Docker Jigasi SIP incoming and outgoing call not working when Internal Authentication is enabled

Hi All,

I have installed and configured jitsi docker setup on my private server. Everything works fine when Authentication is disabled. Web conf, SIP outgoing and Incoming all scenarios are working when authentication is disabled.

When i enable Internal Authentication. Conf room asks for username/password to login and web conf also works once user is authenticated.
but SIP outgoing and incoming is not working. I am sharing my configuration here. I even i tried setting below configurations but still i am not able to dial out SIP number nor i am able to receive incoming call. I have referred many jitsi community links and tried to replicate changes suggested by @damencho , @saghul and others. but i am still not able to get it working when Internal auth is enabled.

To Enable Local Auth,I changed this in .env file.
ENABLE_AUTH=1
AUTH_TYPE=internal

I have created my user using below command:-
prosodyctl --config /config/prosody.cfg.lua register user meet.jitsi password

I also see Jigasi user already created inside Prosody container. Jigasi dat file with same pwd as sip-communicator file.
-rw-r----- 1 prosody prosody 64 Apr 29 12:10 /config/data/auth%2emeet%2ejitsi/accounts/jigasi.dat

configuration in /root/.jitsi-meet-cfg/jigasi/sip-communicator.properties :-
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=xmpp.meet.jitsi
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true

org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.meet.jitsi
org.jitsi.jigasi.xmpp.acc.PASS=3de8f319a83737sgsgsa897edff8d2fe9
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true

net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc1.DOMAIN_BASE=meet.jitsi

I see below error in logs when auth is enabled.
Jigasi 2020-04-29 12:10:48.462 SEVERE: [86] impl.protocol.jabber.InfoRetreiver.retrieveDetails().369 Cannot load details for contact jigasi@auth.meet.jitsi : XMPPError: item-not-found - cancel

Do I need to create user jigasi@auth.meet.jitsi or jigasi in prosody container ? in which domain Jigasi user should be created (auth.meet.jitsi or meet.jitsi)?

I am still confused between this 2 user id and password configured in sip-communicator file.
1.
net.java.sip.communicator.impl.protocol.jabber.acc1.USER_ID=jigasi@auth.meet.jitsi
net.java.sip.communicator.impl.protocol.jabber.acc1.PASSWORD=M2RlOGYzMTlhOGRakdjd62rslYTg5N2VkZmY4ZDJmZTk=
2.
org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.meet.jitsi
org.jitsi.jigasi.xmpp.acc.PASS=3de8f319a83737sgsgsa897edff8d2fe9

also how changes are replicated inside jigasi container from /root/.jitsi-meet-cfg/jigasi/sip-communicator.properties file?
Can someone help me on this …

I don’t have an answer for you, but I’m in the same situation. Can I ask you how you chose to use USER_ID=jigasi@auth.meet.jitsi? And how did you find the password for that account to add to the config? Or did you manually create this account?

I cannot find any documentation on this. We have not had any luck getting Jigasi to work as it keeps asking for an “account” but doesn’t say what account.

Hi @BasilDane
password is in this configuration file.
/root/.jitsi-meet-cfg/jigasi/sip-communicator.properties

use the same password to create user in prosody container.

when you run ./gen-passwords.sh during installation, passwords for all users are generated.

This is where it gets really confusing. I ran a “find” on the entire server, there is no gen-passwords.sh file. The application was installed by apt-get as instructed by the Jitsi website. It seems there is an entirely different work-flow if you install from source. The instructions seem to be a mash of the two methods and they conflict with each other.

I’m not against starting over and building a new server from source if that’s what I have to do. Please advise?

@BasilDane
I am using docker version of Jitsi on centos. steps are written nicely and web conf works fine if you follow all instructions. SIP part also work fine until the auth is disabled.
If you enable auth, then you will have to figure out configurations from community posts…

https://github.com/jitsi/docker-jitsi-meet

I will let you know the config if i succeed in making SIP incoming call when auth is enabled.

It would be bad to have it run with no auth, but with a sip connection. Anyone could make sip calls on your server.

Hi Phil,
SIP incoming when Local auth enabled is working for me now. When you connect from web/app it will ask you to authenticate. But, when you dial in from SIP/Mobile, it doesn’t ask for password. But user needs to know room number when connecting through IVR.

Configurations required to make Local Auth work:

Auth Config in .env file :-
ENABLE_AUTH=1
AUTH_TYPE=internal

JIGASI configuration in /root/.jitsi-meet-cfg/jigasi/sip-communicator.properties :- :-
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.JITSI_MEET_ROOM_HEADER_NAME=X-Jitsi-Conference-Room
org.jitsi.jigasi.JVB_INVITE_TIMEOUT=600000
org.jitsi.jigasi.MUC_SERVICE_ADDRESS=muc.meet.jitsi

Create users in prosody container :-
Create Jigasi user in domain auth.meet.jitsi with password mentioned in .env file. (though jigasi user was already created, it was not working for me. so i have recreated it using below command)
prosodyctl --config /config/prosody.cfg.lua register jigasi auth.meet.jitsi password

Create other users in domain meet.jitsi with password you want to keep for them.
prosodyctl --config /config/prosody.cfg.lua register username meet.jitsi password

You need to restart or recreate the containers after doing these changes.

Please note that meet.jitsi ==> meet.yourdomain.com . Replace all occurrence of meet.jitsi with meet.yourdomain.com, if you are using your private domain.
you don’t need any additional configuration for subdomains like auth.meet.yourdomain.com and muc.meet.yourdomain.com .

1 Like