How to integrate keyclock based jwt authentication in jitsi

Hi,

I am struggling to integrate keyclock with jitsi in docker based installation. can anyone suggest how to do it. I am trying to verify user based on the token I get from keyclock but getting authentication failed error in xmpp server side.

This might help: GitHub - d3473r/jitsi-keycloak: Login to jitsi with keycloak https://hub.docker.com/r/d3473r/jitsi-keycloak

can we use prosody xmpp server in docker for authentication directly ?
if yes, than where and how I can pass keyclock’s url in .env file.

I don know if that’s possible.

what will be JWT_APP_SECRET in prosody if we are using keyclock ?
is it required to give signing key if we are using HS256 algorithm ?

or is it this secret we have to use ?

It’s the one you have to use. They have to match.

1 Like

Hi,
I would like to know what format prosody is expecting coz I am getting same errror “JWT Error :could not obtain public key” while I am trying JWT based authentication. below are some importatnt prosody configurations in docker -

JWT_APP_ID=VC-auth

allow_empty_token = false

Application secret known only to your token generator

JWT_APP_SECRET=TJIzMMw8V3f5lCzqnWqR9fpBJ7fxu6Ka

// public key server
JWT_ASAP_KEYSERVER = http://localhost:8089/Appointment/

// keycloak server
JWT_ACCEPTED_ISSUERS=http://localhost:8585/realms/VC

JWT_AUTH_TYPE=token

JWT_TOKEN_AUTH_MODULE=token_verification

here is my debugged JWT from jwt.io -
header –
{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “-QRFvY3DcgXqnMgJtBq6ynvh5G7gmbF4D4GIggT7GZg”
}

payload –
{
“exp”: 1659598174,
“iat”: 1659597874,
“auth_time”: 1659596828,
“jti”: “b88695a8-4c65-44e2-a77f-da214f8b78c6”,
“iss”: “http://localhost:8585/realms/VC”,
“aud”: “VC-auth”,
“sub”: “06d4016e-fc21-40ac-af84-c83dade84dff”,
“typ”: “Bearer”,
“azp”: “VC-auth”,
“nonce”: “07126d18-1240-4526-8cd5-be5dc6105e85”,
“session_state”: “35c4ec37-85d2-4404-90a6-0117ec6eb283”,
“acr”: “0”,
“allowed-origins”: [
https://127.0.0.1:8081
],
“realm_access”: {
“roles”: [
“Doctor”
]
},
“scope”: “openid email profile”,
“sid”: “35c4ec37-85d2-4404-90a6-0117ec6eb283”,
“email_verified”: true,
“nbf”: 0,
“context”: {
“user”: {
“moderator”: “true”,
“name”: “abhishek”,
“avatar”: “https://www.gravatar.com/avatar/72f52dea674e64c945298407f3f61886”,
“id”: “06d4016e-fc21-40ac-af84-c83dade84dff”,
“email”: “abhishek.vijayvargiya@gmail.com
}
},
“name”: “Abhishek Vijayvargiya”,
“preferred_username”: “abhishek”,
“given_name”: “Abhishek”,
“family_name”: “Vijayvargiya”,
“email”: “abhishek.vijayvargiya@gmail.com”,
“picture”: “https://www.gravatar.com/avatar/72f52dea674e64c945298407f3f61886”,
“room”: “*”
}

I am getting this result in postman while trying to get public key from keyserver -

I am not able to understand where I am doing it wrong.

Enable debug logging and you will see the url that is checked:

Sorry, but which debug logging to be enabled ?
If I am right, are you taking about debugger in vscode or browser ?

In prosody config /etc/prosody/prosody.cfg.lua

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
	info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
	error = "/var/log/prosody/prosody.err";
	-- "*syslog"; -- Uncomment this for logging to syslog
	-- "*console"; -- Log to the console, useful for debugging when running in the foreground
}

prosody_1 | c2s564d8a80c470 info Client connected
prosody_1 | meet.jitsi:auth_token warn Error on GET request: Code 0, Content Cannot assign requested address
prosody_1 | general warn Error verifying token err:not-allowed, reason:could not obtain public key

this is what I am getting in console.

Starting docker-jitsi-meet-stable-7287-2_web_1 … done
Starting docker-jitsi-meet-stable-7287-2_prosody_1 … done
Starting docker-jitsi-meet-stable-7287-2_jvb_1 … done
Starting docker-jitsi-meet-stable-7287-2_jicofo_1 … done
Attaching to docker-jitsi-meet-stable-7287-2_prosody_1, docker-jitsi-meet-stable-7287-2_web_1, docker-jitsi-meet-stable-7287-2_jicofo_1, docker-jitsi-meet-stable-7287-2_jvb_1
jicofo_1 | [s6-init] making user provided files available at /var/run/s6/etc…exited 0.
prosody_1 | [s6-init] making user provided files available at /var/run/s6/etc…exited 0.
jicofo_1 | [s6-init] ensuring user provided files have correct perms…exited 0.
web_1 | [s6-init] making user provided files available at /var/run/s6/etc…exited 0.
jicofo_1 | [fix-attrs.d] applying ownership & permissions fixes…
prosody_1 | [s6-init] ensuring user provided files have correct perms…exited 0.
jicofo_1 | [fix-attrs.d] done.
jicofo_1 | [cont-init.d] executing container initialization scripts…
prosody_1 | [fix-attrs.d] applying ownership & permissions fixes…
jicofo_1 | [cont-init.d] 01-set-timezone: executing…
jicofo_1 | [cont-init.d] 01-set-timezone: exited 0.
prosody_1 | [fix-attrs.d] done.
prosody_1 | [cont-init.d] executing container initialization scripts…
jicofo_1 | [cont-init.d] 10-config: executing…
jicofo_1 | [cont-init.d] 10-config: exited 0.
prosody_1 | [cont-init.d] 01-set-timezone: executing…
prosody_1 | [cont-init.d] 01-set-timezone: exited 0.
prosody_1 | [cont-init.d] 10-config: executing…
prosody_1 | mkdir: cannot create directory ‘/config/certs’: File exists
web_1 | [s6-init] ensuring user provided files have correct perms…exited 0.
web_1 | [fix-attrs.d] applying ownership & permissions fixes…
prosody_1 | The given hostname does not exist in the config
jicofo_1 | [cont-init.d] done.
prosody_1 | mv: cannot stat ‘/config/data/.crt’: No such file or directory
prosody_1 | mv: cannot stat '/config/data/
.key’: No such file or directory
jicofo_1 | [services.d] starting services
jicofo_1 | [services.d] done.
jicofo_1 | Jicofo 2022-08-07 12:02:00.362 INFO: [1] Main.main#49: Starting Jicofo.
jicofo_1 | Jicofo 2022-08-07 12:02:00.507 INFO: [1] JitsiConfig.#47: Initialized newConfig: merge of /config/jicofo.conf: 1,system properties,reference.conf @ jar:file:/usr/share/jicofo/jicofo.jar!/reference.conf: 1
web_1 | [fix-attrs.d] done.
jicofo_1 | Jicofo 2022-08-07 12:02:00.509 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#40: net.java.sip.communicator.SC_HOME_DIR_LOCATION not set
prosody_1 | [cont-init.d] 10-config: exited 0.
web_1 | [cont-init.d] executing container initialization scripts…
jicofo_1 | Jicofo 2022-08-07 12:02:00.510 INFO: [1] JitsiConfig.#68: Initialized legacyConfig: sip communicator props (no description provided)
jicofo_1 | Jicofo 2022-08-07 12:02:00.510 INFO: [1] JitsiConfig$Companion.reloadNewConfig#94: Reloading the Typesafe config source (previously reloaded 0 times).
prosody_1 | [cont-init.d] done.
web_1 | [cont-init.d] 01-set-timezone: executing…
web_1 | [cont-init.d] 01-set-timezone: exited 0.
web_1 | [cont-init.d] 10-config: executing…
web_1 | using keys found in /config/keys
web_1 | [cont-init.d] 10-config: exited 0.
web_1 | [cont-init.d] done.
web_1 | [services.d] starting services
web_1 | [services.d] done.
prosody_1 | [services.d] starting services
prosody_1 | [services.d] done.
prosody_1 | saslauthd[240] :num_procs : 5
prosody_1 | saslauthd[240] :mech_option: /etc/saslauthd.conf
prosody_1 | saslauthd[240] :run_path : /var/run/saslauthd
prosody_1 | saslauthd[240] :auth_mech : ldap
prosody_1 | saslauthd[240] :mmaped shared memory segment on file: /var/run/saslauthd/cache.mmap
prosody_1 | saslauthd[240] :bucket size: 96 bytes
prosody_1 | saslauthd[240] :stats size : 36 bytes
prosody_1 | saslauthd[240] :timeout : 28800 seconds
prosody_1 | saslauthd[240] :cache table: 985828 total bytes
prosody_1 | saslauthd[240] :cache table: 1711 slots
prosody_1 | saslauthd[240] :cache table: 10266 buckets
prosody_1 | saslauthd[240] :flock file opened at /var/run/saslauthd/cache.flock
prosody_1 | saslauthd[240] :using accept lock file: /var/run/saslauthd/mux.accept
prosody_1 | saslauthd[240] :master pid is: 0
prosody_1 | saslauthd[240] :listening on socket: /var/run/saslauthd/mux
prosody_1 | saslauthd[240] :using process model
prosody_1 | saslauthd[240] :forked child: 257
prosody_1 | saslauthd[257] :acquired accept lock
prosody_1 | saslauthd[240] :forked child: 258
prosody_1 | startup info Hello and welcome to Prosody version 0.12.1
prosody_1 | saslauthd[240] :forked child: 259
prosody_1 | saslauthd[240] :forked child: 260
prosody_1 | startup info Prosody is using the epoll backend for connection handling
prosody_1 | portmanager info Activated service ‘c2s’ on [::]:5222, []:5222
prosody_1 | portmanager info Activated service ‘c2s_direct_tls’ on no ports
prosody_1 | portmanager info Activated service ‘legacy_ssl’ on no ports
prosody_1 | portmanager info Activated service ‘http’ on [::]:5280, [
]:5280
prosody_1 | portmanager info Activated service ‘https’ on no ports
prosody_1 | meet.jitsi:http info Serving ‘websocket’ at http://meet.jitsi:5280/xmpp-websocket
prosody_1 | meet.jitsi:tls info Certificates loaded
prosody_1 | meet.jitsi:http info Serving ‘bosh’ at http://meet.jitsi:5280/http-bind
prosody_1 | internal-muc.meet.jitsi:tls info Certificates loaded
prosody_1 | general info Starting speakerstats for muc.meet.jitsi
prosody_1 | speakerstats.meet.jitsi:speakerstats_component info No muc component found, will listen for it: muc.meet.jitsi
prosody_1 | speakerstats.meet.jitsi:tls info Certificates loaded
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host meet.jitsi!
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host internal-muc.meet.jitsi!
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host breakout.meet.jitsi!
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host speakerstats.meet.jitsi!
prosody_1 | breakout.meet.jitsi:tls info Certificates loaded
prosody_1 | meet.jitsi:muc_breakout_rooms info Breakout rooms component created breakout.meet.jitsi
prosody_1 | meet.jitsi:muc_breakout_rooms info Hook to muc events on breakout.meet.jitsi
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host focus.meet.jitsi!
prosody_1 | focus.meet.jitsi:tls info Certificates loaded
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host lobby.meet.jitsi!
prosody_1 | meet.jitsi:muc_lobby_rooms info Lobby component loaded lobby.meet.jitsi
prosody_1 | lobby.meet.jitsi:tls info Certificates loaded
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host conferenceduration.meet.jitsi!
prosody_1 | general info Starting conference duration timer for muc.meet.jitsi
prosody_1 | conferenceduration.meet.jitsi:conference_duration_component info No muc component found, will listen for it: muc.meet.jitsi
prosody_1 | conferenceduration.meet.jitsi:tls info Certificates loaded
prosody_1 | avmoderation.meet.jitsi:av_moderation_component info Starting av_moderation for muc.meet.jitsi
prosody_1 | avmoderation.meet.jitsi:av_moderation_component info No muc component found, will listen for it: muc.meet.jitsi
prosody_1 | avmoderation.meet.jitsi:tls info Certificates loaded
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host avmoderation.meet.jitsi!
prosody_1 | auth.meet.jitsi:tls info Certificates loaded
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host auth.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host internal-muc.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host speakerstats.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host breakout.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host focus.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host lobby.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host muc.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host auth.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host conferenceduration.meet.jitsi!
prosody_1 | muc.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host avmoderation.meet.jitsi!
prosody_1 | muc.meet.jitsi:tls info Certificates loaded
prosody_1 | conferenceduration.meet.jitsi:conference_duration_component info Hook to muc events on muc.meet.jitsi
prosody_1 | breakout.meet.jitsi:muc_domain_mapper info Loading mod_muc_domain_mapper for host muc.meet.jitsi!
prosody_1 | avmoderation.meet.jitsi:av_moderation_component info Hook to muc events on muc.meet.jitsi
prosody_1 | meet.jitsi:muc_breakout_rooms info Hook to muc events on muc.meet.jitsi
prosody_1 | speakerstats.meet.jitsi:speakerstats_component info Hook to muc events on muc.meet.jitsi
jvb_1 | [s6-init] making user provided files available at /var/run/s6/etc…exited 0.
jvb_1 | [s6-init] ensuring user provided files have correct perms…exited 0.
jvb_1 | [fix-attrs.d] applying ownership & permissions fixes…
jvb_1 | [fix-attrs.d] done.
jvb_1 | [cont-init.d] executing container initialization scripts…
jvb_1 | [cont-init.d] 01-set-timezone: executing…
jvb_1 | [cont-init.d] 01-set-timezone: exited 0.
jvb_1 | [cont-init.d] 10-config: executing…
jvb_1 | [cont-init.d] 10-config: exited 0.
jvb_1 | [cont-init.d] done.
jvb_1 | [services.d] starting services
jvb_1 | [services.d] done.
jicofo_1 | Jicofo 2022-08-07 12:02:01.185 INFO: [1] JicofoServices.createAuthenticationAuthority#177: Starting authentication service with config=AuthConfig[enabled=true, type=JWT, loginUrl=meet.jitsi, logoutUrl=null, authenticationLifetime=PT24H, enableAutoLogin=true].
jicofo_1 | Jicofo 2022-08-07 12:02:01.195 INFO: [1] AbstractAuthAuthority.#109: Auto login disabled
jicofo_1 | Jicofo 2022-08-07 12:02:01.197 INFO: [1] AbstractAuthAuthority.#112: Authentication lifetime: PT1M
jicofo_1 | Jicofo 2022-08-07 12:02:01.288 WARNING: [1] [xmpp_connection=client] XmppProviderImpl.createXmppConnection#172: Disabling TLS certificate verification!
jicofo_1 | Jicofo 2022-08-07 12:02:01.417 INFO: [1] XmppServices.#48: No dedicated Service XMPP connection configured, re-using the client XMPP connection.
jicofo_1 | Jicofo 2022-08-07 12:02:01.422 INFO: [1] XmppServices.#63: No Jigasi detector configured.
jvb_1 | JVB 2022-08-07 12:02:01.393 INFO: [1] JitsiConfig.#47: Initialized newConfig: merge of /config/jvb.conf: 1,application.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/application.conf: 1,system properties,reference.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/jitsi-media-transform-1.0-301-g78ae20c.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/ice4j-3.0-57-gdec3a87.jar!/reference.conf: 1
jvb_1 | JVB 2022-08-07 12:02:01.430 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#51: loading config file at path /config/sip-communicator.properties
jvb_1 | JVB 2022-08-07 12:02:01.431 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#56: Error loading config file: java.io.FileNotFoundException: /config/sip-communicator.properties (No such file or directory)
jvb_1 | JVB 2022-08-07 12:02:01.439 INFO: [1] JitsiConfig.#68: Initialized legacyConfig: sip communicator props (no description provided)
jvb_1 | JVB 2022-08-07 12:02:01.440 INFO: [1] JitsiConfig$Companion.reloadNewConfig#94: Reloading the Typesafe config source (previously reloaded 0 times).
prosody_1 | c2s55d2e4c84c80 info Client connected
jvb_1 | JVB 2022-08-07 12:02:01.482 INFO: [1] MainKt.main#90: Starting jitsi-videobridge version 2.1.681-g3544ed05
jicofo_1 | Jicofo 2022-08-07 12:02:01.491 INFO: [1] BridgeSelector.#57: Using org.jitsi.jicofo.bridge.SingleBridgeSelectionStrategy
jicofo_1 | Jicofo 2022-08-07 12:02:01.505 INFO: [1] [type=bridge brewery=jvbbrewery] BaseBrewery.#100: Initialized with JID=jvbbrewery@internal-muc.meet.jitsi
jicofo_1 | Jicofo 2022-08-07 12:02:01.508 INFO: [1] JicofoServices.#121: No Jibri detector configured.
jicofo_1 | Jicofo 2022-08-07 12:02:01.509 INFO: [1] JicofoServices.#127: No SIP Jibri detector configured.
jicofo_1 | Jicofo 2022-08-07 12:02:01.520 INFO: [1] JicofoServices.#142: Starting HTTP server with config: host=null, port=8888, tlsPort=8843, isTls=false, keyStorePath=null, sendServerVersion=true.
jicofo_1 | Jicofo 2022-08-07 12:02:01.634 INFO: [1] org.eclipse.jetty.util.log.Log.initialized: Logging initialized @1462ms to org.eclipse.jetty.util.log.Slf4jLog
prosody_1 | c2s55d2e4c84c80 info Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
jicofo_1 | Jicofo 2022-08-07 12:02:01.693 INFO: [18] [xmpp_connection=client] XmppProviderImpl.doConnect#209: Connected, JID=null
jicofo_1 | Jicofo 2022-08-07 12:02:01.759 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.44.v20210927; built: 2021-09-27T23:02:44.612Z; git: 8da83308eeca865e495e53ef315a249d63ba9332; jvm 11.0.15+10-post-Debian-1deb11u1
prosody_1 | c2s55d2e4c84c80 info Authenticated as focus@auth.meet.jitsi
prosody_1 | auth.meet.jitsi:limits_exception info Setting stanza size limits for focus@auth.meet.jitsi to 10485760
jicofo_1 | Jicofo 2022-08-07 12:02:01.843 INFO: [18] AvModerationHandler.registrationChanged#120: Discovered av_moderation component at avmoderation.meet.jitsi.
jicofo_1 | Jicofo 2022-08-07 12:02:01.849 INFO: [18] ConferenceIqHandler.registrationChanged#183: Using breakout room component address: breakout.meet.jitsi
jicofo_1 | Jicofo 2022-08-07 12:02:01.940 INFO: [18] [type=bridge brewery=jvbbrewery] BaseBrewery.start#171: Joined the room.
jicofo_1 | Jicofo 2022-08-07 12:02:01.943 INFO: [18] [xmpp_connection=client] XmppProviderImpl.fireRegistrationStateChanged#314: Set replyTimeout=PT15S
jvb_1 | JVB 2022-08-07 12:02:02.021 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using AwsCandidateHarvester.
jvb_1 | JVB 2022-08-07 12:02:02.094 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.createStunHarvesters: Using 152.67.25.165:443/udp for StunMappingCandidateHarvester (localAddress=172.20.0.5:0/udp).
jvb_1 | JVB 2022-08-07 12:02:02.227 INFO: [14] org.ice4j.ice.harvest.StunMappingCandidateHarvester.discover: Discovered public address 119.82.111.234:53510/udp from STUN server 152.67.25.165:443/udp using local address org.ice4j.socket.IceUdpSocketWrapper@595f40bd
jicofo_1 | Jicofo 2022-08-07 12:02:02.233 WARNING: [1] org.glassfish.jersey.server.wadl.WadlFeature.configure: JAXBContext implementation could not be found. WADL feature is disabled.
jvb_1 | JVB 2022-08-07 12:02:02.251 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.maybeAdd: Discarding a mapping harvester: org.ice4j.ice.harvest.AwsCandidateHarvester@2828a532
jvb_1 | JVB 2022-08-07 12:02:02.251 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.StunMappingCandidateHarvester@38448356
jvb_1 | JVB 2022-08-07 12:02:02.252 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Initialized mapping harvesters (delay=747ms). stunDiscoveryFailed=false
jicofo_1 | Jicofo 2022-08-07 12:02:02.342 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored.
jvb_1 | JVB 2022-08-07 12:02:02.393 INFO: [20] [hostname=xmpp.meet.jitsi id=shard0] MucClient.initializeConnectAndJoin#281: Initializing a new MucClient for [ org.jitsi.xmpp.mucclient.MucClientConfiguration id=shard0 domain=auth.meet.jitsi hostname=xmpp.meet.jitsi port=5222 username=jvb mucs=[jvbbrewery@internal-muc.meet.jitsi] mucNickname=4a77830832a5 disableCertificateVerification=true]
jvb_1 | JVB 2022-08-07 12:02:02.426 WARNING: [20] MucClient.createXMPPTCPConnectionConfiguration#117: Disabling certificate verification!
jvb_1 | JVB 2022-08-07 12:02:02.443 INFO: [1] LastNReducer.#65: LastNReducer with reductionScale: 0.75 recoverScale: 1.25 impactTime: PT1M minLastN: 1 maxEnforcedLastN: 40
jvb_1 | JVB 2022-08-07 12:02:02.450 INFO: [1] TaskPools.#87: TaskPools detected 8 processors, creating the CPU pool with that many threads
jvb_1 | JVB 2022-08-07 12:02:02.454 INFO: [1] HealthChecker.start#118: Started with interval=60000, timeout=PT1M30S, maxDuration=PT3S, stickyFailures=false.
jvb_1 | JVB 2022-08-07 12:02:02.489 WARNING: [1] UlimitCheck.printUlimits#111: Running with open files limit 1048576 (hard 1048576), thread limit null (hard null). These values are too low and they will limit the number of participants that the bridge can serve simultaneously.
jvb_1 | JVB 2022-08-07 12:02:02.498 INFO: [1] VideobridgeExpireThread.start#88: Starting with 60 second interval.
jvb_1 | JVB 2022-08-07 12:02:02.556 INFO: [20] [hostname=xmpp.meet.jitsi id=shard0] MucClient.initializeConnectAndJoin#343: Dispatching a thread to connect and login.
prosody_1 | c2s55d2e4c3d8b0 info Client connected
jvb_1 | JVB 2022-08-07 12:02:02.567 INFO: [1] MainKt.main#121: Not starting CallstatsService, disabled in configuration.
jvb_1 | JVB 2022-08-07 12:02:02.575 INFO: [1] MainKt.main#130: Starting public http server
jvb_1 | JVB 2022-08-07 12:02:02.666 INFO: [1] ColibriWebSocketService.#40: Base URL: wss://localhost:8443/colibri-ws/172.20.0.5 Relay URL: wss://localhost:8443/colibri-relay-ws/172.20.0.5
jicofo_1 | Jicofo 2022-08-07 12:02:02.671 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@1b482cbf{/,null,AVAILABLE}
jicofo_1 | Jicofo 2022-08-07 12:02:02.690 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@7cb2651f{HTTP/1.1, (http/1.1)}{0.0.0.0:8888}
jicofo_1 | Jicofo 2022-08-07 12:02:02.692 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @2522ms
jvb_1 | JVB 2022-08-07 12:02:02.694 INFO: [1] org.eclipse.jetty.util.log.Log.initialized: Logging initialized @1713ms to org.eclipse.jetty.util.log.JavaUtilLog
prosody_1 | c2s55d2e4c3d8b0 info Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
jvb_1 | JVB 2022-08-07 12:02:02.741 INFO: [20] [hostname=xmpp.meet.jitsi id=shard0] MucClient$2.connected#314: Connected.
jvb_1 | JVB 2022-08-07 12:02:02.742 INFO: [20] [hostname=xmpp.meet.jitsi id=shard0] MucClient.lambda$getConnectAndLoginCallable$9#639: Logging in.
jvb_1 | JVB 2022-08-07 12:02:02.774 INFO: [1] ColibriWebSocketService.registerServlet#79: Registering servlet with baseUrl = wss://localhost:8443/colibri-ws/172.20.0.5, relayUrl = wss://localhost:8443/colibri-relay-ws/172.20.0.5
jvb_1 | JVB 2022-08-07 12:02:02.789 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.44.v20210927; built: 2021-09-27T23:02:44.612Z; git: 8da83308eeca865e495e53ef315a249d63ba9332; jvm 11.0.15+10-post-Debian-1deb11u1
prosody_1 | c2s55d2e4c3d8b0 info Authenticated as jvb@auth.meet.jitsi
prosody_1 | auth.meet.jitsi:limits_exception info Setting stanza size limits for jvb@auth.meet.jitsi to 10485760
jvb_1 | JVB 2022-08-07 12:02:02.837 INFO: [20] [hostname=xmpp.meet.jitsi id=shard0] MucClient$2.authenticated#320: Authenticated, b=false
jvb_1 | JVB 2022-08-07 12:02:02.861 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@7e053511{/,null,AVAILABLE}
jvb_1 | JVB 2022-08-07 12:02:02.880 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@2a551a63{HTTP/1.1, (http/1.1)}{0.0.0.0:9090}
jvb_1 | JVB 2022-08-07 12:02:02.881 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @1901ms
jvb_1 | JVB 2022-08-07 12:02:02.883 INFO: [1] MainKt.main#148: Starting private http server
jvb_1 | JVB 2022-08-07 12:02:02.918 INFO: [20] [hostname=xmpp.meet.jitsi id=shard0] MucClient$MucWrapper.join#763: Joined MUC: jvbbrewery@internal-muc.meet.jitsi
jvb_1 | JVB 2022-08-07 12:02:02.976 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.44.v20210927; built: 2021-09-27T23:02:44.612Z; git: 8da83308eeca865e495e53ef315a249d63ba9332; jvm 11.0.15+10-post-Debian-1deb11u1
jvb_1 | JVB 2022-08-07 12:02:03.271 WARNING: [1] org.glassfish.jersey.server.wadl.WadlFeature.configure: JAXBContext implementation could not be found. WADL feature is disabled.
jvb_1 | JVB 2022-08-07 12:02:03.377 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Health registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Health will be ignored.
jvb_1 | JVB 2022-08-07 12:02:03.377 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored.
jvb_1 | JVB 2022-08-07 12:02:03.705 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@12ad1b2a{/,null,AVAILABLE}
jvb_1 | JVB 2022-08-07 12:02:03.708 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@37d00a23{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
jvb_1 | JVB 2022-08-07 12:02:03.708 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @2729ms
jicofo_1 | Jicofo 2022-08-07 12:02:07.611 INFO: [31] [type=bridge brewery=jvbbrewery] BaseBrewery.addInstance#341: Added brewery instance: jvbbrewery@internal-muc.meet.jitsi/4a77830832a5
jicofo_1 | Jicofo 2022-08-07 12:02:07.632 WARNING: [31] Main$1.warn#154: Key ‘jicofo.bridge.average-participant-packet-rate-pps’ from source ‘typesafe config (reloaded 1 times)’ is deprecated: use jicofo.bridge.average-participant-stress
jicofo_1 | Jicofo 2022-08-07 12:02:07.635 INFO: [31] BridgeSelector.addJvbAddress#94: Added new videobridge: Bridge[jid=jvbbrewery@internal-muc.meet.jitsi/4a77830832a5, version=null, relayId=null, region=null, stress=0.00]
jicofo_1 | Jicofo 2022-08-07 12:02:07.639 INFO: [34] JvbDoctor.bridgeAdded#129: Scheduled health-check task for: Bridge[jid=jvbbrewery@internal-muc.meet.jitsi/4a77830832a5, version=2.1.681-g3544ed05, relayId=null, region=null, stress=0.00]
web_1 | 172.20.0.1 - - [07/Aug/2022:12:02:25 +0000] “GET /meet HTTP/1.1” 200 9570 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”
web_1 | 172.20.0.1 - - [07/Aug/2022:12:02:26 +0000] “GET /pwa-worker.js HTTP/1.1” 200 1511 “https://127.0.0.1:8081/meet” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”
web_1 | 172.20.0.1 - - [07/Aug/2022:12:02:27 +0000] “GET /meet HTTP/1.1” 200 9570 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”
web_1 | 172.20.0.1 - - [07/Aug/2022:12:02:27 +0000] “GET /pwa-worker.js HTTP/1.1” 200 1511 “https://127.0.0.1:8081/meet” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”
web_1 | 172.20.0.1 - - [07/Aug/2022:12:02:34 +0000] “GET /meet HTTP/1.1” 200 9570 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”
web_1 | 172.20.0.1 - - [07/Aug/2022:12:02:35 +0000] “GET /pwa-worker.js HTTP/1.1” 200 1511 “https://127.0.0.1:8081/meet” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”
prosody_1 | c2s55d2e4ce7840 info Client connected
prosody_1 | meet.jitsi:auth_token warn Error on GET request: Code 0, Content Cannot assign requested address
prosody_1 | general warn Error verifying token err:not-allowed, reason:could not obtain public key

this is the complete log I have

Prosody cannot create the request to execute… Never seen this and no idea what can be the reason. Reading about the error people suggest that this is linux issue with no more local ports to bind …