Docker Swarm SASL Error on JVB

I’m starting from the docker-compose file on the github repo. https://github.com/jitsi/docker-jitsi-meet/blob/master/docker-compose.yml

My modified docker compose file is:

version: '3'

services:
    # Frontend
    web:
        image: jitsi/web:latest
        restart: ${RESTART_POLICY}
        ports:
            - '${HTTP_PORT}:80'
            - '${HTTPS_PORT}:443'
        volumes:
            - web:/config:Z
            - letsencrypt:/etc/letsencrypt:Z
            - transcripts:/usr/share/jitsi-meet/transcripts:Z
            - config:/root/.jitsi-meet-cfg
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - ETHERPAD_PUBLIC_URL
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING
        networks:
            meet_jitsi:
                aliases:
                    - ${XMPP_DOMAIN}
        deploy:
           placement:
             constraints:
               - node.role == worker        


    # XMPP server
    prosody:
        image: jitsi/prosody:latest
        restart: ${RESTART_POLICY}
#        expose:
#            - '5222'
#            - '5347'
#            - '5280'
        volumes:
            - prosody-config:/config:Z
            - prosody-plugins-custom:/prosody-plugins-custom:Z
            - config:/root/.jitsi-meet-cfg
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LOBBY
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            meet_jitsi:
                aliases:
                    - ${XMPP_SERVER}
        deploy:
           placement:
              constraints:
                 - node.role == worker        

    # Focus component
    jicofo:
        image: jitsi/jicofo:latest
        restart: ${RESTART_POLICY}
        volumes:
            - jicofo:/config:Z
            - config:/root/.jitsi-meet-cfg
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIGASI_SIP_URI
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            meet_jitsi:
        deploy:
            placement:
               constraints:
                  - node.role == worker

    # Video bridge
    jvb:
        image: jitsi/jvb:latest
        restart: ${RESTART_POLICY}
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
            - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
        volumes:
            - jvb:/config:Z
            - config:/root/.jitsi-meet-cfg
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            meet_jitsi:
        deploy:
            placement:
               constraints:
                  - node.role == worker        

# Custom network so all services can communicate using a FQDN
networks:
    meet_jitsi:
       driver: overlay
    
volumes:
  web:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/web
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs
  letsencrypt:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/letsencrypt
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs
  transcripts:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/transcripts
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs
  prosody-config:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/prosody-config
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs
  prosody-plugins-custom:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/prosody-plugins-custom
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs
  jicofo:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/jicofo
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs
  jvb:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi/jvb
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs        
  config:
    driver: local
    driver_opts:
      device: :/DockerDisks/jitsi
      o: addr=icebox.atl.zombielinux.org,rw,vers=4
      type: nfs  

And I’ve pared down the env.example to the following:

RESTART_POLICY=unless-stopped
TZ=America/New_York
HTTP_PORT=31770
HTTPS_PORT=31771
XMPP_DOMAIN=meet.jitsi
XMPP_SERVER=xmpp.meet.jitsi
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
XMPP_AUTH_DOMAIN=auth.meet.jitsi
XMPP_MUC_DOMAIN=muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN=guest.meet.jitsi
XMPP_MODULES=
XMPP_MUC_MODULES=
XMPP_INTERNAL_MUC_MODULES=
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
JVB_PORT=10000
JVB_TCP_PORT=4443
JVB_AUTH_PASSWORD=b20cbbb5d95bfe20ea0faaa18bdf0c51
JVB_BREWERY_MUC=jvbbrewery
JVB_AUTH_USER=jvb
JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_MAPPED_PORT=4443
JICOFO_AUTH_USER=focus
JICOFO_COMPONENT_SECRET=a2300b54f129d9b28f4a9bc141a94e0d
JICOFO_AUTH_PASSWORD=c57fc93b51682ce9c18007d6c24fd50e
JIGASI_XMPP_USER=jigasi
JIGASI_BREWERY_MUC=jigasibrewery
JIGASI_PORT_MIN=20000
JIGASI_PORT_MAX=20050
JIGASI_XMPP_PASSWORD=c03732177566585b11883a73fa5ee215
JIBRI_RECORDER_PASSWORD=aa7b39de408cdaac7324a904ad8945df
JIBRI_XMPP_PASSWORD=e77fe2f68120d17063ac44b15ede0a22
JIBRI_RECORDER_USER=recorder
JIBRI_RECORDING_DIR=/config/recordings
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
JIBRI_XMPP_USER=jibri
JIBRI_BREWERY_MUC=jibribrewery
JIBRI_PENDING_TIMEOUT=90
JIBRI_STRIP_DOMAIN_JID=muc
JIBRI_LOGS_DIR=/config/logs
CONFIG=/root/.jitsi-meet-cfg

Since then, I’ve been getting a SASL error in my “jvb” container that states

SEVERE: org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized

I found this post: Help regarding failing docker-based setup which seems similar, but have not been able to decipher how to affect the changes. The author seems to be using a snap package on ubuntu, where I’m running docker raw (and managing with Portainer)

I run a multi-node docker swarm with an external storage backend for the persistent volumes.

Any time I make a change to the environments list, I am sure to run
for i in $(ls /foo/bar/jitsi); do rm -rf $i/*; done
In order to fully purge the config.

I have found in my configuration the Jicofo and JVB auth users were not created within prosody and had to be created manually using the generated passwords script on the github repo.

I am still having the “Unfortunately, something went wrong” error with only two members in the chat. I’ve tried the solutions offered in all the big threads to no avail.