Docker CORS issue

I have a jitsi-docker server running in my local ip and everyone in my network can create/join room in that server in https://mylocalip:port but through http://mylocalip:port there is a issue with video/audio.

However now I tried to integrate it with another app running in my localhost/local_ip in another port in http and now I am getting the CORS problem that :

"Access to XMLHttpRequest at ‘https://192.168.0.150:8443/http-bind’ from origin ‘http://192.168.0.149:4200’ has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."

where https://192.168.0.150:8443/http-bind is the jitsi-docker server on another pc in same network and http://192.168.0.149:4200 is the angular app running in my pc and it uses " lib-jitsi-meet api " to create/join room in that server. here is the insight of the api:

 hosts: {
        domain: "192.168.0.150",
        muc: "conference.192.168.0.150",
        anonymousdomain: "192.168.0.150"
      },
      bosh: "https://192.168.0.150:8443/http-bind"

I cant use http for jitsi docker server as there is a issue with audio/video.
I also tried adding access control allow origin header with “*” in the server pc of the same network but same result.
is it possible to solve the problem? please help…
I am also planning to deploy this on real server pc recently with authorized certificate … so give me any suggestion if u have any…
Thanx in advance :heart:
@saghul @damencho

You may need to edit the global section of the prosody config and add cross_domain_bosh = true.

In the server side

  1. if I write this in web/nginx/meet.conf -> http-bind
add_header 'Access_Control_Allow_Origin' '*'

and add "cross_domain_bosh = true"

then the error is :

"Access to XMLHttpRequest at ‘https://192.168.0.150:8443/http-bind’ from origin ‘http://192.168.0.149:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header contains multiple values * * (double star) but only one is allowed."

  1. but if I just delete the add header and keep cross_domain_bosh=true then with late response :

"Access to XMLHttpRequest at ‘https://192.168.0.150:8443/http-bind’ from origin ‘http://192.168.0.149:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource."

  1. if I add nothing … neither add_header… nor cross_domain_bosh=true the error I posted in first in this thread

actually ehats going on? one time double * , * and another time no header ?
Thanx in advance :heart:
@saghul

After all this mess I tried using only my pc and http-8000 port (though there is audio/video problem,I just wanted to see it working). So,

  1. after seeing " No ‘Access-Control-Allow-Origin’ header is present on the requested resource. " I added the origin ip (http://192.168.0.149:4200)
  2. then it showed " Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response. " ok, I added the header -> content-type
  3. Now miraculasly it says ***" no access control allow origin is present ***…! :slight_smile:

Actually whats going on ( external API -> Docker ) …! Plz help… @saghul
Right now I am calling http://192.168.0.149:8000 (video server) through api from http://192.168.0.149:4200 (angular app)
in my config/web/nginx/meet.conf :

Thanx in advance :heart:

Nothing worked and After using “*” in access control allow origin I am facing :

zone-evergreen.js:2952 POST https://192.168.0.149:8443/http-bind 
net::ERR_CERT_AUTHORITY_INVALID

How can I atleast make it work locally (future - production) by allowing the video conferencing server (https://192.168.0.149:8443) be called from Angular app at http://localhost:4200 or http://192.168.0.149:4200 ? :slight_smile:

It is working fine enough with https://meet.jit.si be called from http://localhost:4200
is there a way to solve this by using self signed certificate or other easier way? or is this a isuue for client browser not a server issue?

If I buy certificate for subdomain like jitsi.mydomain.com (mydomain is already bought and up&running) then how can I use that certificate to configure https://192.168.0.149 -which is my public url for jitsi docker server at least in local network so that it wont show unauthorized while being called from angular app? (mine is shared ip)
@saghul @damencho @Boris_Grozev

I am really stuck badly and wanna get out of this. Thanx in advance for any kind of help :heart:

I suggest you setup a more production-like environment, if you can. Deploy the Jitsi setup on its own domain, with a proper cert. Then you’ll not run into weird issues due to certificates and you can concentrate on fixing the actual problem.

1 Like

Thanx for the reply…
my pb is, mine is a shared ip so I am not able to use my shared public ip for hosting. :cry:
I have no certificate right now bt I will buy one for *.mydomain.com where mydomain.com is already up & running on remote production (http) server.
now can u plz tell me how or where should I place that certificate or use so I can fix this to run it (docker jitsi server) locally atleast ?
as I am not experienced in this certificate issues I am finding it ambigious to set up the production like environment for docker jitsi server (with certificate and running locally atleast, so in future I will just host in remote server using their dedicated public ip)
Thanx in advance :heart:

Is it possible to use letsencrypt certificate if I use a free dns name for my local ip (as letsencrypt cant be used for bare ip)?
like fujitsi.ddns.net for 192.168.0.149 (from noip.com) and use http redirect to https in .env ?
then what would be the LETSENCRYPT_DOMAIN and PUBLIC_URL value for .env file?
Thanx

Alas no. But if you have a shared IP which has a domain name, you could create a CNAME DNS entry like: fujitsi.net, which points to thesharedthing.com. Then you can use let’s encrypt on your own domain.

1 Like

ok I will try but can u plz tell me while using docker why there is audio/video problem if I use HTTP instead of HTTPS ? it could just solve my problem for now :cry:
if I used

chrome://flags/#allow-insecure-localhost

so now if I use http://localhost/someroom it pass audio/video but if I use http://192.168.0.149 it refuse to pass audio/video :slight_smile:

TypeError: Cannot read property 'getUserMedia' of undefined

I need to use that local ip to connect with opthers in the same network, what should I do?

You need to use a trusted origin. localhost is trusted, but otherwise you MUST be on HTTPS.

ok :’( may I should just cry before issuing a certificate.

can u suggest? bcz I am afraid I will run into trouble too ,I am just desperate to see it working with docker and external api …! :slight_smile:
Thanx in advance for any help :heart:

even there is no audio/video in http but I wanted to run atleast from angular app at http://localhost:4200
but said no access control origin though I added it in meet.conf -> /http-bind :slight_smile:

why is that? Thanx in advance :heart:

Did you rebuild the container after changing that?

1 Like

Yes… I did every possible thing came to my mind…
I added access control origin to /http-bind then it showed no access control header. I added that and then again no access control allow origin. … I just couldnt find the reason behind this :slight_smile: