Docker - Jitsi Meet - Secure Domain Issues

I’m using the docker-compose approach… cross posted here from a GitHub issue… might have a bigger audience…!

Having followed the docs for deployment of secure domain with internal authentication.

The only changes I’ve really made to the .env file are as follows :

HTTP_PORT=80
HTTPS_PORT=443
PUBLIC_URL="https://video.fqdn.live" << with corresponding lets encrypt enabled
DOCKER_HOST_ADDRESS=167.172*****
ENABLE_AUTH=1
ENABLE_GUESTS=1
AUTH_TYPE=internal

Then I’ve run

docker-compose exec prosody /bin/bash
prosodyctl --config /config/prosody.cfg.lua register username meet.jitsi passsword

Then headed to video.fqdn.live/test, which was working without auth, and hit the “Password Required” dialog.

I’ve tried

username:password
username@meet.jitsi:password

So far no joy, console shows :

CONNECTION FAILED: connection.passwordRequired

Prosody logs show :

prosody_1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
prosody_1  | [s6-init] ensuring user provided files have correct perms...exited 0.
prosody_1  | [fix-attrs.d] applying ownership & permissions fixes...
prosody_1  | [fix-attrs.d] done.
prosody_1  | [cont-init.d] executing container initialization scripts...
prosody_1  | [cont-init.d] 01-set-timezone: executing... 
prosody_1  | [cont-init.d] 01-set-timezone: exited 0.
prosody_1  | [cont-init.d] 10-config: executing... 
prosody_1  | Adding user `prosody' to group `sasl' ...
prosody_1  | Adding user prosody to group sasl
prosody_1  | Done.
prosody_1  | mv: cannot stat '/config/data/*.crt': No such file or directory
prosody_1  | mv: cannot stat '/config/data/*.key': No such file or directory
prosody_1  | [cont-init.d] 10-config: exited 0.
prosody_1  | [cont-init.d] done.
prosody_1  | [services.d] starting services
prosody_1  | saslauthd[222] :num_procs  : 5
prosody_1  | saslauthd[222] :mech_option: /etc/saslauthd.conf
prosody_1  | saslauthd[222] :run_path   : /var/run/saslauthd
prosody_1  | saslauthd[222] :auth_mech  : ldap
prosody_1  | saslauthd[222] :mmaped shared memory segment on file: /var/run/saslauthd/cache.mmap
prosody_1  | saslauthd[222] :bucket size: 96 bytes
prosody_1  | saslauthd[222] :stats size : 36 bytes
prosody_1  | saslauthd[222] :timeout    : 28800 seconds
prosody_1  | saslauthd[222] :cache table: 985828 total bytes
prosody_1  | saslauthd[222] :cache table: 1711 slots
prosody_1  | saslauthd[222] :cache table: 10266 buckets
prosody_1  | saslauthd[222] :flock file opened at /var/run/saslauthd/cache.flock
prosody_1  | saslauthd[222] :using accept lock file: /var/run/saslauthd/mux.accept
prosody_1  | saslauthd[222] :master pid is: 0
prosody_1  | saslauthd[222] :listening on socket: /var/run/saslauthd/mux
prosody_1  | saslauthd[222] :using process model
prosody_1  | saslauthd[222] :forked child: 230
prosody_1  | saslauthd[222] :forked child: 231
prosody_1  | saslauthd[222] :forked child: 232
prosody_1  | saslauthd[222] :forked child: 233
prosody_1  | saslauthd[222] :acquired accept lock
prosody_1  | [services.d] done.
prosody_1  | startup             info	Hello and welcome to Prosody version 0.11.2
prosody_1  | startup             info	Prosody is using the select backend for connection handling
prosody_1  | portmanager         info	Activated service 's2s' on [*]:5269, [::]:5269
prosody_1  | portmanager         info	Activated service 'c2s' on [*]:5222, [::]:5222
prosody_1  | portmanager         info	Activated service 'legacy_ssl' on no ports
prosody_1  | portmanager         info	Activated service 'component' on [*]:5347
prosody_1  | portmanager         info	Activated service 'http' on [*]:5280, [::]:5280
prosody_1  | portmanager         info	Activated service 'https' on no ports
prosody_1  | c2s5611048f4df0     info	Client connected
prosody_1  | jcp5611047ad660     info	Incoming Jabber component connection
prosody_1  | focus.meet.jitsi:component  info	External component successfully authenticated
prosody_1  | c2s5611048f4df0             info	Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
prosody_1  | c2s5611048f4df0             info	Authenticated as focus@auth.meet.jitsi
prosody_1  | c2s56110471e430             info	Client connected
prosody_1  | c2s56110471e430             info	Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
prosody_1  | c2s56110471e430             info	Authenticated as jvb@auth.meet.jitsi
prosody_1  | mod_bosh                    info	New BOSH session, assigned it sid '386d8b53-bdd4-4c71-958b-6b536063a536'
prosody_1  | bosh386d8b53-bdd4-4c71-958b-6b536063a536  info	BOSH client disconnected: session close
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '67229459-8e39-47b9-893c-aa37620182f6'
prosody_1  | bosh67229459-8e39-47b9-893c-aa37620182f6  info	BOSH client disconnected: session close
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '646da148-b0ed-4f03-b988-2fc292594959'
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '2aec370f-a005-466b-b01a-e7c3e0536ee0'
prosody_1  | bosh2aec370f-a005-466b-b01a-e7c3e0536ee0  info	BOSH client disconnected: session close
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid 'ab8bb850-1b78-4064-9a27-ae2f42b4a8ec'
prosody_1  | boshab8bb850-1b78-4064-9a27-ae2f42b4a8ec  info	BOSH client disconnected: session close
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '7e81b464-8d6a-424e-b0b2-8fbc0cbe114d'
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid 'f77471d7-6da4-4fbd-893f-437459402c07'
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '20b448cf-507e-4996-a1e6-b699b7164b1c'
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '9b92f186-a023-482d-bd04-bf13a36ecd44'
prosody_1  | mod_bosh                                  info	New BOSH session, assigned it sid '0de371df-9a85-41f6-abab-45d78493b290'

The thing that looks a bit out of place here is the

mv: cannot stat '/config/data/*.crt': No such file or directory
prosody_1  | mv: cannot stat '/config/data/*.key': No such file or directory

which is assuming is a script failing somewhere.
I’ve rebuilt the docker images and volumes a few times, wiped the config folder etc

Any help appreciated. 🤷‍♂

1 Like

I’ve observed exactly the same issue. Also did some attempts to fix it following the instructions available on https://github.com/jitsi/jicofo#secure-domain but the docker setup seems prevent it to work properly. It’s more interesting to have an configuration example for a secured domain rather than a fully opened one :wink:

hey there, did one of you have any luck fixing this?