Getting Bad Gateway error behind NGINX

Hello,

I’ve installed jitsi and am able to connect to it via my URL. However, I get no audio and video and the Chrome console logs display this error.

I’m fairly new at all of this, so let me know whichever configuration files I can provide to better solve the problem.

I’m running Ubuntu 20.04
Port 4445 on TCP is opened
Port 4446, 10000 on UDP is opened

Check out prosody logs for errors. Nginx proxies bosh to prosody and 502 happens if prosody returns an error processing the request.

prosody wasn’t started, so I attempted to start it and this is what printed. The instructions for jitsi didn’t mention any configuration that I can recall for prosody though so I don’t know what to configure for the SSL error it’s talking about if that is the issue. Howeve,r when I start it as you can see it immediately shuts down.

prosody.log

Jun 15 15:42:49 startup info    Hello and welcome to Prosody version 0.11.4
Jun 15 15:42:49 startup info    Prosody is using the select backend for connection handling
Jun 15 15:42:49 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host conference.<my domain>!
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host internal.auth.<my domain>!
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host localhost!
Jun 15 15:42:49 mod_posix       error   Couldn't write pidfile at /run/prosody/prosody.pid; /run/prosody/prosody.pid: No such file or directory
Jun 15 15:42:49 startup info    Shutting down: Couldn't write pidfile
Jun 15 15:42:49 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222
Jun 15 15:42:49 portmanager     info    Activated service 'legacy_ssl' on no ports
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host speakerstats.<my domain>!
Jun 15 15:42:49 general info    Starting speakerstats for conference.<my domain>
Jun 15 15:42:49 speakerstats.<my domain>:speakerstats_component      info    Hook to muc events on conference.<my domain>
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host conferenceduration.<my domain>!
Jun 15 15:42:49 general info    Starting conference duration timer for conference.<my domain>
Jun 15 15:42:49 conferenceduration.<my domain>:conference_duration_component info    Hook to muc events on conference.<my domain>
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host <my domain>!
Jun 15 15:42:49 portmanager     info    Activated service 'http' on [::]:5280, [*]:5280
Jun 15 15:42:49 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Jun 15 15:42:49 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Jun 15 15:42:49 portmanager     info    Activated service 'https' on no ports
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host auth.<my domain>!
Jun 15 15:42:49 conference.<my domain>:muc_domain_mapper     info    Loading mod_muc_domain_mapper for host focus.<my domain>!
Jun 15 15:42:49 portmanager     info    Activated service 'component' on [127.0.0.1]:5347, [::1]:5347
Jun 15 15:42:49 general info    Shutting down...
Jun 15 15:42:49 general info    Shutdown status: Cleaning up
Jun 15 15:42:49 general info    Shutdown complete

prosody.err

Jun 15 15:42:49 mod_posix       error   Couldn't write pidfile at /run/prosody/prosody.pid; /run/prosody/prosody.pid: No such file or directory
Jun 15 15:42:49 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Jun 15 15:42:49 portmanager     error   Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281

Here is my nginx server configuration for <my domain>

server {
    listen 80;
    listen [::]:80;
    server_name <my domain>;

    location ^~ /.well-known/acme-challenge/ {
       default_type "text/plain";
       root         /usr/share/jitsi-meet;
    }
    location / {
       return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name <my domain>;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

    add_header Strict-Transport-Security "max-age=31536000";

    ssl_certificate <path to cert>.pem;
    ssl_certificate_key <path to cert key>.pem;

    root /usr/share/jitsi-meet;

    # ssi on with javascript for multidomain variables in config.js
    ssi on;
    ssi_types application/x-javascript application/javascript;

    index index.html index.htm;
    error_page 404 /static/404.html;

    gzip on;
    gzip_types text/plain text/css application/javascript application/json;
    gzip_vary on;

    location = /config.js {
        alias /etc/jitsi/meet/<my domain>-config.js;
    }

    location = /external_api.js {
        alias /usr/share/jitsi-meet/libs/external_api.min.js;
    }

    #ensure all static content can always be found first
    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
    {
        add_header 'Access-Control-Allow-Origin' '*';
        alias /usr/share/jitsi-meet/$1/$2;
    }

    # BOSH
    location = /http-bind {
        proxy_pass      http://localhost:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

    # xmpp websockets
    location = /xmpp-websocket {
        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }

    location ~ ^/([^/?&:'"]+)$ {
        try_files $uri @root_path;
    }

    location @root_path {
        rewrite ^/(.*)$ / break;
    }

    location ~ ^/([^/?&:'"]+)/config.js$
    {
       set $subdomain "$1.";
       set $subdir "$1/";

       alias /etc/jitsi/meet/<my domain>-config.js;
    }

    #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
    location ~ ^/([^/?&:'"]+)/(.*)$ {
        set $subdomain "$1.";
        set $subdir "$1/";
        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
    }

    # BOSH for subdomains
    location ~ ^/([^/?&:'"]+)/http-bind {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";

        rewrite ^/(.*)$ /http-bind;
    }

    # websockets for subdomains
    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";

        rewrite ^/(.*)$ /xmpp-websocket;
    }
}