remove this line to enable this host
        authentication = "token";
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        app_id="cilmeetapp";             -- application identifier
        app_secret="<mysecret>";      -- application secret known only to your token
                                                                           -- generator and the plugin
        allow_empty_token = false;             -- tokens are verified only if they are supplied by the client

        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/meet.example.org.key";
                certificate = "/etc/prosody/certs/meet.example.org.crt";
        }
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

        c2s_require_encryption = false

Component "conference.meet.example.org" "muc"
    modules_enabled = { "token_verification" }
    admins = { "admin@example.org" }

Component "jitsi-videobridge.meet.example.org"
    component_secret = "yLbfEeSv"

VirtualHost "auth.meet.example.org"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.example.org.key";
        certificate = "/etc/prosody/certs/auth.meet.example.org.crt";
    }
    authentication = "internal_plain"

Component "focus.meet.example.org"
    component_secret = "Q1HDmqoL"

VirtualHost "guest.meet.example.org"
    authentication = "token"
    c2s_require_encryption = false

Let me know if any other files or logs are needed and thanks in advance for your help!


#2

Add to your main prosody config consider_bosh_secure = true;, restart prosody and try again. Does this fixes it?


#3

No,still goes straight to disconnected.


#4

And again the response is “Server did not offer a supported authentication mechanism”. What is the prosody version that you use?


#5

Can you also check for errors in prosody logs on restart?


#6

I installed prosody-trunk_1nightly977-1~bionic_amd64.deb as perhttps://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md

I can try a different version if that helps?

Still getting this in console:

Logger.js:125 [JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>:  UnhandledError: null Script: null Line: null Column: null StackTrace:  Error: Strophe: Server did not offer a supported authentication mechanism
    at Object.i.Strophe.log (strophe.util.js:89)
    at Object.error (strophe.js:2083)
    at s.Connection._no_auth_received (strophe.js:3851)
    at s.Connection._connect_cb (strophe.js:3940)
    at e.Bosh._onRequestStateChange (strophe.js:5559)
Logger.js:125 [modules/xmpp/strophe.util.js] <Object.i.Strophe.log>:  Strophe: Server did not offer a supported authentication mechanism
Logger.js:125 [connection.js] <n.l>:  CONNECTION FAILED: connection.otherError
Logger.js:125 [react/features/base/connection/actions.web.js] <>:  connection.otherError

prosody.log

Sep 25 17:26:02 startup info    Hello and welcome to Prosody version trunk nightly build 977 (2018-09-22, 368b092bf4bf)
Sep 25 17:26:02 startup info    Prosody is using the select backend for connection handling
Sep 25 17:26:02 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269
Sep 25 17:26:02 modulemanager   error   Error initializing module 'token_verification' on 'conference.meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/util/startup.lua:136: in function 'require'
        .../share/jitsi-meet/prosody-plugins/token/util.lib.lua:7: in main chunk
        (tail call): ?
        ...itsi-meet/prosody-plugins/mod_token_verification.lua:24: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:186: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:264: in function 'load'
        /usr/lib/prosody/core/modulemanager.lua:86: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:327: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:548: in function 'f'
        /usr/lib/prosody/util/async.lua:138: in function 'func'
        /usr/lib/prosody/util/async.lua:126: in function </usr/lib/prosody/util/async.lua:124>
Sep 25 17:26:02 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222
Sep 25 17:26:02 portmanager     info    Activated service 'legacy_ssl' on no ports
Sep 25 17:26:02 mod_posix       info    Prosody is about to detach from the console, disabling further console output
Sep 25 17:26:02 mod_posix       info    Successfully daemonized to PID 13549
Sep 25 17:26:02 modulemanager   error   Error initializing module 'auth_token' on 'meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/util/startup.lua:136: in function 'require'
        .../share/jitsi-meet/prosody-plugins/token/util.lib.lua:7: in main chunk
        (tail call): ?
        .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:8: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:186: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:264: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:67: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:327: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:548: in function 'f'
        /usr/lib/prosody/util/async.lua:138: in function 'func'
        /usr/lib/prosody/util/async.lua:126: in function </usr/lib/prosody/util/async.lua:124>
Sep 25 17:26:02 portmanager     info    Activated service 'http' on [::]:5280, [*]:5280
Sep 25 17:26:02 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 25 17:26:02 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 25 17:26:02 portmanager     info    Activated service 'https' on no ports
Sep 25 17:26:02 portmanager     info    Activated service 'component' on [127.0.0.1]:5347, [::1]:5347
Sep 25 17:26:02 modulemanager   error   Error initializing module 'auth_token' on 'guest.meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/util/startup.lua:136: in function 'require'
        .../share/jitsi-meet/prosody-plugins/token/util.lib.lua:7: in main chunk
        (tail call): ?
        .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:8: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:186: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:264: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:67: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:327: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:548: in function 'f'
        /usr/lib/prosody/util/async.lua:138: in function 'func'
        /usr/lib/prosody/util/async.lua:126: in function </usr/lib/prosody/util/async.lua:124>
Sep 25 17:26:02 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
Sep 25 17:26:02 localhost:tls   error   Error creating context for c2s: error loading private key (Permission denied)
Sep 25 17:26:02 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Sep 25 17:26:02 localhost:tls   error   Error creating contexts for s2sout: error loading private key (system lib)
Sep 25 17:26:02 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Sep 25 17:26:02 localhost:tls   error   Error creating contexts for s2sin: error loading private key (system lib)
Sep 25 17:26:37 meet.example.org:bosh   info    New BOSH session, assigned it sid 'c454e841-c1cb-40b8-abc0-6253df67937a'
Sep 25 17:26:37 boshc454e841-c1cb-40b8-abc0-6253df67937a        warn    No available SASL mechanisms, verify that the configured authentication module is working
Sep 25 17:27:11 meet.example.org:bosh   info    New BOSH session, assigned it sid 'f2b2e97a-bc74-43e9-ad9b-312bc3259af3'
Sep 25 17:27:11 boshf2b2e97a-bc74-43e9-ad9b-312bc3259af3        warn    No available SASL mechanisms, verify that the configured authentication module is working
Sep 25 17:27:30 meet.example.org:bosh   info    New BOSH session, assigned it sid '7a618f0c-40fd-455a-868c-2f8ecd6d0d6b'
Sep 25 17:27:30 bosh7a618f0c-40fd-455a-868c-2f8ecd6d0d6b        warn    No available SASL mechanisms, verify that the configured authentication module is working
Sep 25 17:27:48 meet.example.org:bosh   info    New BOSH session, assigned it sid 'b198d9c4-a9d3-487d-9145-7e5eae098093'
Sep 25 17:27:48 boshb198d9c4-a9d3-487d-9145-7e5eae098093        warn    No available SASL mechanisms, verify that the configured authentication module is working

prosody.err

Sep 25 17:26:02 modulemanager   error   Error initializing module 'token_verification' on 'conference.meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/util/startup.lua:136: in function 'require'
        .../share/jitsi-meet/prosody-plugins/token/util.lib.lua:7: in main chunk
        (tail call): ?
        ...itsi-meet/prosody-plugins/mod_token_verification.lua:24: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:186: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:264: in function 'load'
        /usr/lib/prosody/core/modulemanager.lua:86: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:327: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:548: in function 'f'
        /usr/lib/prosody/util/async.lua:138: in function 'func'
        /usr/lib/prosody/util/async.lua:126: in function </usr/lib/prosody/util/async.lua:124>
Sep 25 17:26:02 modulemanager   error   Error initializing module 'auth_token' on 'meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/util/startup.lua:136: in function 'require'
        .../share/jitsi-meet/prosody-plugins/token/util.lib.lua:7: in main chunk
        (tail call): ?
        .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:8: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:186: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:264: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:67: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:327: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:548: in function 'f'
        /usr/lib/prosody/util/async.lua:138: in function 'func'
        /usr/lib/prosody/util/async.lua:126: in function </usr/lib/prosody/util/async.lua:124>
Sep 25 17:26:02 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 25 17:26:02 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Sep 25 17:26:02 modulemanager   error   Error initializing module 'auth_token' on 'guest.meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/util/startup.lua:136: in function 'require'
        .../share/jitsi-meet/prosody-plugins/token/util.lib.lua:7: in main chunk
        (tail call): ?
        .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:8: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:186: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:264: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:67: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:327: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:548: in function 'f'
        /usr/lib/prosody/util/async.lua:138: in function 'func'
        /usr/lib/prosody/util/async.lua:126: in function </usr/lib/prosody/util/async.lua:124>
Sep 25 17:26:02 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
Sep 25 17:26:02 localhost:tls   error   Error creating context for c2s: error loading private key (Permission denied)
Sep 25 17:26:02 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Sep 25 17:26:02 localhost:tls   error   Error creating contexts for s2sout: error loading private key (system lib)
Sep 25 17:26:02 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Sep 25 17:26:02 localhost:tls   error   Error creating contexts for s2sin: error loading private key (system lib)

(note: I’m replacing the domain name with example.org in the output above).


#7

Yep, it is not loading.

Error initializing module 'token_verification' on 'conference.meet.example.org': /usr/lib/prosody/util/startup.lua:136: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
You need to install that, not sure how did you manage to install jitsi-meet-tokens package as it should fail if that step fails: https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-tokens.postinst#L63

I would suggest using trunk version 747, but you can still try 977, but both will not work without luajwtjitsi.


#8
$ sudo apt-get install luarocks
Reading package lists... Done
Building dependency tree
Reading state information... Done
luarocks is already the newest version (2.4.2+dfsg-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

#9

Installed 947 - same problem


#10

I could spin up another server and try again. Should I do the secure domain setup after quick install, or just go straight to token authentication next?


#11

What about luarocks install luajwtjitsi?
About the versions I mean 747 not 947.


#12
$ sudo luarocks install luajwtjitsi
Installing https://luarocks.org/luajwtjitsi-1.3-7.rockspec
Missing dependencies for luajwtjitsi 1.3-7:
   luacrypto >= 0.3.2-1 (not installed)
   lua-cjson >= 2.1.0 (not installed)
   lbase64 >= 20120807-3 (not installed)

followed by loads of errors as luarocks

So, ran luarocks install lbase64 andapt-get install lua-json fine. And then…

$ sudo luarocks install luacrypto
Installing https://luarocks.org/luacrypto-0.3.2-2.src.rock
gcc -O2 -fPIC -I/usr/include/lua5.1 -c src/lcrypto.c -o src/lcrypto.o -I/usr/include
src/lcrypto.c: In function ‘digest_pnew’:
src/lcrypto.c:81:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX {aka struct evp_md_ctx_st}’
     EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX));
                                                             ^~~~~~~~~~
src/lcrypto.c: In function ‘digest_reset’:
src/lcrypto.c:120:10: warning: implicit declaration of function ‘EVP_MD_CTX_cleanup’; did you mean ‘EVP_MD_CTX_create’? [-Wimplicit-function-declaration]
     if (!EVP_MD_CTX_cleanup(c))
          ^~~~~~~~~~~~~~~~~~
          EVP_MD_CTX_create
src/lcrypto.c: In function ‘encrypt_pnew’:
src/lcrypto.c:331:69: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
     EVP_CIPHER_CTX *c = (EVP_CIPHER_CTX *)lua_newuserdata(L, sizeof(EVP_CIPHER_CTX));
                                                                     ^~~~~~~~~~~~~~
src/lcrypto.c: In function ‘encrypt_fencrypt’:
src/lcrypto.c:425:20: error: storage size of ‘c’ isn’t known
     EVP_CIPHER_CTX c;
                    ^
src/lcrypto.c: In function ‘decrypt_pnew’:
src/lcrypto.c:470:69: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
     EVP_CIPHER_CTX *c = (EVP_CIPHER_CTX *)lua_newuserdata(L, sizeof(EVP_CIPHER_CTX));
                                                                     ^~~~~~~~~~~~~~
src/lcrypto.c: In function ‘decrypt_fdecrypt’:
src/lcrypto.c:561:20: error: storage size of ‘c’ isn’t known
     EVP_CIPHER_CTX c;
                    ^
src/lcrypto.c: In function ‘hmac_pnew’:
src/lcrypto.c:604:57: error: invalid application of ‘sizeof’ to incomplete type ‘HMAC_CTX {aka struct hmac_ctx_st}’
     HMAC_CTX *c = (HMAC_CTX *)lua_newuserdata(L, sizeof(HMAC_CTX));
                                                         ^~~~~~~~
src/lcrypto.c: In function ‘hmac_fnew’:
src/lcrypto.c:621:5: warning: implicit declaration of function ‘HMAC_CTX_init’; did you mean ‘HMAC_CTX_new’? [-Wimplicit-function-declaration]
     HMAC_CTX_init(c);
     ^~~~~~~~~~~~~
     HMAC_CTX_new
src/lcrypto.c: In function ‘hmac_clone’:
src/lcrypto.c:631:5: error: dereferencing pointer to incomplete type ‘HMAC_CTX {aka struct hmac_ctx_st}’
     *d = *c;
     ^~
src/lcrypto.c: In function ‘hmac_gc’:
src/lcrypto.c:697:5: warning: implicit declaration of function ‘HMAC_CTX_cleanup’; did you mean ‘HMAC_CTX_get_md’? [-Wimplicit-function-declaration]
     HMAC_CTX_cleanup(c);
     ^~~~~~~~~~~~~~~~
     HMAC_CTX_get_md
src/lcrypto.c: In function ‘hmac_fdigest’:
src/lcrypto.c:711:14: error: storage size of ‘c’ isn’t known
     HMAC_CTX c;
              ^
src/lcrypto.c: In function ‘sign_pnew’:
src/lcrypto.c:747:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX {aka struct evp_md_ctx_st}’
     EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX));
                                                             ^~~~~~~~~~
src/lcrypto.c: In function ‘sign_fsign’:
src/lcrypto.c:828:20: error: storage size of ‘c’ isn’t known
         EVP_MD_CTX c;
                    ^
src/lcrypto.c: In function ‘verify_pnew’:
src/lcrypto.c:857:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX {aka struct evp_md_ctx_st}’
     EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX));
                                                             ^~~~~~~~~~
src/lcrypto.c: In function ‘verify_fverify’:
src/lcrypto.c:940:20: error: storage size of ‘c’ isn’t known
         EVP_MD_CTX c;
                    ^
src/lcrypto.c: In function ‘rand_pseudo_bytes’:
src/lcrypto.c:992:5: warning: ‘RAND_pseudo_bytes’ is deprecated [-Wdeprecated-declarations]
     return rand_do_bytes(L, RAND_pseudo_bytes);
     ^~~~~~
In file included from /usr/include/openssl/hmac.h:13:0,
                 from src/lcrypto.c:9:
/usr/include/openssl/rand.h:47:1: note: declared here
 DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
 ^
src/lcrypto.c: In function ‘pkey_generate’:
src/lcrypto.c:1064:9: warning: ‘RSA_generate_key’ is deprecated [-Wdeprecated-declarations]
         RSA *rsa = RSA_generate_key(key_len, RSA_F4, NULL, NULL);
         ^~~
In file included from /usr/include/openssl/rsa.h:13:0,
                 from src/lcrypto.c:11:
/usr/include/openssl/rsa.h:193:1: note: declared here
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
 ^
src/lcrypto.c:1074:9: warning: ‘DSA_generate_parameters’ is deprecated [-Wdeprecated-declarations]
         DSA *dsa = DSA_generate_parameters(key_len, NULL, 0, NULL, NULL, NULL, NULL);
         ^~~
In file included from /usr/include/openssl/dh.h:13:0,
                 from /usr/include/openssl/dsa.h:31,
                 from src/lcrypto.c:12:
/usr/include/openssl/dsa.h:122:1: note: declared here
 DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
 ^
src/lcrypto.c: In function ‘pkey_to_pem’:
src/lcrypto.c:1164:27: error: dereferencing pointer to incomplete type ‘struct evp_pkey_st’
     if (private && pkey_st->type == EVP_PKEY_DSA)
                           ^~
src/lcrypto.c: In function ‘pkey_tostring’:
src/lcrypto.c:1277:60: error: dereferencing pointer to incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
     sprintf(buf, "%s %s %d %p", LUACRYPTO_PKEYNAME, (*pkey)->type == EVP_PKEY_DSA ? "DSA" : "RSA", EVP_PKEY_bits(*pkey), pkey);
                                                            ^~
src/lcrypto.c: In function ‘seal_pnew’:
src/lcrypto.c:1299:46: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
     c->ctx = (EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX));
                                              ^~~~~~~~~~~~~~
In file included from src/lcrypto.c:8:0:
src/lcrypto.c: In function ‘seal_tostring’:
src/lcrypto.c:1320:81: error: dereferencing pointer to incomplete type ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
     sprintf(s, "%s %p %s", LUACRYPTO_SEALNAME, (void *)c, EVP_CIPHER_name(c->ctx->cipher));
                                                                                 ^
src/lcrypto.c: In function ‘seal_fseal’:
src/lcrypto.c:1400:20: error: storage size of ‘ctx’ isn’t known
     EVP_CIPHER_CTX ctx;
                    ^~~
src/lcrypto.c: In function ‘open_pnew’:
src/lcrypto.c:1483:46: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
     c->ctx = (EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX));
                                              ^~~~~~~~~~~~~~
src/lcrypto.c: In function ‘open_fopen’:
src/lcrypto.c:1602:20: error: storage size of ‘ctx’ isn’t known
     EVP_CIPHER_CTX ctx;
                    ^~~

Error: Build error: Failed compiling object src/lcrypto.o

#13

same error on all versions of luacrypto. Google around seems to be related to Ubuntu 18.04 with no obvious fix.


#14

I see, I will give it a try these days, I suppose it is because of the new openssl, but maybe I’m wrong.


#15

By the way meet.jit.si is with bionic and has this successfully installed.

luacrypto
   0.3.2-2 (installed)
lua-cjson
   2.1.0.6-1 (installed)
lbase64
   20120820-1 (installed)
luajwtjitsi
   1.3-7 (installed)

#16

Do you have libssl-dev installed?


#17

Yes, libdev-ssl is installed:
libssl-dev is already the newest version (1.1.0g-2ubuntu4.1).


#18

so the question is how did luacrypto get build and installed on meet.jit.si as I’m also running bionic?


#19

sudo apt-get install libssl1.0-dev
(uninstalls jitsi-meet-tokens though)
then
sudo luarocks install luacrypto
luacrypto successfully compiles
sudo apt-get install jitsi-meet-tokens
then installs successfully, not complaints about luacrypto

And now it appears to work (I get an orange ‘authentication failed’ bar bottom right, but that’s probably a badly formed token - need to play with tokens again).

Thanks for your help with this - the worry is I had to downgrade to libssl-dev to do this… and I’m sure the latest version will be more secure.


#20

Hmmm, I think my token is correct, but it’s not authenticating? Linked to the older version of libssl-dev?

Header

{
  "alg": "HS256",
  "typ": "JWT"
 }

Payload

 {
  "context": {
    "user": {
      "avatar": "<url>",
      "name": "Matt Testing",
      "email": "matt@example.org",
      "id": "1",
    }
  },
  "aud": "mymeetapp",
  "iss": "mymeetapp",
  "sub": "meet.example.org",
  "room": "testroom",
  "exp": 1538308800
}