Docker CORS issue

I have a jitsi-docker server running in my local ip and everyone in my network can create/join room in that server in https://mylocalip:port but through http://mylocalip:port there is a issue with video/audio.

However now I tried to integrate it with another app running in my localhost/local_ip in another port in http and now I am getting the CORS problem that :

"Access to XMLHttpRequest at ‘https://192.168.0.150:8443/http-bind’ from origin ‘http://192.168.0.149:4200’ has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."

where https://192.168.0.150:8443/http-bind is the jitsi-docker server on another pc in same network and http://192.168.0.149:4200 is the angular app running in my pc and it uses " lib-jitsi-meet api " to create/join room in that server. here is the insight of the api:

 hosts: {
        domain: "192.168.0.150",
        muc: "conference.192.168.0.150",
        anonymousdomain: "192.168.0.150"
      },
      bosh: "https://192.168.0.150:8443/http-bind"

I cant use http for jitsi docker server as there is a issue with audio/video.
I also tried adding access control allow origin header with “*” in the server pc of the same network but same result.
is it possible to solve the problem? please help…
I am also planning to deploy this on real server pc recently with authorized certificate … so give me any suggestion if u have any…
Thanx in advance :heart:
@saghul @damencho

You may need to edit the global section of the prosody config and add cross_domain_bosh = true.

In the server side

  1. if I write this in web/nginx/meet.conf -> http-bind
add_header 'Access_Control_Allow_Origin' '*'

and add "cross_domain_bosh = true"

then the error is :

"Access to XMLHttpRequest at ‘https://192.168.0.150:8443/http-bind’ from origin ‘http://192.168.0.149:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header contains multiple values * * (double star) but only one is allowed."

  1. but if I just delete the add header and keep cross_domain_bosh=true then with late response :

"Access to XMLHttpRequest at ‘https://192.168.0.150:8443/http-bind’ from origin ‘http://192.168.0.149:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource."

  1. if I add nothing … neither add_header… nor cross_domain_bosh=true the error I posted in first in this thread

actually ehats going on? one time double * , * and another time no header ?
Thanx in advance :heart:
@saghul

After all this mess I tried using only my pc and http-8000 port (though there is audio/video problem,I just wanted to see it working). So,

  1. after seeing " No ‘Access-Control-Allow-Origin’ header is present on the requested resource. " I added the origin ip (http://192.168.0.149:4200)
  2. then it showed " Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response. " ok, I added the header -> content-type
  3. Now miraculasly it says ***" no access control allow origin is present ***…! :slight_smile:

Actually whats going on ( external API -> Docker ) …! Plz help… @saghul
Right now I am calling http://192.168.0.149:8000 (video server) through api from http://192.168.0.149:4200 (angular app)
in my config/web/nginx/meet.conf :

Thanx in advance :heart:

Nothing worked and After using “*” in access control allow origin I am facing :

zone-evergreen.js:2952 POST https://192.168.0.149:8443/http-bind 
net::ERR_CERT_AUTHORITY_INVALID

How can I atleast make it work locally (future - production) by allowing the video conferencing server (https://192.168.0.149:8443) be called from Angular app at http://localhost:4200 or http://192.168.0.149:4200 ? :slight_smile:

It is working fine enough with https://meet.jit.si be called from http://localhost:4200
is there a way to solve this by using self signed certificate or other easier way? or is this a isuue for client browser not a server issue?

If I buy certificate for subdomain like jitsi.mydomain.com (mydomain is already bought and up&running) then how can I use that certificate to configure https://192.168.0.149 -which is my public url for jitsi docker server at least in local network so that it wont show unauthorized while being called from angular app? (mine is shared ip)
@saghul @damencho @Boris_Grozev

I am really stuck badly and wanna get out of this. Thanx in advance for any kind of help :heart:

I suggest you setup a more production-like environment, if you can. Deploy the Jitsi setup on its own domain, with a proper cert. Then you’ll not run into weird issues due to certificates and you can concentrate on fixing the actual problem.

1 Like

Thanx for the reply…
my pb is, mine is a shared ip so I am not able to use my shared public ip for hosting. :cry:
I have no certificate right now bt I will buy one for *.mydomain.com where mydomain.com is already up & running on remote production (http) server.
now can u plz tell me how or where should I place that certificate or use so I can fix this to run it (docker jitsi server) locally atleast ?
as I am not experienced in this certificate issues I am finding it ambigious to set up the production like environment for docker jitsi server (with certificate and running locally atleast, so in future I will just host in remote server using their dedicated public ip)
Thanx in advance :heart:

Is it possible to use letsencrypt certificate if I use a free dns name for my local ip (as letsencrypt cant be used for bare ip)?
like fujitsi.ddns.net for 192.168.0.149 (from noip.com) and use http redirect to https in .env ?
then what would be the LETSENCRYPT_DOMAIN and PUBLIC_URL value for .env file?
Thanx

Alas no. But if you have a shared IP which has a domain name, you could create a CNAME DNS entry like: fujitsi.net, which points to thesharedthing.com. Then you can use let’s encrypt on your own domain.

1 Like

ok I will try but can u plz tell me while using docker why there is audio/video problem if I use HTTP instead of HTTPS ? it could just solve my problem for now :cry:
if I used

chrome://flags/#allow-insecure-localhost

so now if I use http://localhost/someroom it pass audio/video but if I use http://192.168.0.149 it refuse to pass audio/video :slight_smile:

TypeError: Cannot read property 'getUserMedia' of undefined

I need to use that local ip to connect with opthers in the same network, what should I do?

You need to use a trusted origin. localhost is trusted, but otherwise you MUST be on HTTPS.

ok :’( may I should just cry before issuing a certificate.

can u suggest? bcz I am afraid I will run into trouble too ,I am just desperate to see it working with docker and external api …! :slight_smile:
Thanx in advance for any help :heart:

even there is no audio/video in http but I wanted to run atleast from angular app at http://localhost:4200
but said no access control origin though I added it in meet.conf -> /http-bind :slight_smile:

why is that? Thanx in advance :heart:

Did you rebuild the container after changing that?

1 Like

Yes… I did every possible thing came to my mind…
I added access control origin to /http-bind then it showed no access control header. I added that and then again no access control allow origin. … I just couldnt find the reason behind this :slight_smile:

Something does seem awry, as I’m on https with a trusted cert. After making a single call to the connect() method of the JitsiMeetJS.JitsiConnection object and looking at the network tab, it seems to be making multiple requests (retrying?) but failing every other one with the following error:

No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

And indeed, the header is missing on every other request…



 
 

Is this a bug or just something I don’t understand?

:confused:

(@damencho, any ideas here?)

Hi, I am not facing this issue anymore… I am also using trusted certificate and had to do changes in the lib-jitsi-meet api… are u creating room through api calling in docker server? if so then can I see the ‘hosts’(domain,muc,anonymousdomain,bosh) object in ur api…? u can message me if u don’t wanna disclose… Thanx

Thanks very much for your prompt reply and willingness to help!

The only thing I’ve done so far is make a single call to the JitsiMeetJS.JitsiConnection.connect() method. I haven’t yet created a room. If I could just get a successful connection, I think I’d be on my way.

Yeah… but which server are u trying to connect I meant… like https://meet.jit.si or your own deployed server… and is that using docker ?

Yes indeed, I’m using docker with my own server.